ALERTS

Ameaças em destaque do mundo digital

Saiba quais foram as últimas Notícias e Falhas de Segurança

Threats

Ameaças em destaque do mundo digital

LockBit ransomware is now using Active Directory group policies to encrypt Windows domains

A new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using a PowerShell script to push a new group policy to all the workloads in the Active Directory group.

Type: Malware
Category: Ransomware
Severity: MEDIUM
Date: Jul 28, 2021

Source

Olympics-themed malware found wiping files on infected computers

A Japanese security firm has discovered malware circulating that is wiping computers ahead of the Tokyo 2020 Olympic Games. The wiper is a .exe file that is designed to look like a PDF, claiming to be urgent information regarding cyber attacks associated with the Olympics.

Type: Typical malwar
Category: Malware
Severity: MEDIUM
Date: Jul 22, 2021

Source

8th Chrome Zero-Day Vulnerability This Year Being Actively Exploited

Google Chrome's V8 JavaScript and WebAssembly engine has a type confusion vulnerability, tracked as CVE-2021-30563, that is actively being exploited in the wild. This vulnerability can lead to an attacker being able to run arbitrary code on affected devices. A patch is available and should be implemented immediately.

Type: Vulnerability
Category: Security update
Severity: MEDIUM
Date: Jul 16, 2021

Source

Malware Caught Using OBS Studio to Spy on Victims

A new remote access trojan (RAT), called BIOPASS, has been using JavaScript embedded in gambling website support forums to trick users to install fake software updates that contain the trojan. Among typical trojan features that allow for persistent access and data theft, BIOPASS uses the popular streaming software OBS Studio to capture screen recordings on victim machines.

Type: Malware
Category: Typical malware
Severity: MEDIUM
Date: Jul 13, 2021

Source

Windows Print Spooler Remote Code Execution Vulnerability

Proof-of-concept exploit code has been published online today for a vulnerability in the Windows Print Spooler service that can allow remote code execution to take place in compromised Windows systems. Tracked as CVE-2021-1675, the vulnerability was patched earlier this month in the Microsoft June 2021 Patch Tuesday security updates. Please update your Windows system to ensure the security of your system.

Type: Vulnerability
Category: Advisory
Severity: HIGH
Date: Jul 11, 2021

Source

New attack campaign utilizing leaked Babuk Locker ransomware builder

A leaked Babuk Locker builder tool used to create custom ransomware executables is now being utilized by another threat actor in a very active campaign targeting victims globally. The threat actor has modify the enclosed ransom note to include their own contact info, and then run the build executable to create customized ransomware encryptors and decryptors that target Windows, VMware ESXi, NAS x86 and NAS ARM devices.

Type: Malware
Category: Ransomware
Severity: MEDIUM
Date: Jul 11, 2021

Source

Self-propagating Indexsinas SMB worm spreads over few sectors including Cryptomining industry

The recent self-propagating computer worm called Indexsinas SMB was found to caused wide damages to several sectors in the community including telecommunication, healthcare and cryptomining industry. Researcher has found out that three Equation Group exploits were used during the propagation of the worm which includes EternalBlue, EternalRomance and DoublePulsar.

Type: Malware
Category: Malware
Severity: MEDIUM
Date: Jul 11, 2021

Source

Hundreds of Companies Hit By Supply-Chain Ransomware Attack Served Through Kaseya VSA

In what appears to be a supply chain attack, Kaseya's remote management software was exploited by the REvil ransomware gang to ransom hundreds of businesses at once. Any organization using an on-site Kaseya VSA server should immediately shut down the server, as the first action taken in the attack is to disable administrator access to the server.

Type: Malware
Category: Ransomware
Severity: MEDIUM
Date: Jul 11, 2021

Source

Hundreds of Companies Hit By Supply-Chain Ransomware Attack Served Through Kaseya VSA

In what appears to be a supply chain attack, Kaseya's remote management software was exploited by the REvil ransomware gang to ransom hundreds of businesses at once. Any organization using an on-site Kaseya VSA server should immediately shut down the server, as the first action taken in the attack is to disable administrator access to the server.

Type: Malware
Category: Ransomware
Severity: MEDIUM
Date: Jul 5, 2021

Source

New Golang Remote Access Trojan (RAT) named ChaChi used in PYSA ransomware attacks

The ChaChi RAT has been created in the Go language and is currently used by the PYSA ransomware group against US schools. The current version of the RAT implements backdoor capabilities, DNS tunneling and allows attackers to harvest credentials. The RAT is obfuscated with the gobfuscate tool.

Type: Malware
Category: Typical malware
Severity: MEDIUM
Date: Jun 24, 2021

Source

The Clop ransomware is back, after law enforcement made some arrests

The Clop ransomware operation is back in business after recent arrests. After about a week of low activity, the ransomware gang has sprung back into action yesterday after releasing the data for two new victims on their ransomware data leak site.

Type: Malware
Category: Ransomware
Severity: MEDIUM
Date: Jun 23, 2021

Source

Paradise Ransomware source code released on a hacking forum

The complete source code for the Paradise Ransomware has been released on a hacking forum allowing any would-be cyber criminal to develop their own customized ransomware operation.

Type: Malware
Category: Ransomware
Severity: MEDIUM
Date: Jun 15, 2021

Source

Chrome Zero-Day Vulnerability Being Actively Exploited

A high severity vulnerability in Google Chrome (CVE-2021-30551), caused by a type confusion issue in the V8 JavaScript engine, is actively being exploited in the wild. Google has released an update to patch this vulnerability, along with 13 other medium to critical severity vulnerabilities.

Type: Vulnerability
Category: Security update
Severity: MEDIUM
Date: Jun 10, 2021

Source

Fujifilm Sufferes Suspected REvil Ransomware Attack

Fujifilm has shut down some of their networks after a ransomware attack on June 1st. REvil is suspected to be behind the attack, partially due to the Qbot trojan being used in the initial stage of the attack. As Fujifilm has chosen not to pay the ransom, stolen data will likely show up on a ransomware leak site in the next few days.

Type: Malware
Category: Ransomware
Severity: MEDIUM
Date: Jun 4, 2021

Source

Threat actors behind SolarWinds attack are now spear phishing

The threat actors behind the massive SolarWinds attack has been discovered to be operating a spear-phishing campaign. The group recently began using a compromised Constant Contact account to send tailored phishing emails. The spear phishing email contains a malicious HTML attachment which drops an ISO image containing further malware.

Type: Malware
Category: Typical malware
Severity: MEDIUM
Date: May 28, 2021

Source

New RAT fakes being ransomware

Microsoft Security Intelligence has released information regarding a remote access trojan, named StrRAT, that masquerades as ransomware. This RAT steals browser credentials, logs keystrokes, can remotely control your systems, and also renames files to appear they have been ransomed. Files renamed .crimsom are an indicator of compromise.

Type: Malware
Category: Typical malware
Severity: MEDIUM
Date: May 27, 2021

Source

Zeppelin Ransomware Returns

After a brief hiatus, Zeppelin ransomware has resumed activity. The team behind this ransomware relies on more traditional attack vectors such as RDP and VPN vulnerabilities or phishing. Due to Zeppelin's sale model, new variants and the downloaders they use can be hard to initially detect.

Type: Malware
Category: Typical malware
Severity: MEDIUM
Date: May 25, 2021

Source

Researchers have discovered a new banking malware from Brazil named Bizarro

Bizarro is a new banking trojan family originating in Brazil, that is now also in other countries. Cybercriminals behind this malware family are adopting various technical methods to complicate malware analysis and detection, as well as social engineering tricks that help convince targets to give out their online banking credentials. Bizarro is distributed via MSI packages downloaded by victims from links in spam emails. Once launched, Bizarro downloads a ZIP archive from a compromised website to implement further malicious functions.

Type: Malware
Category: Typical malware
Severity: MEDIUM
Date: May 21, 2021

Source

Microsoft warns of data stealing malware called STRRAT that pretends to be ransomware

This RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them. The new wave of attacks, commences with spam emails sent from compromised email accounts with 'Outgoing Payments' in the subject line, luring the recipients into opening malicious PDF documents that claim to be remittances, but in reality connect to a rogue domain to download the STRRAT malware.

Type: Malware
Category: Typical malware
Severity: MEDIUM
Date: May 21, 2021

Source

CISA warns of new activity by the ransomware group called FiveHands

The US Cybersecurity & Infrastructure Security Agency (CISA) has warned organizations to be cautious of a relatively new ransomware group called FiveHands. FiveHands ransomware has been around since January 2021 and the group using it has been exploiting a zero day vulnerability in SonicWall VPN (CVE-2021-20016).

Type: Malware
Category: Ransomware
Severity: MEDIUM
Date: May 12, 2021

Source

Shutdown of a Top U.S. Pipeline after Ransomware attack

Top U.S. pipeline, Colonial Pipeline, shuts down after DarkSide ransomware attack

Type: Malware
Category: Ransomware
Severity: MEDIUM
Date: May 10, 2021

Source

O que fazer depois de uma Falha de Segurança ?

Recomendamos que siga estas etapas para manter as suas informações pessoais seguras e proteger sua identidade digital.


Mude sua senha de acesso

Torne a senha única e diferente das outras que usa. Uma boa estratégia a seguir é combinar duas ou mais palavras não relacionadas para criar uma senha inteira, única e segura.

Atualize outros logins que usam a mesma senha

Reutilizar senhas transforma uma única violação de dados em várias. Agora que a senha está disponível, os hackers podem usá-la para aceder a outras contas.

Use um gerenciador de passwords para levar suas senhas para todos os lugares

Use uma gerenciador para aceder com segurança as senhas salvas no navegador de qualquer lugar - mesmo fora do navegador.

Use um serviço que mascare o seu endereço IP

O endereço de IP (Protocolo da Internet) indica a sua localização e fornecedor de serviços de Internet. Um serviço como o Firefox Private Network mascara seu endereço IP para ocultar sua localização.

Evite usar informações pessoais em PINs

Como é fácil encontrar sua data de nascimento em registros públicos, é melhor evitar usá-la em senhas e PINs. As pessoas que conhecem seu aniversário também podem adivinhar seu PIN com muita facilidade.

Configurar autenticação de dois fatores (2FA)

Muitos sites oferecem o 2FA como uma medida de segurança extra. Isso requer outra informação para fazer login na sua conta, como um código único que você recebe por texto via SMS.