2020, Information Security and Security Intelligence

Coronavirus-themed attacks May 17 ? May 23, 2020

Security Affairs

MAY 24, 2020

This post includes the details of the Coronavirus-themed attacks launched from May 17 to May 23, 2020. Experts from the Microsoft Security Intelligence team provided some details on a new “massive campaign” using COVID-19 themed emails. Below a list of attacks detected this week. Pierluigi Paganini.

Advertising

Advertising Security Intelligence Hacking Information Security

Security intelligence fosters vulnerability management based on prioritized risk

SC Magazine

APRIL 12, 2021

Analysis of the NIST National Vulnerability Database shows that security teams were under siege in 2020 defending against an unprecedented number of flaws. But we’re not here to harp on the problem – we want to propose a solution: Using security intelligence to enable risk-prioritized vulnerability management.

Security Intelligence

Security Intelligence Risk Media Engineering

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. — Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020. We strongly recommend customers to immediately apply security updates for CVE-2020-1472.

Security Intelligence

Security Intelligence Authentication Advertising Passwords

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

We’re seeing more activity leveraging the CVE-2020-1472 exploit (ZeroLogon). — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. states Microsoft. We strongly recommend patching. Pierluigi Paganini.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

North Korea-linked APT Emerald Sleet is using a new tactic

Security Affairs

FEBRUARY 12, 2025

The group works under the control of the Reconnaissance General Bureau (RGB) foreign intelligence service. At the end of October 2020, the US-CERT published a report on Kimuskys recent activities that provided information on their TTPs and infrastructure. LNK shortcut files, disguised as Office documents.

Phishing

Phishing Malware Security Intelligence Hacking

Microsoft warns about ongoing PonyFinal ransomware attacks

Security Affairs

MAY 27, 2020

pic.twitter.com/Q3BMs7fSvx — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020. Learn how to build organizational security hygiene to prevent human-operated attacks: [link] — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020.

Ransomware

Ransomware Security Intelligence Encryption Advertising

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Daniel Miessler

NOVEMBER 6, 2020

I think there are four main trends that will play out in the field of information security in the next 20 years. The best example of the need for this is national level security intelligence, reconnaisance, and vulnerability assessment. Here’s my talk on this topic at DEFCON in 2020.

InfoSec

InfoSec Insurance Artificial Intelligence Cybersecurity

Finnish intelligence warns of Russia’s cyberespionage activities

Security Affairs

OCTOBER 3, 2022

The Finnish Security Intelligence Service ( SUPO ) warns Russia will highly likely intensify its cyber activity over the winter. The Finnish Security Intelligence Service ( Suojelupoliisi or SUPO ) warn of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter.

Security Intelligence

Security Intelligence Manufacturing Cyber threats Accountability

Iran-linked APT is exploiting the Zerologon flaw in attacks

Security Affairs

OCTOBER 6, 2020

The Zerologon vulnerability, tracked as CVE-2020-1472 , is an elevation of privilege that resides in the Netlogon. Administrators of enterprise Windows Servers have to install the August 2020 Patch Tuesday to mitigate “unacceptable risk” posed by the flaw to federal networks. We strongly recommend patching.

Authentication

Authentication Advertising Architecture Cyber Attacks

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Security Affairs

MAY 4, 2020

pic.twitter.com/EbI8kxICQG — Microsoft Security Intelligence (@MsftSecIntel) May 4, 2020. The attachment is a ZIP archive containing the familiar ISO file carrying a malicious SCR file with misleading icon pic.twitter.com/o1FbMUbTBs — Microsoft Security Intelligence (@MsftSecIntel) May 4, 2020.

Small Business

Small Business Malware Manufacturing Security Intelligence

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. pic.twitter.com/1qnx3NmwiB — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. In contrast, past Dudear email campaigns carried the malware as attachment or used malicious URLs.

Malware

Malware Security Intelligence Banking Phishing

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. pic.twitter.com/mGow2sJupN — Microsoft Security Intelligence (@MsftSecIntel) May 19, 2021. STRRAT RAT was first spotted in June 2020 by G DATA who documented its features.

Ransomware

Ransomware Malware Encryption Security Intelligence

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

Security Affairs

FEBRUARY 8, 2025

Researchers from AhnLab Security Intelligence Center (ASEC) observed North Korea’s Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware. The group works under the control of the Reconnaissance General Bureau (RGB) foreign intelligence service.

Malware

Malware Phishing Security Intelligence Hacking

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

The alert published by CISA was based on data provided by the Multi-State Information Sharing & Analysis Center (MS-ISAC) and the CISA itself since July 2020. pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020. ” reads that alert published by CISA.

Government

Government Banking Advertising Malware

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020. ” #Emotet AAR for 2020/09/22: Well yesterday was kinda nuts with nearly 400 malspams received with the majority being attachment on 60/40 basis. Heaviest I can remember in some time. Shared templates in paste.

Malware

Malware Passwords Advertising Ransomware

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

New blog: The threat actor BISMUTH, which has been running increasingly complex targeted attacks, deployed coin miners in campaigns from July to August 2020. Learn how the group tried to stay under the radar using threats perceived to be less alarming: [link] — Microsoft Security Intelligence (@MsftSecIntel) November 30, 2020.

Cryptocurrency

Cryptocurrency Antivirus Manufacturing Government

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Security Affairs

MAY 15, 2022

Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. — Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022.

Security Intelligence

Security Intelligence Malware Backups Architecture

RevengeRAT and AysncRAT target aerospace and travel sectors

SC Magazine

MAY 14, 2021

American Airlines flight 718, a Boeing 737 Max, is seen parked at its gate at Miami International Airport as passengers board for a flight to New York on December 29, 2020 in Miami, Florida. A campaign of remote access trojans is targeting the aerospace and travel industries. Photo by Joe Raedle/Getty Images). They change and are tailored.

Phishing

Phishing Scams Security Awareness Security Intelligence

Cloud-based security: SECaaS

eSecurity Planet

DECEMBER 30, 2020

To ease these burdens, SECaaS and SOCaaS vendors have emerged as cloud-based security as a service that can collect, analyze, and correlate your information from diverse systems and applications — turning former headaches into actionable information security intelligence. Security as a Service (SECaaS) .

Penetration Testing

Penetration Testing Cybersecurity Antivirus Network Security

Corona Mirai botnet spreads via AVTECH CCTV zero-day

Security Affairs

AUGUST 29, 2024

Akamai’s Security Intelligence and Response Team (SIRT) has detected a botnet campaign exploiting multiple previously known vulnerabilities and a newly discovered zero-day, tracked as CVE-2024-7029 (CVSS score: 8.7), in AVTECH CCTV cameras. . ” continues the report.

Firmware

Firmware Malware Security Intelligence Authentication

Akamai dealt with an 800Gbps ransom DDoS against a gambling company

Security Affairs

APRIL 1, 2021

“The most recent extortion attack — peaking at more than 800 Gbps and targeting a European gambling company — was the biggest and most complex we’ve seen since the widespread return of extortion attacks that kicked off in mid-August 2020. reads the analysis published by Akamai. ” Likely DDoS extortion attacks. .

DDOS

DDOS Security Intelligence Hacking Cybersecurity

Iran-linked APT groups continue to evolve

Security Affairs

NOVEMBER 17, 2021

Over the past year, Microsoft Threat Intelligence Center (MSTIC) has observed an evolution of the tools, techniques, and procedures employed by Iranian nation-state actors. Learn more from this blog summarizing these trends, as presented at #CyberWarCon : [link] — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2021.

VPN

VPN Accountability Social Engineering Media

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Security Affairs

OCTOBER 30, 2020

Organizations and security incidents in Kubernetes environments, these are 5 key components of the control plane that demand special attention. Organizations are no strangers to security incidents in their Kubernetes environments. For information on how to secure that part of a Kubernetes cluster, click here.

Advertising

Advertising Internet Internet VPN

Iran-linked Phosphorous APT hacked emails of security conference attendees

Security Affairs

OCTOBER 29, 2020

.” Microsoft Threat Intelligence Information Center (MSTIC) has uncovered activity by the threat actor PHOSPHOROUS, which has been masquerading as conference organizers and sending spoofed invitations by email to high-profile individuals.

Hacking

Hacking Security Intelligence Advertising Accountability

Why Focusing on Container Runtimes Is the Most Critical Piece of Security for EKS Workloads?

Security Affairs

MARCH 19, 2021

In the 2020 Cloud Native Survey , 91% of respondents told the Cloud Native Computing Foundation (CNCF) that they were using Kubernetes—an increase from 78% in 2019 and 58% a year earlier. The guidance provided above can help admins ensure container runtime security in Amazon EKS.

Information Security

Information Security Security Intelligence Hacking Accountability

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

link] — Microsoft Security Intelligence (@MsftSecIntel) October 12, 2020. In this blog, we detail the evolution of Trickbot, associated tactics, recent campaigns, and dive into the anatomy of a specific attack. ” reads the post published by Microsoft.

Malware

Malware Banking Advertising Financial Services

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

Researchers from threat intelligence firm RiskIQ, using passive DNS data related to Knotweed attacks, linked the C2 infrastructure used by the malware since February 2020 to DSIRF. Confirm that Microsoft Defender Antivirus is updated to security intelligence update 1.371.503.0 or later to detect the related indicators.

Surveillance

Surveillance Malware Authentication Accountability

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

In March 2020, Chinese security firm Qihoo 360 accused the US Central Intelligence Agency (CIA) of having hacked Chinese organizations for the last 11 years. In November 2019, ESET researchers discovered a new downloader, dubbed DePriMon, that used new “Port Monitor” methods in attacks in the wild.

Malware

Malware Hacking Government Telecommunications

Emotet operators are running Halloween-themed campaigns

Security Affairs

OCTOBER 31, 2020

Researchers from Microsoft Security Intelligence are also warning of the ongoing Halloween-themed Emotet campaign. #Emotet Daily Summary Post for 2019/10/31 – Halloween Party template used on E3, E2 was Banking/IRS/Invoice/etc spam and E1 was after ENG/ESP/FRA/PRT(BR) speakers with Invoice/Billing crap. Source Bleeping Computer.

Banking

Banking Malware Security Intelligence Advertising

Cyber Security Informer

Coronavirus-themed attacks May 17 ? May 23, 2020

Security intelligence fosters vulnerability management based on prioritized risk

Trending Sources

Hackers are using Zerologon exploits in attacks in the wild

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

North Korea-linked APT Emerald Sleet is using a new tactic

Microsoft warns about ongoing PonyFinal ransomware attacks

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Finnish intelligence warns of Russia’s cyberespionage activities

Iran-linked APT is exploiting the Zerologon flaw in attacks

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Microsoft warns TA505 changed tactic in an ongoing malware campaign

STRRAT RAT spreads masquerading as ransomware

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

CISA alert warns of Emotet attacks on US govt entities

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

RevengeRAT and AysncRAT target aerospace and travel sectors

Cloud-based security: SECaaS

Corona Mirai botnet spreads via AVTECH CCTV zero-day

Akamai dealt with an 800Gbps ransom DDoS against a gambling company

Iran-linked APT groups continue to evolve

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Iran-linked Phosphorous APT hacked emails of security conference attendees

Why Focusing on Container Runtimes Is the Most Critical Piece of Security for EKS Workloads?

Microsoft partnered with other security firms to takedown TrickBot botnet

European firm DSIRF behind the attacks with Subzero surveillance malware

Purple Lambert, a new malware of CIA-linked Lambert APT group

Emotet operators are running Halloween-themed campaigns

Stay Connected