<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

Author Archives:John Bambenek

Recent Posts

How to Mitigate Microsoft Windows Zero-Days Exploiting Enterprises & Giving Attackers Control

 

On top of the RDP vulnerability out there, additional Microsoft Windows zero-days are out there, which can exploit enterprises and give attackers full system control. The RDP vulnerability had the potential to be used in a WannaCry like worm. 

Read More

Share this:

Recent Bank IP Address Spoofing Exposes Problem with How Some Threat Feeds Are Generated

Last week, Cyberscoop reported that someone was launching a scan of the entire internet using packets spoofed with a source address of major American banks. That event is interesting in its own right, and follows an occasional pattern by which attackers occasionally try to manipulate the automation our industry uses to protect against attackers.

Read More

Share this:

(Stay Alert) Inside E-Mail Compromise: What Small & Medium Businesses Need to Know

Recently, we were contacted regarding two different incidents of Business Email Compromise (BEC), where there was an attempt to redirect wire transfers from individuals to another bank account. One was successful and the victim lost six figures, one was interdicted because of an attentive individual who picked up the phone to ask, “Uh, are you sure this is right?” This kind of fraud is increasing and are more specifically targeted towards smaller firms and individuals trying to redirect high-dollar transactions.

Read More

Share this:

2020 Census Target of Security Threats & 3 Critical Factors to Know

As people start thinking about completing the upcoming United States census online, security concerns have emerged. While there are unique threats to the Census because of the impact it has on budgeting and government, these concerns tell us a great deal about the security concerns of doing business online.

Read More

Share this:

How to Easily & Efficiently Secure Your Home DNS

Like many technologists who are also parents, I think a great deal on how best to protect my family online. Working for a security company, I have access to more tools than the average person, so recently I’ve implanted DNS security at home. I focused more on DNS because there are no “services” offered on my home network, and I’m mostly concerned more about my kids or wife clicking on a phishing link or similar outbound malicious traffic.

Read More

Share this:

Fake DocuSign Invoice Phish Leads to GoDaddy Domain Briefly Redirected to Chinese IP

Like many security researchers, I not only run my own mail servers, but I generally do not have spam filtering on many of them so I can see the interesting attacks that come in. Then, dig into them as time allows. Yesterday, I got an interesting take on the ever-present invoice maldocs campaign, this time it was spoofing a DocuSign email suggesting I had an invoice to sign.

 

Read More

Share this:

An Inside Look at the Infrastructure Behind the Russian APT Gamaredon Group

Recently, fellow researcher Vitali Kremez took a look at some new binaries from the Gamaredon Group. This is a Russian state-sponsored group that has been active since about 2013. The malware specifically is the Pteranodon implant, which provides a variety of functions such as remote command execution, downloading and executing other files, and collecting system data. It was the subject of a recent CERT UA blog post here (note: this site is in Ukrainian).

Read More

Share this:

Multiple Government Entities Targeted with Massive DNS Attacks

Image via Technology Times

In recent weeks, reports have emerged that various government entities have been the target of DNS hijacking attacks. These attacks would redirect those attempting to interact with legitimate government sites and instead send them to malicious infrastructure who could engage in phishing attacks, email theft, or a wide variety of misconduct.

Read More

Share this:

How Malvertising Leads to Fake Flash Malware

It’s no secret that the pervasiveness of ad networks has greatly diminished the web browsing experience in recent years. With this has also come criminals and other miscreants who are using the drive for web advertising revenue to deliver malware.

Read More

Share this:

Attackers Are Targeting Healthcare: Here's 4 Things You Need to Do Now

In the third quarter of 2018 alone, 4.4 million patient records were compromised across 117 disclosed health data breaches. This shows that health care continues to be targeted by criminals. The largest breach was UnityPoint, with 1.4 million records compromised.

Read More

Share this:

Home Page

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter