Cybersecurity Alerts, News, and Tips



Is the Abaddon RAT the first malware using Discord as C&C?

Abaddon is the first RAT that uses the freeware instant messaging and VoIP app and digital distribution platform Discord as a command & control server. Researchers from MalwareHunterTeam have spotted a new piece of remote access trojan (RAT) dubbed ‘Abaddon’ that is likely the first malware using the Discord platform as command and control. The […]
The post Is the Abaddon RAT the first malware using Discord as C&C? appeared first on Security Affairs.


HPE addresses critical auth bypass issue in SSMC console

HPE fixed a remote authentication bypass vulnerability in HPE StoreServ Management Console (SSMC) data center storage management solution. Hewlett Packard Enterprise (HPE) has addressed a maximum severity (rated 10/10) remote authentication bypass vulnerability, tracked as CVE-2020-7197, affecting the HPE StoreServ Management Console (SSMC) data center storage management solution. HPE SSMC is a management and reporting console for HPE Primera (data storage for […]
The post HPE addresses critical auth bypass issue in SSMC console appeared first on Security Affairs.


New Emotet attacks use a new template urging recipients to upgrade Microsoft Word

Emotet operators have started using a new template this week that pretends to be a Microsoft Office message urging a Microsoft Word update. Researchers this week observed Emotet attacks employing a new template that pretends to be a Microsoft Office message urging the recipient to update their Microsoft Word to add a new feature. Emotet […]
The post New Emotet attacks use a new template urging recipients to upgrade Microsoft Word appeared first on Security Affairs.


Microsoft Teams phishing campaign targeted up to 50,000 Office 365 users

Experts warn of a phishing campaign that already targeted up to 50,000 Office 365 users with a fake automated message from Microsoft Teams. Secruity researchers reported that up to 50,000 Office 365 users have been targeted by a phishing campaign that pretends to be automated message from Microsoft Teams. The bait message uses fake notifications […]
The post Microsoft Teams phishing campaign targeted up to 50,000 Office 365 users appeared first on Security Affairs.


Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

The systems at the US-based ski and golf resort operator were infected with the WastedLocker ransomware, the incident impacted reservation systems. Boyne Resorts is a collection of mountain and lakeside resorts, ski areas, and attractions spanning from British Columbia to Maine.  The company owns and operates eleven properties and an outdoor lifestyle equipment/apparel retail division […]
The post Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware appeared first on Security Affairs.


US Treasury imposes sanctions on a Russian research institute behind Triton malware

US Treasury Department announced sanctions against Russia’s Central Scientific Research Institute of Chemistry and Mechanics behind Triton malware. The US Treasury Department announced sanctions against a Russian research institute for its alleged role in the development of the Triton malware. “Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated, pursuant to […]
The post US Treasury imposes sanctions on a Russian research institute behind Triton malware appeared first on Security Affairs.


Members of the Cybercrime Group Responsible for NotPetya Indicted by U.S. Government

Six members of the Russian hacker group known as Sandworm who have carried out some of the most well-known cyberattacks in the last 6 years appear to have been brought to justice.
The group responsible for blacking out a quarter-million Ukrainians, a blackout of the Ukraine capital Kyiv, an attack on the IT infrastructure running the 2018 Winter Olympics, and most notably, the release of the NotPetya worm in 2017 have been indicted on charges resulting in the damage and disruption to computer networks worldwide.
According to the U.S. Department of Justice press release, the group are responsible for such malware as KillDisk, Industroyer, Olympic Destroyer and NotPetya.

The six members of the group are believed to be officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), tying these attacks to the Russian government. With losses estimated at well over $10 billion in damage to companies including Merck, FedEx, Maersk, and Mondelez (who have attempted to recoup monies lost in court), the financial impact of these attacks are still being felt today.
This latest development is a reminder that a single click of a malicious email can result in a complete loss of operations, data, and finances. It’s imperative that organizations educate their employees to be vigilant against phishing attacks and social engineering tactics used on the web via Security Awareness Training.
While one group is out of commission, the bad guys are a bit like the evil group Hydra in the Marvel Cinematic Universe – cut off one head and two shall take it’s place. Take action to protect your organization before the next big cyberattack hits.


REvil Ransomware Gang Flexes Its Hiring Muscle With a $1 Million Deposit on a Hacking Hiring Website

Nothing says ransomware is a profitable business than throwing down a million dollars in an attempt to attract and hire the most talented hackers on the planet.
Just when you think you’ve seen everything, something like this shows up. A recent post on a Russian hacker forum from the group behind REvil ransomware sought out candidates who have experience with penetration testing, citing skills using the Metasploit Framework (MSF), Cobalt Strike, and Koadic open-source pen testing tool and windows rootkit.
The 99 bitcoins posted to the forum, valued at over $1 million, is a brilliant tactic that somewhat flaunts the successes the REvil gang have ad, and their ability to gainfully employ candidates.
It’s a pretty dangerous prospect when the bad guys have so much money they can afford to hire the most talented hackers today, rivaling even the largest global enterprises today.
Ransomware has already been on the rise this year and from the looks of the latest post from REvil and the assumed draw such a post and garner, the future of ransomware is going to be much worse for organizations.
Despite the assumed improvements REvil (and gangs like them) will have over the coming months, they still need one of your users to engage with an email, a website – something – to start the process of infecting one of your endpoints. Putting users through Security Awareness Training is an impactful way to minimize the likelihood a user will fall for phishing attacks and social engineering scams.
Ransomware has been evolving into full-blown data breach attacks, and looks to be moving even more in that direction. The time to prepare is now.