Compromised Website Images Camouflage ObliqueRAT Malware
.
The ObliqueRAT malware is now cloaking its payloads as seemingly-innocent image files that are hidden on compromised websites.
Similar Posts
Repurposed REvil Ransomware Used in Attacks
Cybercrime as-a-service , Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development Secureworks: New Group Apparently Waging Attacks Using Same Code Prajeet Nair (@prajeetspeaks) • June 24, 2021 Ransom note from attackers using LV malware (Source: Secureworks) A newly identified threat group is using a repurposed version of REvil ransomware to wage…
New ransomware group uses SonicWall zero-day to breach networks
A financially motivated threat actor exploited a zero-day bug in SonicWall SMA 100 Series VPN appliances to deploy new ransomware known as FiveHands on the networks of North American and European targets. The group, tracked by Mandiant threat analysts as UNC2447, exploited the CVE-2021-20016 SonicWall vulnerability to breach networks and deploy FiveHands ransomware payloads before patches were…
OODA Loop – Ubiquiti Shares Dive After Reportedly Downplaying ‘Catastrophic’ Data Breach
New York City- based IoT device maker Ubiquiti recently disclosed a data breach that was downplayed. After news of the catastrophic data breach, the shares of the company fell significantly this week. In January, Ubiquiti informed customers that unauthorized access to some IT systems hosted by a third-party cloud provider occurred. The company said in…
Researchers Find 3 New Malware Strains Used by SolarWinds Hackers
FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a “sophisticated second-stage backdoor,” as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat actor’s tactics and techniques. Dubbed GoldMax (aka SUNSHUTTLE), GoldFinder, and Sibot, the new set of…
Colonial Restarts Operations Following Ransomware Attack
Critical Infrastructure Security , Cybercrime , Cybercrime as-a-service Company Says It Will Take Several Days for Supply Chain to Return to Normal Scott Ferguson (Ferguson_Writes) • May 12, 2021 Source: Flickr Colonial Pipeline Co. announced Wednesday that the company had restarted its operations following a ransomware attack last Friday that had forced the…
Fat Face’s ‘Strictly Private’ Data Breach Notification
Breach Notification , Incident & Breach Response , Security Operations So Are We Supposed to Keep This Data Breach Notification Just Between Us Friends? Mathew J. Schwartz (euroinfosec) • March 26, 2021 (See update on Fat Face paying a $2 million ransom.) See Also: Live Webinar | Mitigating the Risks Associated with Remote…