Archive for April, 2019


As Proofpoint researchers have observed in the past, phishers and other threat actors are able to bypass whitelists and network defenses due to their widespread use of large consumer cloud storage sites, social networking, and commerce services such as Dropbox, Google Drive, Paypal, Ebay, and Facebook. Continue reading

Aebi Schmidt, a European manufacturing giant with operations in the U.S., has been hit by a ransomware attack, TechCrunch has learned. Continue reading

Cryptojacking campaign we have dubbed Beapy is exploiting the EternalBlue exploit and primarily impacting enterprises in China.

Continue reading

APT34 hacking tools and victim data leaked on a secretive Telegram channel since last month. Continue reading

Checkpoint’s researchers, with the help of Craig Silverman at BuzzFeed, have uncovered a series of applications conducting fraudulent activities against Ad Agencies. Craig Silverman reached out to Check Point with the leads for the applications as a part of his story. The malware found from those leads, dubbed ‘PreAMo’, imitates the user by clicking on banners retrieved from three ad agencies – Presage, Admob, and Mopub. Continue reading

It is very unusual for FLARE to analyze a prolifically-used, privately-developed backdoor only to later have the source code and operator tools fall into our laps. Yet this is the extraordinary circumstance that sets the stage for CARBANAK Week, a four-part blog series that commences with this post. Continue reading

US Immigration and Customs Enforcement (Ice) violated Facebook policy by creating fake social media profiles tied to the University of Farmington, a sham university it created to identify people committing immigration fraud. Continue reading

Recently, Check Point researchers spotted a targeted attack against officials within government finance authorities and representatives in several embassies in Europe. The attack, which starts with a malicious attachment disguised as a top secret US document, weaponizes TeamViewer, the popular remote access and desktop sharing software, to gain full control of the infected computer. Continue reading

The activity of Russian-linked Twitter bots and trolls spiked after the release of the Mueller Report, George Kamide, Director at digital risk protection provider SafeGuard Cyber told ZDNet today. Continue reading

Donot (APT-C-35), named and tracked by PatchSky TIC, is an attack group that mainly targets countries such as Pakistan in South Asia. This APT group usually carries out target attacks against government agencies to steal sensitive information. In addition to spreading malware via spear fishing email with Office attachment containing either vulnerability or malicious macro, this group is particularly good at leveraging malicious Android APKs in the target attacks. Continue reading