Archive for January, 2019


The advent of 5G networks is about much more than just incredibly fast speeds and more reliable connections. When combined with today’s powerful edge devices — whether consumer-grade smart devices or the new generation of industrial-grade IoT devices — the impact of 5G on business and networking strategies will be transformational. There are important implications for digital transformation that need to be considered, especially when it comes to securing the new network environments that 5G and edge-based computing will create. Continue reading

Just days ago, Fortinet’s FortiGuard Labs captured a malicious MS Word document from the wild that contains auto-executable malicious VBA code that can spread and install NanoCore RAT software on a victim’s Windows system. NanoCore RAT was developed in the .Net framework, and the latest version is “1.2.2.0”. Its author, “Taylor Huddleston”, was captured by the FBI and sent to prison early last year . The sample we captured uses NanoCore to execute malicious behavior on a victim’s system. Continue reading

An improperly secured ElasticSearch database was recently discovered containing a huge volume of VOIP call logs, SMS/MMS message logs, and plaintext internal system credentials. This database was discovered using Shodan. Following a brief investigation, it was determined this database was controlled by VOIPO, a VOIP provider based in California. This database was promptly secured after I notified the company. I would like to thank VOIPO for their quick assistance in securing this data. Continue reading

TP-Link recently patched three vulnerabilities in their TL-R600VPN gigabit broadband VPN router, firmware version 1.3.0. Cisco Talos publicly disclosed these issues after working with TP-Link to ensure that a patch was available. Now that a fix is out there, we want to take the time to dive into the inner workings of these vulnerabilities and show the approach we took with our proof-of-concept code. Continue reading

While Emotet has been around for many years and is one of the most well-known pieces of malware in the wild, that doesn’t mean attackers don’t try to freshen it up. Cisco Talos recently discovered several new campaigns distributing the infamous banking trojan via email. These new campaigns have been observed following a period of relatively low Emotet distribution activity, corresponding with the observance of Orthodox Christmas in certain geographic regions. These new malicious efforts involve sending victims malicious Microsoft Word attachments with embedded macros that download Emotet. Continue reading

On January 1, we detected a significant increase in activity from one of the web skimmer groups we’ve been tracking. During this time, we found their malicious skimming code (detected by Trend Micro as JS_OBFUS.C.) loaded on 277 e-commerce websites providing ticketing, touring, and flight booking services as well as self-hosted shopping cart websites from prominent cosmetic, healthcare, and apparel brands. Trend Micro’s machine learning and behavioral detection technologies proactively blocked the malicious code at the time of discovery (detected as Downloader.JS.TRX.XXJSE9EFF010). Continue reading

Played in a virtual world, players of ‘Fortnite’, the massively popular game from game developer Epic Games, are tasked with testing their endurance as they battle for tools and weapons that will keep them secure and the ‘last man standing’. Continue reading

While ransomware is not new, major attacks like WannaCry, Petya/NotPetya and, more recently, TrickBot have shown that existing prevention methods have become ineffective at preventing advanced ransomware attacks. Attackers have evolved their approach and use of malware to become more sophisticated, automated, targeted and highly evasive. Continue reading

FireEye is tracking a set of financially-motivated activity referred to as TEMP.MixMaster that involves the interactive deployment of Ryuk ransomware following TrickBot malware infections. These operations have been active since at least December 2017, with a notable uptick in the latter half of 2018, and have proven to be highly successful at soliciting large ransom payments from victim organizations. Continue reading

At a Kiev nightclub in the spring of 2012, 24-year-old Ivan Turchynov made a fateful drunken boast to some fellow hackers. For years, Turchynov said, he’d been hacking unpublished press releases from business newswires and selling them, via Moscow-based middlemen, to stock traders for a cut of the sizable profits. Continue reading