Malware Devil

Friday, October 30, 2020

$2.3M Stolen from Wisconsin GOP via BEC Attack

 
With Election Day just around the corner, the
Republican Party of Wisconsin  revealed that $2.3M was recently stolen from election funds intended to support the re-election of President Trump.  According to their statement, they are victims of a Business Email Compromise phishing attack that altered invoices to direct payments to accounts controlled by the threat actor.
 

The post $2.3M Stolen from Wisconsin GOP via BEC Attack appeared first on Security Boulevard.

Read More

The post $2.3M Stolen from Wisconsin GOP via BEC Attack appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/2-3m-stolen-from-wisconsin-gop-via-bec-attack/?utm_source=rss&utm_medium=rss&utm_campaign=2-3m-stolen-from-wisconsin-gop-via-bec-attack

ESB-2020.3749 – [Juniper] Junos OS: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3749
Junos OS: jdhcpd process crash when processing a specific DHCPDv6 packet in
                DHCPv6 relay configuration. (CVE-2020-1672)
                              30 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Junos OS
Publisher:         Juniper Networks
Operating System:  Juniper
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-1672  

Original Bulletin: 
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11069&actp=RSS

- --------------------------BEGIN INCLUDED TEXT--------------------

JSA11069 - 2020-10 Security Bulletin: Junos OS: jdhcpd process crash when processing
a specific DHCPDv6 packet in DHCPv6 relay configuration. (CVE-2020-1672)  


PRODUCT AFFECTED:
This issue affects Junos OS 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4, 19.1, 
19.2, 19.3, 19.4, 20.1.

PROBLEM:
On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt
of a specific DHCPv6 packet might crash the jdhcpd daemon.

The jdhcpd daemon automatically restarts without intervention, but continuous 
receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading
to an extended Denial of Service (DoS) condition.

Only DHCPv6 packet can trigger this issue. DHCPv4 packet cannot trigger this issue.
 

This issue affects Juniper Networks Junos OS:

17.3 versions prior to 17.3R3-S9;
17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3;
18.1 versions prior to 18.1R3-S11;
18.2 versions prior to 18.2R3-S5;
18.3 versions prior to 18.3R2-S4, 18.3R3-S3;
18.4 versions prior to 18.4R2-S5, 18.4R3-S4;
19.1 versions prior to 19.1R2-S2, 19.1R3-S2;
19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3;
19.3 versions prior to 19.3R2-S4, 19.3R2-S4, 19.3R3;
19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3;
20.1 versions prior to 20.1R1-S3, 20.1R2.
 
The example of the config stanza affected by this issue:

[forwarding-options dhcp-relay dhcpv6]
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

This issue was seen during production usage.

This issue has been assigned CVE-2020-1672.

SOLUTION:
The following software releases have been updated to resolve this specific issue:
Junos OS 17.3R3-S9, 17.4R2-S11, 17.4R3-S2, 17.4R3-S3, 18.1R3-S11, 18.2R3-S5, 
18.2X75-D34, 18.2X75-D65, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R2-S2,
19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 
20.1R1-S3, 20.1R2, 20.2R1, 20.3X75-D10, and all subsequent releases.

This issue is being tracked as 1512765.

WORKAROUND:
There are no viable workarounds for this issue.

IMPLEMENTATION:
Software releases or updates are available for download at https://www.juniper.net/support/downloads/.

MODIFICATION HISTORY:
2020-10-14: Initial Publication.

CVSS SCORE:
7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

SEVERITY LEVEL:
High

SEVERITY ASSESSMENT:
Information for how Juniper Networks uses CVSS can be found at KB 16446 
"Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX5tdmONLKJtyKPYoAQh9cQ//V8FhEajevPu8E4/nrRBlou2riaKm6raA
eHIpZp33WpNbs4cATaYL2L2QkXtvV3IgMb7g/6foDASvr0Nvhzn2+CgAnr2vAZzf
um1cWpdts2DXFCKhtshKnoT3XU4o144c5rqX6n4JdWLT7tNEz6t6X9/mSlDmF7/L
MeRT7vwWVue3QLeqDxVMA3zmXmj2KrAab/kDGMNI3iOac/oogBo3Ydz+VxrDBrpn
NbxfBwQf5JL9WQEySExJyaqST8qbhecKObKF9oWIbuKpSd0Rj8vFHI8l45jx/8Yr
FetzvojT80l6l/kwgqIo+jkeG1rUjJ5Uky1tsva4HZfjaIBRYqlta2Bk5SaY7L5z
1OuB8PsB4Q40jGPGelodEsADu9lARKnehFT/kMmXzl+/cIENhf0lzyBR07wNwj0w
voH5/XF6DzF+wG2IKI3i9+GTnbCRB4xhLrXM+PPVadLzBFM+Bz88lDWFvQm4TXEh
GURc/v3JUJHJkEoctSsIkQYYtR1GeL7DqGFZ5kpb/656GJKe6DKdc3GhZ1VUONcs
aVWokjTrUO2Wa7AFFj3u0LMuvJG3+AFW2PUCcO3y+2CnxIux+qR1zFa9dw2nvQOD
OaUI7irHrYfhDdOV9OoD1SkZsXnKCBlmoAR8Bvw55teWoVDtcZP6GSrNBi6XbS9E
7Nm2nfUIhX8=
=HUui
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3749 – [Juniper] Junos OS: Denial of service – Remote/unauthenticated appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/esb-2020-3749-juniper-junos-os-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3749-juniper-junos-os-denial-of-service-remote-unauthenticated

ESB-2020.3748 – [Juniper] Junos OS: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3748
        Junos OS: Receipt of malformed DHCPv6 packets causes jdhcpd
                         to crash (CVE-2020-1671)
                              30 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Junos OS
Publisher:         Juniper Networks
Operating System:  Juniper
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-1671  

Original Bulletin: 
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11068&actp=RSS

- --------------------------BEGIN INCLUDED TEXT--------------------

JSA11068 - 2020-10 Security Bulletin: Junos OS: Receipt of malformed DHCPv6 packets causes jdhcpd to crash (CVE-2020-1671)  

PRODUCT AFFECTED:
This issue affects Junos OS 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4, 19.1, 19.2,
19.3, 19.4, 20.1.

PROBLEM:
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or 

This issue only affects DHCPv6, it does not affect DHCPv4.

This issue affects: Juniper Networks Junos OS

17.4 versions prior to 17.4R2-S12, 17.4R3-S3;
18.1 versions prior to 18.1R3-S11;
18.2 versions prior to 18.2R3-S6;
18.2X75 versions prior to 18.2X75-D65;
18.3 versions prior to 18.3R2-S4, 18.3R3-S3;
18.4 versions prior to 18.4R2-S5, 18.4R3-S4;
19.1 versions prior to 19.1R3-S2;
19.2 versions prior to 19.2R1-S5, 19.2R3;
19.2 version 19.2R2 and later versions;
19.3 versions prior to 19.3R2-S4, 19.3R3;
19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3;
20.1 versions prior to 20.1R1-S3, 20.1R2;
This issue does not affect Juniper Networks Junos OS prior to 17.4R1.

The example of DHCPv6 local server configuration stanza affected by this issue is:

[system services dhcp-local-server dhcpv6]
The example of configuration stanza for DHCPv6 Relay Agent affected by this issue is:

[forwarding-options dhcp-relay dhcpv6]
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

This issue was seen during production usage.

This issue has been assigned CVE-2020-1671.

SOLUTION:
The following software releases have been updated to resolve this specific issue:
Junos OS 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.2X75-D65, 18.3R2-S4, 
18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S4, 19.3R3,
19.4R1-S3, 19.4R2-S2, 19.4R3, 20.1R1-S3, 20.1R2, 20.2R1 and all subsequent releases.

This issue is being tracked as 1511782.

WORKAROUND:
There are no viable workarounds for this issue.

IMPLEMENTATION:
Software releases or updates are available for download at https://www.juniper.net/support/downloads/.

MODIFICATION HISTORY:
2020-10-14: Initial Publication.

CVSS SCORE:
7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

SEVERITY LEVEL:
High

SEVERITY ASSESSMENT:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX5tdiONLKJtyKPYoAQjabBAArGhJRqQ7t7+agX5sLHX4A6wYbiPZ5HYp
T966spKUKGeJkFrl3T1cWAJLrbA7minjeYJx3nef9KxF2QDcujcGS+fCQgs/o0as
rmTGvju/yg0onFnsz9NuL3IP5OJ1HCpF52eHiRsnkR36AfnqXRpUYwVVWsZU05YS
xedm85CrzK/7laLvuEUyDZL5uWXzysolFZb97BGB8DyHswyHN68f+RhMb1cGNsay
Jd3wIBi3PV/lpaheexZ95KxBsAaSHwvBXt5z1QGwCWs4jSdXE9gDMjI2PtieycEd
UarYCIBPa1j5Nz4+xAHFwOjDPim+s3XABEJTPDjL4UIMOJf5qbgSUCrD34+mqunO
CwUkgluA/LtzHpB8Y1SX4dV1O0SrhTKQ8JiOdwkstsYD/QAi3pYt0VaEuhX0Njaf
L3OyDVLZxDELLfWIqy/odzmD2h7vXSlXBeZhebJrxhCIpGMqqUngoWhlbgqF0srH
Wrq53ru6MngsYpef4WHZEKBgIW6aPWiSjvti5ay3qkPEC6/DJPcflRtg+5GFzFv4
5rMrjMabtLoac0z+cqqMvbHahFzv1vHQOHZfhBPAz/r+sg9VxKysAVg4OKJJCNsK
5I8wPnMiKyURwQKGZaD17m2n+co3MgZUQ7c9+kDg/wK5+gzbn/KAL0dgxlqvAmTu
fyFdGXut2v4=
=q6Vi
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3748 – [Juniper] Junos OS: Denial of service – Remote/unauthenticated appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/esb-2020-3748-juniper-junos-os-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3748-juniper-junos-os-denial-of-service-remote-unauthenticated

The Alexiou Principle

I very rarely republish content of other blogs, but today, for many reasons really, I feel obliged to republish one of the most relevant DFIR posts ever: The Alexiou Principle […]
Read More

The post The Alexiou Principle appeared first on Malware Devil.



https://malwaredevil.com/2020/10/29/the-alexiou-principle-2/?utm_source=rss&utm_medium=rss&utm_campaign=the-alexiou-principle-2

What NOT to Do in Your First 90 Days as a CISO

What NOT to Do in Your First 90 Days as a CISO

Recently, Daniel Hooper, CISO at Varo Bank asked his LinkedIn network what their recipe for the first 90 days as a CISO would be. The post got 50+ responses but one that really stood out to me (and resonated with the whole group) was what NOT to do. This comment by Max S., CSO, saw …

Read More

The post What NOT to Do in Your First 90 Days as a CISO appeared first on Security Boulevard.

Read More

The post What NOT to Do in Your First 90 Days as a CISO appeared first on Malware Devil.



https://malwaredevil.com/2020/10/29/what-not-to-do-in-your-first-90-days-as-a-ciso/?utm_source=rss&utm_medium=rss&utm_campaign=what-not-to-do-in-your-first-90-days-as-a-ciso

Thursday, October 29, 2020

The Alexiou Principle

I very rarely republish content of other blogs, but today, for many reasons really, I feel obliged to republish one of the most relevant DFIR posts ever: The Alexiou Principle by Chris Pogue.

The 4 questions that form The Alexiou Principle are absolutely perfect:

  1. What question are you trying to answer?
  2. What data do you need to answer that question?
  3. How do you extract that data?
  4. What does that data tell you?

If you are starting your DFIR journey, or are a seasoned DFIR professional these questions remain a mantra that you will follow, one way or another.

Embrace them.

Read More

The post The Alexiou Principle appeared first on Malware Devil.



https://malwaredevil.com/2020/10/29/the-alexiou-principle/?utm_source=rss&utm_medium=rss&utm_campaign=the-alexiou-principle

Network Security News Summary for Friday October 30 2020

A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

The post Network Security News Summary for Friday October 30 2020 appeared first on Malware Devil.



https://malwaredevil.com/2020/10/29/network-security-news-summary-for-friday-october-30-2020/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-friday-october-30-2020

FBI “ransomware warning” for healthcare is a warning for everyone!

The US government has warned of a ransomware escalation against the healthcare sector. BUT THAT DOESN’T MEAN THE REST OF US CAN RELAX!
Read More

The post FBI “ransomware warning” for healthcare is a warning for everyone! appeared first on Malware Devil.



https://malwaredevil.com/2020/10/29/fbi-ransomware-warning-for-healthcare-is-a-warning-for-everyone/?utm_source=rss&utm_medium=rss&utm_campaign=fbi-ransomware-warning-for-healthcare-is-a-warning-for-everyone

NVIDIA Patches Critical Bug in High-Performance Servers

NVIDIA said a high-severity information-disclosure bug impacting its DGX A100 server line wouldn’t be patched until early 2021.
Read More

The post NVIDIA Patches Critical Bug in High-Performance Servers appeared first on Malware Devil.



https://malwaredevil.com/2020/10/29/nvidia-patches-critical-bug-in-high-performance-servers/?utm_source=rss&utm_medium=rss&utm_campaign=nvidia-patches-critical-bug-in-high-performance-servers

Social Media Bias, ‘KashmirBlack’, NSA, & Healthcare Attacks – Wrap Up – SWN #78

This week, Dr. Doug talks Dorsey, Zuckerberg, and Pichai in the Senate hotseat, KashmirBlack, Healthcare under assault, typosquatting, WebLogic, bug bounties, and the NSA strikes back, all this and show wrap ups on the Security Weekly News Wrap Up!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn78

The post Social Media Bias, ‘KashmirBlack’, NSA, & Healthcare Attacks – Wrap Up – SWN #78 appeared first on Malware Devil.



https://malwaredevil.com/2020/10/29/social-media-bias-kashmirblack-nsa-healthcare-attacks-wrap-up-swn-78/?utm_source=rss&utm_medium=rss&utm_campaign=social-media-bias-kashmirblack-nsa-healthcare-attacks-wrap-up-swn-78

Kegtap, Singlemalt, Winekey Malware Serve Up Ransomware to Hospitals

Amid an uptick in attacks on healthcare orgs, malware families, Kegtap, Singlemalt and Winekey are being used to deliver the Ryuk ransomware to already strained systems.
Read More

The post Kegtap, Singlemalt, Winekey Malware Serve Up Ransomware to Hospitals appeared first on Malware Devil.



https://malwaredevil.com/2020/10/29/kegtap-singlemalt-winekey-malware-serve-up-ransomware-to-hospitals/?utm_source=rss&utm_medium=rss&utm_campaign=kegtap-singlemalt-winekey-malware-serve-up-ransomware-to-hospitals

Attacking & Defending Cloud Infrastructure – Alexi Papaleonardos – ESW #204

CrowdStrike’s broad visibility into incidents at organizations from every sector, around the globe has yielded insights into current trends in security incidents related to public clouds such as AWS, Azure, and Google Cloud. In this segment we’ll discuss recent trends in breaches related to use of the public cloud, and what organizations can do to better prepare and protect themselves.

This segment is sponsored by CrowdStrike.

Visit https://securityweekly.com/crowdstrike to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw204

The post Attacking & Defending Cloud Infrastructure – Alexi Papaleonardos – ESW #204 appeared first on Malware Devil.



https://malwaredevil.com/2020/10/29/attacking-defending-cloud-infrastructure-alexi-papaleonardos-esw-204/?utm_source=rss&utm_medium=rss&utm_campaign=attacking-defending-cloud-infrastructure-alexi-papaleonardos-esw-204

University Email Hijacking Attacks Push Phishing, Malware

Attackers are compromising email accounts from popular universities, including Purdue and Oxford, to launch attacks that get around DMARC and SPF.
Read More

The post University Email Hijacking Attacks Push Phishing, Malware appeared first on Malware Devil.



https://malwaredevil.com/2020/10/29/university-email-hijacking-attacks-push-phishing-malware/?utm_source=rss&utm_medium=rss&utm_campaign=university-email-hijacking-attacks-push-phishing-malware

Ryuk Ransomware Targeting Healthcare

As if the COVID-19 pandemic were not enough, the healthcare sector is now being actively targeted by threat actors using Ryuk ransomware. Yesterday, the FBI issued an
increased and imminent cyber threat warning
amid
growing reports of healthcare providers
falling victim to the campaign. The threat actors are using Trickbot (delivered via Emotet) to gain access to target systems and deploy Ryuk. 

The post Ryuk Ransomware Targeting Healthcare appeared first on Security Boulevard.

Read More

The post Ryuk Ransomware Targeting Healthcare appeared first on Malware Devil.



https://malwaredevil.com/2020/10/29/ryuk-ransomware-targeting-healthcare-3/?utm_source=rss&utm_medium=rss&utm_campaign=ryuk-ransomware-targeting-healthcare-3

Ryuk Ransomware Targeting Healthcare

As if the COVID-19 pandemic were not enough, the healthcare sector is now being actively targeted by threat actors using Ryuk ransomware. Yesterday, the FBI issued an
increased and imminent cyber threat warning
amid
growing reports of healthcare providers
falling victim to the campaign. The threat actors are using Trickbot (delivered via Emotet) to gain access to target systems and deploy Ryuk. 

The post Ryuk Ransomware Targeting Healthcare appeared first on Security Boulevard.

Read More

The post Ryuk Ransomware Targeting Healthcare appeared first on Malware Devil.



https://malwaredevil.com/2020/10/29/ryuk-ransomware-targeting-healthcare-2/?utm_source=rss&utm_medium=rss&utm_campaign=ryuk-ransomware-targeting-healthcare-2

Ryuk Ransomware Targeting Healthcare

As if the COVID-19 pandemic were not enough, the healthcare sector is now being actively targeted by threat actors using Ryuk ransomware. Yesterday, the FBI issued an
increased and imminent cyber threat warning
amid
growing reports of healthcare providers
falling victim to the campaign. The threat actors are using Trickbot (delivered via Emotet) to gain access to target systems and deploy Ryuk. 

The post Ryuk Ransomware Targeting Healthcare appeared first on Security Boulevard.

Read More

The post Ryuk Ransomware Targeting Healthcare appeared first on Malware Devil.



https://malwaredevil.com/2020/10/29/ryuk-ransomware-targeting-healthcare/?utm_source=rss&utm_medium=rss&utm_campaign=ryuk-ransomware-targeting-healthcare

REvil Gang Promises a Big Video-Game Hit; Claims Massive Revenue

In a wide-ranging interview, a REvil leader said the gang is earning $100 million per year, and provided insights into the life of a cybercriminal.
Read More

The post REvil Gang Promises a Big Video-Game Hit; Claims Massive Revenue appeared first on Malware Devil.



https://malwaredevil.com/2020/10/29/revil-gang-promises-a-big-video-game-hit-claims-massive-revenue/?utm_source=rss&utm_medium=rss&utm_campaign=revil-gang-promises-a-big-video-game-hit-claims-massive-revenue

Heading to the polls? Get the info on disinformation

As IronNet’s Co-CEO General (Ret.) Keith Alexander lamented in his blog to kick off Cybersecurity Awareness Month, “The days of Walter Cronkite, when we knew the news source and trusted it, are long gone. And that’s the way it is. So let’s be critical thinkers on Twitter and everywhere.” 

The post Heading to the polls? Get the info on disinformation appeared first on Security Boulevard.

Read More

The post Heading to the polls? Get the info on disinformation appeared first on Malware Devil.



https://malwaredevil.com/2020/10/29/heading-to-the-polls-get-the-info-on-disinformation-3/?utm_source=rss&utm_medium=rss&utm_campaign=heading-to-the-polls-get-the-info-on-disinformation-3

Heading to the polls? Get the info on disinformation

As IronNet’s Co-CEO General (Ret.) Keith Alexander lamented in his blog to kick off Cybersecurity Awareness Month, “The days of Walter Cronkite, when we knew the news source and trusted it, are long gone. And that’s the way it is. So let’s be critical thinkers on Twitter and everywhere.” 

The post Heading to the polls? Get the info on disinformation appeared first on Security Boulevard.

Read More

The post Heading to the polls? Get the info on disinformation appeared first on Malware Devil.



https://malwaredevil.com/2020/10/29/heading-to-the-polls-get-the-info-on-disinformation-2/?utm_source=rss&utm_medium=rss&utm_campaign=heading-to-the-polls-get-the-info-on-disinformation-2

Heading to the polls? Get the info on disinformation

As IronNet’s Co-CEO General (Ret.) Keith Alexander lamented in his blog to kick off Cybersecurity Awareness Month, “The days of Walter Cronkite, when we knew the news source and trusted it, are long gone. And that’s the way it is. So let’s be critical thinkers on Twitter and everywhere.” 

The post Heading to the polls? Get the info on disinformation appeared first on Security Boulevard.

Read More

The post Heading to the polls? Get the info on disinformation appeared first on Malware Devil.



https://malwaredevil.com/2020/10/29/heading-to-the-polls-get-the-info-on-disinformation/?utm_source=rss&utm_medium=rss&utm_campaign=heading-to-the-polls-get-the-info-on-disinformation

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...