••• All important news related to new attacks and see the solutions we can offer you •••
PyMICROPSIA: New Information Stealing Trojan from AridViper
Unit 42 researchers have been tracking the threat group AridViper, which has been targeting the Middle Eastern region. As part of this research, a new information-stealing Trojan with relations to the MICROPSIA malware family has been identified, showing that the actor maintains a very active development profile, creating new implants that seek to bypass the defenses of their targets.
PyMICROPSIA has a rich set of information-stealing and control capabilities, including:
- File uploading.
- Payload downloading and execution.
- Browser credential stealing. Clearing browsing history and profiles.
- Taking screenshots.
- Compressing RAR files for stolen information.
- Collecting process information and killing processes.
- Collecting file listing information.
- Deleting files.
- Rebooting machine.
- Collecting Outlook .ost file. Killing and disabling Outlook process.
- Deleting, creating, compressing and exfiltrating files and folders.
- Collecting information from USB drives, including file exfiltration.
- Audio recording.
- Executing commands.
UK firm NOW: Pensions tells 1.7 million customers a 'service partner' leaked their data all over 'public software forum'Lees het originele artikel hier
Workplace pension provider NOW: Pensions has emailed its near 1.7 million UK customers to warn about a data leakage caused by contractor error.
The email, seen by this publication, claims a service provider "unintentionally" posted user data to an unnamed "public software forum". These records include biographical data (names, email addresses, and dates of birth) as well as National Insurance numbers. According to the pension provider, the data was obtained by "a small number" of third parties.
NOW: Pensions said the records were only visible for "a short time". This apparently means three days, with the company saying the data was exposed between 11 and 14 December.
Supply Chain Cyber Attack on Strategic Logistics Software Company “Amital”Lees het originele artikel hier
An attack on the servers at the software company Amital led to subsequent infiltration to about 40 other Israeli Logistics companies. The lack of a ransom note or any other indicator of a financial gain motivated attack lead the investigators to believe it might be a strategic attack.
According to an article published this morning in the leading Israeli Finance news site “Calcalist”, the attackers hacked into Amital’s servers, and gained access to its list of customers and credentials to access their networks.
Besides Amital, another 15-20 logistics companies were hacked (which aren’t related to Amital) this again raises the suspicion of a national cyber attack and not cybercrime.