Blueliv Intelligence Briefing

Your cybersecurity news summary

Thursday,   July 9th,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

APT group behind the Evilnum malware seen in fintech attacks analysed

Targets are approached with spearphishing emails that contain a link to a ZIP file hosted on Google Drive. That archive contains several LNK (aka shortcut) files that extract and execute a malicious JavaScript component, while displaying a decoy document. These shortcut files have “double extensions” to try to trick the user into opening them, thinking they are benign documents or pictures (in Windows, file extensions for known file types are hidden by default).

Learn more >

New severe vulnerability adressed by Palo Alto

The CVE-2020-2034 flaw can be exploited by attackers with network access to vulnerable servers, it has been rated as high severity and received a CVSS 3.x base score of 8.1. Experts pointed out that the flaw doesn’t require user interaction to be exploited. “An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network-based attacker to execute arbitrary OS commands with root privileges.” reads the advisory published by Palo Alto Networks.

Learn more >

Code execution vulnerability in GeForce Experience fixed

This week, Nvidia said the security flaw, CVE‑2020‑5964, is found in the service host component of GeForce Experience, "in which the integrity check of application resources may be missed." This failure to verify application resources properly can be used to compromise the software, leading to code execution, denial of service, and information leaks. Issued a severity score of 6.5, the vulnerability impacts all versions of the software on Windows machines prior to version 3.20.4.

Learn more >

Conti uses up to 32 CPU threads for encryption

Just like most ransomware families today, Conti was designed to be directly controlled by an adversary, rather than execute automatically by itself. These types of ransomware strains are also known as "human-operated ransomware," and they're designed to be deployed during targeted intrusions inside large corporate or government networks. Security researchers first spotted a Conti dev build earlier this year, in February, but some sources now reported that its Threat Analysis Unit (TAU) has spotted Conti infections in the wild.

Learn more >

Blueliv Intelligence Briefing

Your cybersecurity news summary

Wednesday,   July 8th,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

New and improved version of Lampio trojan spreading in Portugal

The recent wave has been noted in Portugal and is impacting clients of several Portuguese and Brazilian banking organizations, and also some cryptocurrency platforms. This new version includes changes in its VBS downloader, Anti-VM techniques, and the way it communicates with its C2 server, geolocated in Russia.

Learn more >

Victims of the ThiefQuest ransomware can recover their encrypted files

According to the experts, the EvilQuest ransomware has been distributed in the wild since the beginning of June. Threat actors have started distributing the ransomware in tainted pirated macOS software uploaded on torrent portals and online forums. Once encrypted the file on the infected host, a popup is displayed to the victim, informing it that its files have been encrypted. The victims is directed to open a ransom note dropped on their desktop that includes instructions for the payment of the ransomware. Now a security firm has released a free decryptor software that allows victims of the TiefQuest ransomware to recover their encrypted files.

Learn more >

Six domains used in phishing scheme seized by Microsoft

US District Court for the Eastern District of Virginia has ruled that the company can seize six domains that were being used in a widespread phishing campaign. Microsoft said the campaign targeted users in sixty-two countries around the world, and it capitalized on fears surrounding COVID-19. Notably, the attackers didn’t use credential-harvesting login portals to trick victims into entering their usernames and passwords. Instead, the emails contained links that requested permissions for a malicious web app that impersonated Office 365.

Learn more >

Mozilla has temporarily suspended the Firefox Send file-sharing service while it adds a Report Abuse mechanism

While Mozilla launched Firefox Send with the privacy and security of its users in mind, since late 2019, Firefox Send has seen broader adoption in the malware community. In most cases, the use is usually the same. Malware authors upload malware payloads on Firefox Send, the file is stored in an encrypted format, and then hackers share the links inside emails they send to their targets. Over the past few months, Firefox Send has been used to store payloads for all sorts of cybercrime operations, from ransomware to financial crime, and from banking trojans to spyware used to target human rights defenders.

Learn more >

Blueliv Intelligence Briefing

Your cybersecurity news summary

Tuesday,   July 7th,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

Android malware distributed via smishing: FakeSpy

The attackers are using smishing to trick victims into installing spoofed apps. “The malware uses smishing, or SMS phishing, to infiltrate target devices, which is a technique that relies on social engineering,” the researchers explain. “The attackers send fake text messages to lure the victims to click on a malicious link. The link directs them to a malicious web page, which prompts them to download an Android application package (APK)... New versions of FakeSpy masquerade as government post office apps and transportation services apps.

Learn more >

Credit card skimmer targets ASP.NET sites hosted on Microsoft IIS servers

Most of the targeted websites in the world of digital skimming are built on the LAMP (Linux, Apache, MySQL, and PHP) stack. This is because those technologies are widely adopted, and cyber-criminals usually follow the high return from the least amount of effort rule. Researchers have identified a rare exception, a credit card skimming campaign that exclusively targets websites hosted on Microsoft IIS servers running the ASP.NET web application framework.

Learn more >

Microsoft vulnerabilities have been added to the Purple Fox EK

The Purple Fox EK was previously analyzed in September, when researchers said that it appears to have been built to replace the Rig EK in the distribution chain of Purple Fox malware, which is a trojan/rootkit. The latest revision to the exploit kit has added attacks against flaws tracked as CVE-2020-0674 and CVE-2019-1458, which were first disclosed at the end of 2019 and early 2020. Purple Fox previously used exploits targeting older Microsoft flaws, including ones tracked as CVE-2018-8120 and CVE-2015-1701.

Learn more >

EDP confirms cyberattack, blame on Ragnar Locker

In a letter sent to customers (.PDF), the energy company apologized for the incident but insisted that there is "no evidence" that consumer information was compromised or stolen. " Attackers had gained unauthorized access to at least some information stored on the company's own information systems," the letter reads. "Since then, EDPR NA has worked diligently and on an expedited basis to identify the individuals potentially affected by this incident."

Learn more >

Blueliv Intelligence Briefing

Your cybersecurity news summary

Friday,   July 3rd,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

Communications system used by criminals to trade drugs and guns “successfully penetrated”

The NCA worked with forces across Europe on the UK's "biggest and most significant" law enforcement operation. Major crime figures were among over 800 Europe-wide arrests after messages on EncroChat were intercepted and decoded. More than two tonnes of drugs, several dozen guns and £54m in suspect cash have been seized, says the NCA. While the NCA was part of the investigation, it was initiated and led by French and Dutch police, and also involved Europol.

Learn more >

DarkCrewBot – The Return of the Bot Shop Crew

Researchers recently discovered an ongoing, evolving campaign from a known hackers’ group, “DarkCrewFriends.” This campaign targets PHP servers, focusing on creating a botnet infrastructure that can leverage for several purposes such as monetization and shutting down critical services. DarkCrewFriends has been quite active over the last few years.

Learn more >

ThiefQuest ransomware is a file-stealing Mac wiper in disguise

A new data wiper and info-stealer called ThiefQuest is using ransomware as a decoy to steal files from macOS users. The victims get infected after downloading trojanized installers of popular apps from torrent trackers. While not common, ransomware has been known to target the macOS platform in the past, with KeRanger, FileCoder (aka Findzip), and Patcher being three other examples of malware designed to encrypt Mac systems

Learn more >

Connection discovered between Chinese hacker group APT15 and defense contractor

A report details a years-long hacking campaign that has primarily targeted the Uyghur ethnic minority, living in western China, but also the Tibetan community, to a lesser degree. The campaign infected individuals in these communities with malware, allowing government hackers to keep an eye on the activities of minority communities in China's border regions but also living abroad in at least 14 other countries.

Learn more >

Blueliv Intelligence Briefing

Your cybersecurity news summary

Thursday,   July 2nd,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

How EKANS ransomware targets industrial control systems

The EKANS ransomware family is one strain that has been used in targeted ICS campaigns. Researchers were able to obtain two modern samples, one from May and another compiled in June, which revealed some interesting features. Both Windows-based samples are written in GO, a programming language widely used in the malware development community as it is relatively easy to compile to work on different operating systems.

Learn more >

Emergency Firefox update for search issues

After releasing Firefox 78 yesterday, Mozilla quickly halted its rollout via automatic updates due to problems discovered with the built-in search functionality. Today, Mozilla has released a new version 78.0.1 to fix these issues and has resumed auto-updates. In a Mozilla bug, it was reported that numerous search issues occurred after installing Firefox 78.

Learn more >

Netgear releases fixes for ten vulnerabilities affecting nearly 80 of its products

Four of flaws have been rated high severity, they can be exploited by an unauthenticated attacker with network access to the vulnerable Netgear device to execute arbitrary code with admin or root privileges, and to bypass authentication. The US Cybersecurity and Infrastructure Security Agency (CISA) published a security alert warning of the Netgear Router flaws. The CERT/CC also published a security advisory related to one of the above vulnerabilities that can be exploited by an unauthenticated attacker to gain remote code execution with root privileges.

Learn more >

Thanos Ransomware | RIPlace, Bootlocker and More Added to Feature Set

Thanos is a RaaS (Ransomware as a Service) that provides buyers and affiliates with a customized tool to build unique payloads. This tool is far more complex and robust than many previous builder-based ransomware services such as NemeS1S and Project Root. The generated payloads can be configured with numerous features and options. Many of the options available in the Thanos builder are designed to evade endpoint security products, and this includes the use of the RIPlace technique.

Learn more >

Blueliv Intelligence Briefing

Your cybersecurity news summary

Wednesday,   July 1st,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

Xerox allegedly suffers Maze Ransomware attack

The company declared over $1.8 billion in revenue in Q1 2020 and has 27,000 employees across the globe. It’s currently tracking at 347 of the Fortune 500 list. Maze ransomware operators claim to have stolen more than 100GB of files from Xerox and threaten to publish them is the company will not may the ransom.

Learn more >

Out-of-band security updates to patch two vulnerabilities in Microsoft Windows

The two vulnerabilities are tracked as CVE-2020-1425 and CVE-2020-1457, the first one being rated as critical while the second received an important severity rating. In both cases, the remote code execution issue is caused by the way that Microsoft Windows Codecs Library handles objects in memory. After successfully exploiting CVE-2020-1425, attackers "could obtain information to further compromise the user’s system," while successful exploitation of CVE-2020-1457 could lead to arbitrary code execution on vulnerable systems.

Learn more >

New Mac ransomware spreading through piracy

Researchers found a malicious Little Snitch installer available for download on a Russian forum dedicated to sharing torrent links. A post offered a torrent download for Little Snitch, followed by several comments that the download included malware. They discovered that not only was it malware, but a new Mac ransomware variant that was spreading via piracy.

Learn more >

FakeSpy Masquerades as Postal Service Apps Around the World

A new campaign is up and running using newly improved, significantly more powerful malware as compared to previous versions. FakeSpy is under active development and is evolving rapidly; new versions are released every week with additional evasion techniques and capabilities. The analysis shows that the threat actor behind the FakeSpy malware is a Chinese-speaking group, commonly referred to as "Roaming Mantis".

Learn more >

Blueliv Intelligence Briefing

Your cybersecurity news summary

Tuesday,   June 30th,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

PROMETHIUM extends global reach with StrongPity3 APT

The PROMETHIUM threat actor — active since 2012 — has been exposed multiple times over the past several years. However, this has not deterred this actor from continuing and expanding their activities. By matching indicators such as code similarity, command and control (C2) paths, toolkit structure and malicious behavior, a research team has identified around 30 new C2 domains. They assess that PROMETHIUM activity corresponds to five peaks of activity when clustered by the creation date month and year.

Learn more >

Glupteba: Hidden Malware Delivery in Plain Sight

About a month ago, researchers noticed a spike in the number of samples belonging to the same malware campaign, most of them with the filename app.exe. This malware, which turned out to belong to a family called Glupteba, spreads using EternalBlue, and downloads additional payloads. Glupteba malware does something novel: It uses the bitcoin blockchain as a communications channel to receive updated configuration information.

Learn more >

US Local Government Services Targeted by New Magecart Credit Card Skimming Attack

Eight cities across three states in the United States have fallen victim to a Magecart card skimming attack. In these attacks, their websites were compromised to host credit card skimmers that passed on the credit card information of residents to cybercriminals. These sites all appear to have built using Click2Gov, a web-based platform meant for use by local governments.

Learn more >

Bundlore (macOS) mm-install-macos

The mm-install-macos variant of the Bundlore family of macOS adware has been around for many years in many variations and delivery methods. Recently, an alternative with a novel installation method was discovered. Although most of the installation details were the same or similar to the other samples analyzed, these new samples modified the sudoers file on the infected system to remove the password requirement for privilege escalation. The malware also utilizes a form of obfuscation not observed before in this family, hiding compressed data in a resource fork on a downloaded script file.

Learn more >

Blueliv Intelligence Briefing

Your cybersecurity news summary

Monday,   June 29th,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations

Symantec, a division of Broadcom, has identified and alerted their customers to a string of attacks against U.S. companies by attackers attempting to deploy the WastedLocker ransomware on their networks. The end goal of these attacks is to cripple the victim's IT infrastructure by encrypting most of their computers and servers in order to demand a multimillion-dollar ransom. At least 31 customer organizations have been attacked, meaning the total number of attacks may be much higher. The attackers had breached the networks of targeted organizations and were in the process of laying the groundwork for staging ransomware attacks.

 

Learn more >

 

GeoVision access control devices let hackers steal fingerprints

In a new report by Acronis, researchers disclose numerous vulnerabilities in GeoVision surveillance equipment and fingerprinter scanners. Acronis’ security team found four critical vulnerabilities in GeoVision's devices, including a backdoor password with admin privileges, the reuse of cryptographic keys, and the disclosure of private keys to everyone. All of these vulnerabilities could allow state-sponsored attackers to intercept potential traffic. The CVEs made public by Acronis include CVE-2020-3928, CVE-2020-3930, and CVE-2020-3929, and were found in fingerprint scanners, access card scanners, and access management appliances being used around the world.

 

Learn more >

 

Almost 300 Windows 10 executables vulnerable to DLL hijacking

A simple VBScript may be enough to allow users to gain administrative privileges and bypass UAC entirely on Windows 10. In a new report from a PwC UK security researcher Wietze Beukema, we learn that almost 300 Windows 10 executables are vulnerable to DLL hijacking. It turns out nearly 300 executables in your System32 folder are vulnerable to relative path DLL Hijacking. Did you know that with a simple VBScript some of these EXEs can be used to elevate such executions, bypassing UAC entirely?

 

Learn more >

 

Chinese malware used in attacks against Australian orgs

The Australian government released an advisory late last week about increased cyber activity from a state actor against networks belonging to its agencies and companies in the country. Behind the attack is a “sophisticated” adversary that relies on slightly modified proof-of-concept exploit code for yesteryear vulnerabilities, the government says. An unofficial blame finger points to China. The attacker targets public-facing infrastructure with remote code execution exploits, a frequent choice being unpatched versions of Telerik user interface (UI).

 

Learn more >

 

Blueliv Intelligence Briefing

Your cybersecurity news summary

Friday,   June 26th,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

Hackers hide credit card stealing scripts in favicon EXIF data

Hackers are always evolving their tactics to stay one step ahead of security companies. A perfect example of this is the hiding of malicious credit card stealing scripts in the EXIF data of a favicon image to evade detection. In a new report by Malwarebytes, an online store using the WordPress WooCommerce plugin was found to be infected with a Magecart script to steal customer's credit cards. What made this attack stand out was that the scripts used to capture data from payment forms were not added directly to the site but were contained in the EXIF data for a remote site's favicon image.

 

Learn more >

 

Chinese bank forced western companies to install malware-laced tax software

A Chinese bank has forced at least two western companies to install malware-laced tax software on their systems, cyber-security firm Trustwave said in a report published today. The two companies are a UK-based technology/software vendor and a major financial institution, both of which had recently opened offices in China. Trustwave, who was providing cyber-security services for the UK software vendor, said it identified the malware after observing suspicious network requests originating its customer's network.

 

Learn more >

 

GuLoader: Peering Into a Shellcode-based Downloader

GuLoader, a malware family that emerged in the wild late last year, is written in Visual Basic 6 (VB6), which is just a wrapper for a core payload that is implemented as a shellcode. It is distributed via spam email campaigns with archived attachments that contain the malware. The majority of malware downloaded by GuLoader is commodity malware, with AgentTesla, FormBook, and NanoCore being the most predominant. This downloader typically stores its encrypted payloads on Google Drive.

 

Learn more >

 

Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files

They say a picture is worth a thousand words. Threat actors must have remembered that as they devised yet another way to hide their credit card skimmer in order to evade detection. Researchers found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores. This scheme would not be complete without yet another variation to exfiltrate stolen credit card data.

 

Learn more >

 

Blueliv Intelligence Briefing

Your cybersecurity news summary

Thursday,   June 25th,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices

New variant of powerful cryptojacking and DDoS-based malware is exploiting severe vulnerabilities in order to infect Windows machines. Dubbed Lucifer, the malware is part of an active campaign against Windows hosts and uses a variety of weaponized exploits in the latest wave of attacks, Palo Alto Networks' Unit 42 said on Wednesday.

 

Learn more >

 

CryptoCore A Threat Actor Targeting Cryptocurrency Exchanges

A hacking group known as CryptoCore has pulled off cryptocurrency heists worth $70 million, but research indicates that it may be an estimated value of over $200 million since 2018. This group targets cryptocurrency exchanges by conducting spear-phishing campaigns against employees and executives. The main goal of CryptoCore’s heists is to gain access to cryptocurrency exchanges’ wallets, be it general corporate wallets or wallets belonging to the exchange’s employees.

 

Learn more >

 

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

WastedLocker is a new ransomware locker we’ve detected being used since May 2020. We believe it has been in development for a number of months prior to this and was started in conjunction with a number of other changes we have seen originate from the Evil Corp group in 2020. Evil Corp were previously associated to the Dridex malware and BitPaymer ransomware, the latter came to prominence in the first half of 2017.

 

Learn more >

 

New ransomware posing as COVID‑19 tracing app targets Canada

New ransomware CryCryptor has been targeting Android users in Canada, distributed via two websites under the guise of an official COVID-19 tracing app provided by Health Canada. ESET researchers analyzed the ransomware and created a decryption tool for the victims. CryCryptor surfaced just a few days after the Canadian government officially announced its intention to back the development of a nation-wide, voluntary tracing app called COVID Alert.

 

Learn more >

 

Blueliv Intelligence Briefing

Your cybersecurity news summary

Tuesday,   June 23rd,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

Inside a TrickBot Cobalt Strike Attack Server

TrickBot is the successor of Dyre that, at first, was primarily focused on banking fraud, even reusing the same web-injection systems utilized by Dyre. TrickBot has since shifted focus to enterprise environments over the years, incorporating network profiling, mass data collection, and lateral traversal exploits. This focus shift is prevalent in their tertiary deliveries that target enterprise environments.

Learn more >

Hackers use Google Analytics to steal credit cards, bypass CSP

Hackers are using Google's servers and the Google Analytics platform to steal credit card information submitted by customers of online stores. A new method to bypass Content Security Policy (CSP) using the Google Analytics API disclosed last week has already been deployed in ongoing Magecart attacks designed to scrape credit card data from several dozen e-commerce sites.

Learn more >

Indiabulls Group hit by CLOP Ransomware, gets 24h leak deadline

Indian conglomerate Indiabulls Group has allegedly been hit with a cyberattack from the CLOP Ransomware operators who have leaked screenshots of stolen data. The CLOP Ransomware operators claimed to have breached Indiabulls and have posted screenshots of files that they have allegedly stolen during the attack. When performing a ransomware attack, the CLOP threat actors are known to steal unencrypted files before deploying the ransomware.

Learn more >

XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers

Researchers from TrendMicro have recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware and Kaiji DDoS malware. Having Docker servers as their target is a new development for both XORDDoS and Kaiji; XORDDoS is known for targeting Linux hosts on cloud systems, while recently discovered Kaiji first reported affecting internet of things (IoT) devices. Attackers usually used botnets to perform brute-force attacks after scanning for open Secure Shell (SSH) and Telnet ports.

Learn more >

Blueliv Intelligence Briefing

Your cybersecurity news summary

Monday,   June 22nd,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

Dark Basin Uncovering a Massive Hack-For-Hire Operation

Researchers give the name Dark Basin to a hack-for-hire organization that has targeted thousands of individuals and organizations on six continents, including senior politicians, government prosecutors, CEOs, journalists, and human rights defenders. With high confidence, we link Dark Basin to BellTroX InfoTech Services, an India-based technology company. Over the course of researchers' multi-year investigation, they found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy.

 

Learn more >

 

‘BlueLeaks’ Exposes Files from Hundreds of Police Departments

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals. The collection — nearly 270 gigabytes in total — is the latest release from Distributed Denial of Secrets (DDoSecrets), an alternative to Wikileaks that publishes caches of previously secret data.

 

Learn more >

 

Discord modified to steal accounts by new NitroHack malware

New malware is being distributed that pretends to be a hack that gets you the premium Discord Nitro service for free but instead steals user tokens saved in the various browsers, credit card information, and then tries to spread it to others. When you have an open platform like Discord that makes it easy to modify the JavaScript files utilized by the client, threat actors commonly abuse it to modify the client to perform malicious behavior.

 

Learn more >

 

Malwarebytes causing performance issues in Windows 10 2004

Since the release of Windows 10 2004, users have been reporting performance issues and crashes when Malwarebytes 4.1 is installed. In numerous reports to the Malwarebytes support forums since Windows 10 version 2004, the May 2020 Update, was released, users are reporting many problems with MBAM 4.1 installed. These issues range from random freezes, general slowness, video stuttering, blue screen of death crashes (BSOD), or Windows 10 becoming unresponsive.

 

Learn more >