Category: South America

Equifax Megabreach Update: How, who, and more

Last week, we reported that the major credit reporting company Equifax announced a massive data breach affecting up to 143 million US customers last week on 7 September, but the developing story over the course of the week has gone from bad to worse. How the Breach Occurred After days of speculation, on 13 September, […]

Global Weekly Executive Summary, 01 SEPT 2017

Turla Group, the Gazer Backdoor, and WhiteBear Activity This week, two security researchers published reports relating to well-known cyberespionage APT group,Turla. Security researchers from ESET, an IT security company based in Slovakia, wrote about a previously undocumented backdoor called Gazer which appears to be the latest tool used in an ongoing cyberespionage campaign targeting embassies […]

NotPetya Ransomware Disrupts Merck Vaccine Production

Merck, a global leader in drug and vaccine production, may be unable to produce hepatitis B vaccines until 2018 because of worldwide production disruptions resulting from the NotPetya ransomware attacks in June. In late June 2017, Merck, one of the “big four” of the world’s leading vaccine producers, reported that its computer systems were affected […]

Petya Group Bitcoins on the Move, New Message Posted

Petya Group Bitcoins on the Move, New Message Posted The hacking group behind Petya/NotPetya/ExPetr withdrew all bitcoins from the bitcoin wallet associated with the ransomware on Tuesday, July 4th, moving the money to a new bitcoin wallet. The already confusing story of the Petya attacks gets even stranger.  Security researcher Kevin Beaumont, aka @GossiTheDog, reported via […]

Global Weekly Executive Summary June 2, 2017

WannaCry Attribution Security researchers around the world have identified clues linking the global WannaCry cyberattacks to Lazarus Group, a prolific hacking group with suspected ties to North Korea, but is the WannaCry ransomware the work of a nation-state or does it just feel that way? Security researchers studying early versions of WannaCry, including those working […]

Hajime vs. Mirai, A Botnet Battle?

The Hajime worm spreading through unsecured IoT devices seems to be purposely making them more secure. Hajime vs Mirai Last October, the Mirai botnet launched the largest ever distributed denial of service (DDoS) attacks against DNS provider Dyn, causing websites like Amazon, Twitter, and PayPal to be inaccessible for several hours across the US and […]

1.5 million WordPress Sites Defaced

A security flaw has led to the defacement of more than 1.5 million WordPress sites within the last ten days. WordPress update 4.7.2, released on January 26, quietly included a security fix for a vulnerability that allowed attackers to bypass authentication and alter content on WordPress sites running versions 4.7.0 or 4.7.1. WordPress delayed the […]

Ghost Push Malware Still Taking a Toll on Android Devices Through Malicious Links

Source: https://threatpost.com/ghost-push-trojan-flourishing-via-malicious-links/121310/, http://www.cmcm.com/blog/en/security/2016-10-14/1031.html(Threatpost, CheetahMobile) Cheetah Mobile a company that strives to provide faster, simpler and safer mobile internet experience for users worldwide, is saying that Ghost Push malware family is still taking a toll on Android devices even after it’s nearly two-year debut. According to researchers at CM lab, the majority of Trojan infections today come from […]

Banking Trojan BlackMoon Steals Credentials From Over 100,000 South Koreans

Source: http://news.softpedia.com/news/blackmoon-banking-trojan-infected-over-160-000-south-koreans-506512.shtml, https://www.proofpoint.com/us/threat-insight/post/Updated-Blackmoon-Banking-Trojan BlackMoon is a banking trojan that has already infected 110,130 victims worldwide and 108,850 in South Korea.  According to Fortinet, between May 10, 2016 and July 19, 2016 the criminals were able to gain an additional 62,659 new victims(61,255 of them being from South Korea).  It was first discovered in 2014, and uses […]

ISIS Hackers Pose a Growing Threat

Source: https://threatpost.com/unskilled-pro-isis-hackers-a-growing-threat/117726/ Extra Readings: https://www.flashpoint-intel.com/home/assets/Media/Flashpoint_HackingForISIS_April2016.pdf Hackers sympathetic to ISIS pose a growing risk to the global community. They are using public lists found on the internet and publicizing them as kill lists. This very situation happened with Minnesota law enforcement, where their names, addresses, and phone numbers were published. They are not a sophisticated group of attackers, but […]