Adobe Systems today issued an emergency security update for Flash Player following the discovery of a critical vulnerability that attackers were actively exploiting in a Nov. 29 phishing operation targeting a Russian state health care institution. The zero-day arbitrary code execution exploit was specifically employed against Moscow-based “Polyclinic No. 2” of the Administrative Directorate of…
The cybercriminal threat group TA505 is a key suspect in an ongoing phishing campaign that’s been attempting to infect victims with the FlawedAmmyy and Remote Manipulator (RMS) remote access trojans. Dubbed Pied Piper, the campaign was observed targeting a supplier to several well-known food chains, including Godiva Chocolates, Yogurtland and Pinkberry, according to a Nov. 29 blog…
The Justice Department has indicted two Iranian men behind the SamSam ransomware attacks – that infected the cities of Atlanta, San Diego and Newark, N.J. – as well as two others who converted the ransom into Iranian riyals. Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, “extorted victims by leaving a ransom note in the…
A new cyber espionage campaign from the Russian APT group Fancy Bear has added some firepower in the form of a new malicious first-stage downloader tool called Cannon. Cannon diverges from Fancy Bear’s (aka Sofacy, APT28) usual downloader trojan, Zebrocy, in that it leverages email protocols for C2 communication as opposed to HTTP or HTTPS.…
Recently detected spear phishing activity suggests that the Russian APT group Cozy Bear may have emerged from its hibernation and become officially operative once more. Last last week, respected cybersecurity firms CrowdStrike and FireEye both issued warnings referencing a widespread phishing campaign targeting multiple industry sectors, while implementing the tactics, techniques and procedures of Cozy…
A recent survey of just over 1,000 small- and medium-sized businesses found that 58 percent of respondents experienced a data breach in the previous 12 months, according to a new SMB cybersecurity research report from Keeper Security and the Ponemon Institute. An even larger number, 67 percent, said they experienced at least one form of cyberattack,…
Kaspersky Labs researchers have noticed a recent switch in tactics by malicious actor’s intent on conducting blackmail operations. The primary scare tactic in these phishing operations is to tell the recipient the extortionist has embarrassing or damaging evidence against the target with a demand to pay a set amount in order for the malicious actor…
A spyware program fraudulently disguised as a Spanish-language banking app was found last month collecting users’ device data and messages, which were later leveraged in smishing schemes. Advertised as “Movil Secure,” the fake app pretends to be associated with multinational Spanish banking group Banco Bilbao Vizcaya Argentaria (BBVA). Published on Oct. 19, the app was discovered by Trend…
The 2018 Brazilian general election provided the perfect backdrop for cybercriminals to create a phishing campaign designed to infect citizens of the South American country with the Astaroth WMIC Trojan. In the days leading up to the Oct. 7 vote, the malicious campaign used subject lines suggesting that then-presidential candidate Jair Bolsonaro, was embroiled in a scandal,…
A newly discovered spam campaign powered by version two of the well-known Cutwail botnet has been found targeting Japanese users in an attempt to infect them with the URLZone (aka Bebloh) banking trojan. In a company blog post yesterday, Crowdstrike researchers Sebastian Eschweiler, Brett Stone-Gross and Bex Hartley note that the operation leverages the art of…
