Addressing Ransomware in Hospitals & Medical Devices

Credit to Author: Ericka Pingol| Date: Wed, 26 Oct 2022 00:00:00 +0000

Ransomware attacks have been on the rise in recent years, and hospitals are increasingly becoming targets. In many cases, these attacks can have devastating consequences, disrupting vital services and putting patients’ lives at risk.

Read more

Threat Actors Target AWS EC2 Workloads to Steal Credentials

Credit to Author: Nitesh Surana| Date: Wed, 26 Oct 2022 00:00:00 +0000

We found malicious samples attempting to steal Amazon Elastic Compute Cloud (EC2) Workloads’ access keys and tokens via typosquatting and the abuse of legitimate tools.

Read more

Uncovering Security Blind Spots in CNC Machines

Credit to Author: Marco Balduzzi| Date: Mon, 24 Oct 2022 00:00:00 +0000

Industry 4.0 has given rise to smart factories that have markedly improved machining processes, but it has also opened the doors for cybercriminals looking to abuse networked industrial equipment such as CNC machines. Our research investigates potential cyberthreats to CNC machines and how manufacturers can mitigate the associated risks.

Read more

TeamTNT Returns – or Does It?

Credit to Author: Sunil Bharti| Date: Wed, 19 Oct 2022 00:00:00 +0000

Our honeypots caught malicious cryptocurrency miner samples targeting the cloud and containers, and its routines are reminiscent of the routines employed by cybercriminal group TeamTNT, which was said to have quit in November 2021. Our investigation shows that another threat actor group, WatchDog, might be mimicking TeamTNT’s arsenal.

Read more

Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike

Credit to Author: Ian Kenefick| Date: Wed, 12 Oct 2022 00:00:00 +0000

We analyzed a QAKBOT-related case leading to a Brute Ratel C4 and Cobalt Strike payload that can be attributed to the threat actors behind the Black Basta ransomware.

Read more

How Water Labbu Exploits Electron-Based Applications

Credit to Author: Joseph C Chen| Date: Wed, 05 Oct 2022 00:00:00 +0000

In the second part of our Water Labbu blog series, we explore how the threat actor exploits Electron-based applications using Cobalt Strike to deploy backdoors.

Read more

Tracking Earth Aughisky’s Malware and Changes

Credit to Author: CH Lei| Date: Tue, 04 Oct 2022 00:00:00 +0000

For over 10 years, security researchers have been observing and keeping tabs of APT group Earth Aughisky’s malware families and the connections, including previously documented malware that have yet to be attributed.

Read more

Water Labbu Abuses Malicious DApps to Steal Cryptocurrency

Credit to Author: Joseph C Chen| Date: Mon, 03 Oct 2022 00:00:00 +0000

The parasitic Water Labbu capitalizes on the social engineering schemes of other scammers, injecting malicious JavaScript code into their malicious decentralized application websites to steal cryptocurrency.

Read more

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

Credit to Author: Sunil Bharti| Date: Wed, 21 Sep 2022 00:00:00 +0000

Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining.

Read more

Security Breaks: TeamTNT’s DockerHub Credentials Leak

Credit to Author: Nitesh Surana| Date: Mon, 12 Sep 2022 00:00:00 +0000

One of our honeypots based on exposed Docker REST APIs showed cybercriminal group TeamTNT’s potential attack scenario and leak of container registry credentials for docker-abuse malware. The full version of this research will be presented at the c0c0n XV Hacking and Cyber Security Conference in September 2022.

Read more