Oct 15, 2019

Stolen AWS Key to Blame for Imperva Breach

In August, Imperva, a security vendor that provides network security software and services admitted that the company’s cloud firewall product, Cloud Web Application Firewall (Cloud WAF), led to the compromise of customer data. In the results of the survey released recently, Imperva said that the data breach occurred because the AWS API key had been stolen. Read the rest of this post »

Published by Emerson L. Sullivan on October 15, 2019 9:11 am

Oct 12, 2019

Singaporean Unlawful Mining Indicted in the United States

Recently, a 29-year-old Singaporean hacker Matthew Ho was arrested for stealing mining resources from Amazon AWS and Google Cloud. He faces at least 34 years in prison on 14 counts of wire fraud, illegal access to equipment and identity theft. Read the rest of this post »

Published by Emerson L. Sullivan on October 12, 2019 2:59 am and last modified on October 12, 2019 3:00 am.

Oct 10, 2019

Up to 1 million New Zealand patients’ data breached in criminal cyber hack

New Zealand’s primary health organization Tū Ora Compass Health official website was attacked by hackers in August this year. The later investigation revealed that the hacker had invaded the websites dating back to 2016, and there may be 1 million users’ data has been leak. Read the rest of this post »

Published by Emerson L. Sullivan on October 10, 2019 6:42 am

Oct 8, 2019

Masad Stealer Malware Exfiltrates Crypto Wallets

Beginning on September 24th, Bitcoin collapsed for a full week and prices continued to fluctuate around $8,000. Bitcoin buyers have now received warnings that their cryptocurrency investments face another threat. Uniper Threat Labs security researchers say the spyware provided by the Trojan uses the encrypted Telegram messaging platform to reveal cryptocurrency data. Read the rest of this post »

Published by Emerson L. Sullivan on October 8, 2019 2:39 am and last modified on October 8, 2019 2:39 am.

Oct 5, 2019

Nemty Ransomware Is Re-active

At the end of August, Nemty Ransomware was actively, spreading via compromised RDP connections. The ransomware virus has been traded through the dark network, and the ransomware mode of “blocking the road, robbing and sitting on the ground” has forced the user to accumulate wealth.
Now, 1.5 version of the Nemty ransomware virus has hit again, raging the network. Read the rest of this post »

Published by Emerson L. Sullivan on October 5, 2019 11:27 am and last modified on September 30, 2019 11:56 am.

Oct 2, 2019

Microsoft Disclosed New Nodersok malware has infected thousands of PCs

Since the Astaroth fileless attack was released in July this year, Microsoft has once again revealed a new wave of Nodersok file-free attacks recently. The hackers also use legitimate tools to launch attacks in order to convert infected systems into proxies and perform click-fraud. It is estimated that thousands of Windows computers have been wrapped up.

Nodersok attacks do not infect any files on the device, and do not leave traces on the hard disk. It is only a series of infections are launched through legitimate tools.

The Nodersok attack begins with the user downloading and executing an HTML program (HTA) by clicking or browsing a malicious advertisement, while the JavaScript code hidden in the HTA file downloads another JavaScript file from the C&C server. Next, it downloads an encrypted MP4 file that contains the PowerShell command. After decrypting, it uses the PowerShell command to download the module and other modules that can disable Windows Defender Antivirus. The last thing left is to turn the victim computer into a proxy and JavaScript module based on the Node.JS framework.

Microsoft said that Nodersok, like Astaroth, performs every step of the infection chain only on legitimate tools, whether it’s the built-in mshta.exe and powershell.exe, or node.exe and Windivert.dll/sys downloaded from a third-party website. The functionalities that come with these scripts or Shellcodes appear encrypted form. They then are decrypted, and executed only in memory. No malicious code is written to the hard disk.

If you remove the legitimate tools that Nodersok uses, the left malicious files are the original HTA file, the final JavaScript module, and a large number of encrypted files.

Microsoft discovered the Nodersok attack in mid-July this year and launched an investigation because it detected an abnormality in the use of mshta.exe. Now Nodersok’s main goal is to target the average consumer in the US and Europe.

Published by Emerson L. Sullivan on October 2, 2019 7:08 am and last modified on September 30, 2019 8:08 am.

Sep 27, 2019

Hackers Use CAPTCHA to Launch Phishing Campaign

The Captcha verification code mechanism (a method for identifying real humans or network robots by identifying the letters in the picture) is familiar for most Internet users. However, this mechanism is no longer safe. Security researchers have found that hackers are using it to take victims to phishing pages. According to researchers, the phishing campaign uses captcha boxes to hide a fake Microsoft account login page from secure email gateways (SEGs) into order to trick victims into providing sensitive information. Read the rest of this post »

Published by Emerson L. Sullivan on September 27, 2019 2:29 am

Sep 23, 2019

Exposed Files Leak Details on SORM in Russia

Security vendor UpGuard announced a data breach this week, saying its researchers found 1.7TB of data on a public rsync server, and the data content revolves around Russia’s network monitoring system SORM. Read the rest of this post »

Published by Emerson L. Sullivan on September 23, 2019 2:19 am

Sep 20, 2019

Tortoiseshell Group Target Saudi IT Firms in First Stage of Supply Chain Attacks

On September 18, Symantec, a network security company, said that since July 2018, the gang of Tortoiseshell hackers has attacked at least 11 organizations, most of which are located in Saudi Arabia. The hacker group mainly targets Saudi IT vendors and collects data including IP addresses, the operating system version, computer name, and network connections on its network. Researchers say they don’t have enough information to attribute this behavior to a known organization or government. However, CrowdStrike’s vice president of intelligence said that the hackers described by Symantec seem to be supporting the Islamic Revolutionary Guard Corps. Read the rest of this post »

Published by Emerson L. Sullivan on September 20, 2019 2:21 am

Sep 18, 2019

Hacker Exposes Data of 24 Million Lumin PDF Users

On September 16, ZDNet reported that more than 24.38 million Lumin PDF users were disclosed on the Hacking Forum. Lumin PDF is a little-known cloud-based service that allows users to view, edit, and share PDF files through web-based dashboards, browser extensions, or corporate mobile applications. Read the rest of this post »

Published by Emerson L. Sullivan on September 18, 2019 8:29 am and last modified on September 18, 2019 8:30 am.

Problems with your PC, Mac or mobile device?

Live Chat Now

Thanks for using YooCare Services!

Here're some of the support team members who are passionate about their works and support our customers 24/7.

As Seen On