Powershell Dropping a REvil Ransomware, (Thu, Jan 21st)Thu, 21 Jan 2021 10:13:55 GMT I spotted a piece of Powershell code that deserved some investigations because it makes use of RunSpaces[1]. The file (SHA256:e1e19d637e6744fedb76a9008952e01ee6dabaecbc6ad2701dfac6aab149cecf) has a very low VT score: only 1/59![2].
Critical Cisco SD-WAN Bugs Allow RCE AttacksWed, 20 Jan 2021 21:47:54 +0000 Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite.
Malwarebytes Hit by SolarWinds AttackersWed, 20 Jan 2021 17:36:35 +0000 The attack vector was not the Orion platform but rather an email-protection application for Microsoft 365.
SolarWinds Malware Arsenal Widens with RaindropTue, 19 Jan 2021 16:40:55 +0000 The post-compromise backdoor installs Cobalt Strike to help attackers more laterally through victim networks.
Attackers Steal E-Mails, Info from OpenWrt ForumTue, 19 Jan 2021 14:45:27 +0000 Users of the Linux-based open-source firmware—which include developers from commercial router companies--may be targeted by phishing campaigns, administrators warn.
# Reddit netsec
# Krebs On Security
New Charges Derail COVID Release for Hacker Who Aided ISISTue, 19 Jan 2021 18:39:30 +0000 A hacker serving a 20-year sentence for stealing personal data on 1,300 U.S. military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft. The new charges have derailed plans to deport him under compassionate release because of the COVID-19 pandemic.
Joker’s Stash Carding Market to Call it QuitsMon, 18 Jan 2021 19:50:01 +0000 Joker's Stash, by some accounts the largest underground shop for selling stolen credit card and identity data, says it's closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers.
Microsoft Patch Tuesday, January 2021 EditionWed, 13 Jan 2021 01:32:20 +0000 Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft's most-dire "critical" rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users.