••• All important news related to new attacks and see the solutions we can offer you •••
'Act of War' Clause Could Nix Cyber Insurance PayoutsRead the original article here
The indictment of six members of the Russian military for the NotPetya ransomware attack places companies on notice that insurance "is not a get-out-of-jail-free card."
Last week, insurers' arguments gained more weight when the US indicted six members of the Russian military for a variety of cyber operations, including the NotPetya wiper attack that disrupted business operations worldwide. Damages from those attacks are at the heart of major lawsuits against insurance companies, including a $1.3 billion legal action brought by pharmaceutical giant Merck against a collection of insurers and a $100 million lawsuit brought by food and beverage conglomerate Mondelez against Zurich Insurance.
In both cases, insurers claim the NotPetya attack represented a hostile act by a sovereign power, preventing any payout.
Abbadon remote access trojan (RAT) gets commands via DiscordRead the original article here
The new 'Abaddon' remote access trojan may be the first to use Discord as a full-fledged command and control server that instructs the malware on what tasks to perform on an infected PC.
Abaddon implements data-stealing feature, it was designed to steal multiple data from the infected host, including Chrome cookies, saved credit cards, and credentials, Steam credentials, Discord tokens and MFA information.
The malware also collects system information such as country, IP address, and hardware information.
According to Bleeping Computer the malware supports the following commands:
- Steal a file or entire directories from the computer
- Get a list of drives
- Open a reverse shell that allows the attacker to execute commands on the infected PC.
- Launch in-development ransomware (more later on this).
- Send back any collected information and clear the existing collection of data.
T-RAT 2.0 Telegram-controlled RAT, a new security threatRead the original article here
T-RAT 2.0 is a Trojan being advertised and sold on Russian forums, according to a posting on the G DATA Security Blog.
The most notable feature of T-RAT 2.0 is that it can be controlled using the Telegram app.
Apparently, here’s what T-RAT 2.0 can do to your system, once it infects it:
- Retrieve cookies and passwords from your browser
- Grant the attacker full access to your file system
- Perform audio recordings (requires an audio input device such as a microphone)
- Log your keystrokes
- Disable your Taskbar
- Use your webcam to perform video recordings or take pictures
- Fetch clipboard content
- Snap screenshots of your current view
- Disable your Task Manager
- Hijack transactions for several services, including Ripple, Dogecoin, Qiwi, and Yandex.Money
- Execute CMD & PowerShell commands
- Restrict your access to various websites and services
- Forcefully terminate processes on your computer
- Use RDP and/or VNC to perform additional remote control operations
More so, it’s compatible with most Chromium-based browsers (v80 and up), and its Stealer component supports the following apps:
- FileZilla XML