Ionut Ilascu reports: Researchers at SetinelOne have detailed the activity observed from logs on a Cobalt Strike server that TrickBot used to profile networks and systems. Once the actor took interest in a compromised network, they used modules from Cobalt Strike threat emulation software for red teams and penetration testers. One component is the DACheck script to check…
Category: Malware
Phishing attacks impersonate QuickBooks invoices ahead of July 15 tax deadline
Heads up! Lance Whitney describes the type of campaign CEOs and employees need to remain vigilant about: The campaign analyzed was aimed at a cutting-edge technology company, a tempting target for cybercriminals looking for maximum profits. In the first wave, the cybercriminals spoofed QuickBooks, a product commonly being used in advance of the July 15…
Nefilim Ransomware Gang Tied to Citrix Gateway Hacks
Mathew Schwartz reports: A crime gang seeking “ransomware attack opportunities” is targeting organizations that use unpatched or poorly secured Citrix remote-access technology, then stealing data, unleashing crypto-locking malware and using the threat of exfiltrated data being publicly dumped to try to force payment, New Zealand’s national computer emergency response team warns. In an alert issued…
Florida Orthopedic Institute hit by ransomware
Florida Orthopedic Institute has notified the California Attorney General’s Office of a ransomware attack on April 6. Their notification does not indicate what type of ransomware was involved, or whether they paid any ransom. They are offering their patients identity monitoring services with Kroll, but note that they have no evidence that any patient data…
AL: Tallapoosa County recovers from ransomware attack
Cliff Williams reports: Operations are slowly returning to normal after a weekend ransomware attack on servers at the Tallapoosa County Probate Office. Tallapoosa County probate Judge Talmadge East said no data or personal information was compromised in the Sunday morning attack and servers are allowing new business to be conducted. Read more on The Outlook.
ConnectWise Partners Hit By Ransomware Via Automate Flaw
O’Ryan Johnson reports: Multiple ConnectWise partners have had their customers hit with ransomware through a software flaw that the company revealed last week with one having several end users compromised, according to a source who spoke on condition of anonymity. Tampa, Fla.-based ConnectWise confirmed that the vulnerability in ConnectWise Automate – which the company announced…