


Tarik Saleh
Senior Security Engineer and Malware Researcherfeature_status*/ ?>
DomainTools
Comments Dotted :
19
October 01, 2020
People whose data was stolen should now be careful about what they receive via mail.
We should expect more brands to get in touch with their customers notifying them about their data being compromised in the recent Shopify breach. Caused by two rogue employees, there was little that Shopify could have done to prevent this, other than perhaps vetting their new hires a little more thoroughly. Even so, however, the risk of something like this happening would not have been reduced down to zero.
Kylie Jenner’s cosmetics company followed due process in informing its customers of.....Read More

September 24, 2020
It is better to accidentally terminate a legitimate session than to allow an insider attack to continue undisturbed.
Cybersecurity awareness is effective against human error, but can do nothing about this type of intentional human compromises. Vetting employees before granting them access to sensitive servers is one option, although it will never reduce the risk down to zero. Another is ensuring access to documents and sensitive data is restricted and only granted on a 'need to know' basis. Security efforts in this type of scenario need to be reactive: teams need to have the right systems in place to detect.....Read More

September 10, 2020
it would be a good idea for all the organisations involved to refresh their staff's cyber awareness training ahead of the next few months.
As we approach November, it is very likely that we will see an uptick in foreign state-sponsored attempts to sway the democratic process. The fact that there was an attempt to compromise SKDK's network but that the cyber defences in place were sufficient to spot and block the attack is certainly a good sign. We must also remember, however, that very often all it takes for an incident to happen is an employee to click on the wrong link - it would be a good idea for all the organisations involved .....Read More

September 08, 2020
BancoEstado should also be preparing for double-extortion ransomware.
It is easy to feel disheartened by the number of times we still see attacks take place because of a phishing email. The sad reality is that cybersecurity awareness training – while dramatically improving employees’ ability to spot a malicious message – doesn’t offer complete protection: there is always a chance that a particularly well crafted scam will get through email filters and will trick even the more savvy of users.
In these circumstances, BancoEstado’s Incident Response.....Read More

August 28, 2020
if something seems too good to be true, it probably is: Users should take notice of the applications listed as malicious
This discovery of 40 applications in Android which aim to distribute malware are simply the next in a long line of mobile applications being used to distribute malware of all kinds. It was recently discovered that at the height of the pandemic a Covid19 tracker app was hiding ransomware within, luring in unassuming bystanders hoping to keep track of the spread of Covid19. This use of ‘free trainers’ as a lure is another example of how cybercriminals attempt to gain access to an.....Read More

July 27, 2020
It is essential for companies to design their environment with least privilege in mind.
This breach demonstrates the importance of vetting third parties and implementing security best practices across the entire supply chain. This is not the first time nor will it be the last that cybercriminals circumvent an organisation’s security measures by individuating the weakest link and exploiting it as an entry point. It is essential for companies to design their environment with least privilege in mind and to review the access permissions they grant on a regular basis.
Dave users.....Read More

July 22, 2020
The infection that this phish brought can now spread from PC to other networked devices.
The majority of spam emails, and clearly the one on which a Telecom employee, unfortunately, click on, have the goal of getting the victim to infect their own computer with malware. “Soft targeted” email is often the vessel for malicious attachments—for instance, an email may be sent to an HR employee with a .pdf of a job seeker’s resume. In actuality, the resume is an attachment that contains embedded ransomware or malware. In these instances, the infection that this phish brought can.....Read More

July 20, 2020
This ransomware attack to Orange is just the latest of a long line of attacks to show how profitable these operations are for cybercriminals.
Certainly, concerning the size of the database exposed, this ransomware attack to Orange is just the latest of a long line of attacks that go to show how profitable these operations are for cybercriminals. By selling stolen personal information, attackers can maximise their profits in case victims were to have secure backups and choose not to pay the ransom. It is an unfortunate trend that effectively doubled up ransomware attacks as data breaches, of which customers and affected parties should .....Read More

July 17, 2020
It is extremely unlikely that these hijacked Twitter accounts were only used, in a small window of time, to spread a cryptocurrency scam.
In post-exploitation scenarios, we can understand what the attackers' motives are. In this case, these attackers are an outwardly financially motivated group leveraging some of the most popular Twitter accounts in a simple cryptocurrency scam. It is extremely unlikely that these hijacked Twitter accounts were only used, in a small window of time, to spread a cryptocurrency scam. We can, and should, expect this attack group to take full advantage of their admin-level access to Twitter's platform .....Read More

July 02, 2020
It is modular and constantly being updated and has been tied in the past to the Ryuk ransomware and being used to drop other tools.
TrickBot is a financial trojan that typically gets dropped by a maldoc spam campaign. It harvests credentials through the Mimikatz tool, using the man-in-the-browser technique and what not. It is modular and constantly being updated and has been tied in the past to the Ryuk ransomware and being used to drop other tools. Their usual move of sending spam mailers tied to current events and try to get people to open documents and enable macros that then drop the next payload. This latest.....Read More
