<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

Author Archives:John Bambenek

Recent Posts

Fake DocuSign Invoice Phish Leads to GoDaddy Domain Briefly Redirected to Chinese IP

Like many security researchers, I not only run my own mail servers, but I generally do not have spam filtering on many of them so I can see the interesting attacks that come in. Then, dig into them as time allows. Yesterday, I got an interesting take on the ever-present invoice maldocs campaign, this time it was spoofing a DocuSign email suggesting I had an invoice to sign.

 

Read More

Share this:

An Inside Look at the Infrastructure Behind the Russian APT Gamaredon Group

Recently, fellow researcher Vitali Kremez took a look at some new binaries from the Gamaredon Group. This is a Russian state-sponsored group that has been active since about 2013. The malware specifically is the Pteranodon implant, which provides a variety of functions such as remote command execution, downloading and executing other files, and collecting system data. It was the subject of a recent CERT UA blog post here (note: this site is in Ukrainian).

Read More

Share this:

Multiple Government Entities Targeted with Massive DNS Attacks

Image via Technology Times

In recent weeks, reports have emerged that various government entities have been the target of DNS hijacking attacks. These attacks would redirect those attempting to interact with legitimate government sites and instead send them to malicious infrastructure who could engage in phishing attacks, email theft, or a wide variety of misconduct.

Read More

Share this:

How Malvertising Leads to Fake Flash Malware

It’s no secret that the pervasiveness of ad networks has greatly diminished the web browsing experience in recent years. With this has also come criminals and other miscreants who are using the drive for web advertising revenue to deliver malware.

Read More

Share this:

Attackers Are Targeting Healthcare: Here's 4 Things You Need to Do Now

In the third quarter of 2018 alone, 4.4 million patient records were compromised across 117 disclosed health data breaches. This shows that health care continues to be targeted by criminals. The largest breach was UnityPoint, with 1.4 million records compromised.

Read More

Share this:

Universities Beware: Attackers Are Getting Savvy with Fake Cyber Security Courses

Is your university protected? Iranian hackers attempted to attack U.K. universities with fake, government-certified cyber security courses. They accessed at least one college account.

Read More

Share this:

These Factors MUST Work For Every Successful Ransomware Attack. DNS is Always Involved.

A government agency that found itself infected with ransomware and having to pay the ransom to restore service. Another local agency has opted not to pay the ransom and restore operations. Ransomware targeted at organizations is still a threat and even with backups, you have a highly disruptive and public event to try to get back online that comes with serious costs and potentially lost revenue.

Read More

Share this:

Bite Size Security News: Now Is The Time For Zero Trust Security

Zero Trust Networking is that all network communication should be considered untrusted unless otherwise designated as safe (i.e. with authentication, a known source, or other criteria).

Read More

Share this:

Bite Size Security News: Apple Denies Cybersecurity Breach to Congress

Summary

Read More

Share this:

Bite Size Security News: What Facebook's Breach Means

Organizations store and maintain more consumer data than ever and the failure to protect it (or having it breached) can mean real losses. One estimate suggests Facebook may by on the hook for over a $1B USD fine for the current breach.

Read More

Share this:

Home Page

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter