Industrial Cyber Attacks - Attacks against industries, production infrastructure and OT
3 major industrial companies have been attacked by maze ransomware, data leaked to Dark Web:
Non-Industrial Cyber Attacks - Covering notable, interesting attacks worldwide
According to a new ESET report, Evilnum APT aims to harvest financial information from fintech companies, mainly British and European. The group has been operating for at least 2 years.
A new release of the Lampion trojan banker, hitting mostly Portugal and Brazil, contains improvement in the VBS file that when executed serves as a downloader for the infection chain.
Citrix issued patches for 11 security flaws affecting Citrix Application Delivery Controller (ADC), Gateway, and WANOP networking products. Successful exploitation of these flaws allows attackers to perform code injection, information disclosure, and DoS attacks against the GW or the authentication virtual servers.
Attackers are actively trying to exploit CVE-2020-5902, a critical vulnerability affecting F5 Networks' BIG-IP multi-purpose networking devices to install coin-miners, IoT malware, or to scrape administrator credentials from the hacked devices. Shodan shows around 8,500 vulnerable F5 BIG-IP web interface devices available on the internet, nearly 40% of which are in the U.S. These exposed devices are considered to be high risk.
Advanced Reading Suggestions of the Week
Exploit Kits are not as prevalent as they were a few years ago but they are still part of the threat landscape. The Purple Fox downloader malware was first reported by Trend Micro in September 2019. This malware abuses PowerShell and is capable of file-less infection. The malware originally was delivered by the “Rig exploit kit”. But now, by building their own exploit kit for distribution, the authors of the Purple Fox malware are able to save money and enable greater control over what the exploit kit actually loads.
In the new version of Purple Fox, the authors added attacks against both CVE-2020-0674 and CVE-2019-1458, two vulnerabilities that came out at the end of 2019 and early 2020. This tells us that the authors of Purple Fox are staying up to date on viable exploitable vulnerabilities and updating when they become available. It’s reasonable to expect that they will continue to update as new vulnerabilities are discovered.
Threat Intelligence Researcher
For more information contact us at [email protected].