••• All important news related to new attacks and see the solutions we can offer you •••
New Kimsuky Module Makes North Korean Spyware More PowerfulLees het originele artikel hier
A week after the US government issued an advisory about a "global intelligence gathering mission" operated by North Korean state-sponsored hackers, new findings have emerged about the threat group's spyware capabilities.
The APT - dubbed "Kimsuky" (aka Black Banshee or Thallium) and believed to be active as early as 2012 - has been now linked to as many as three hitherto undocumented malware, including an information stealer, a tool equipped with malware anti-analysis features, and a new server infrastructure with significant overlaps to its older espionage framework
'Act of War' Clause Could Nix Cyber Insurance PayoutsLees het originele artikel hier
The indictment of six members of the Russian military for the NotPetya ransomware attack places companies on notice that insurance "is not a get-out-of-jail-free card."
Last week, insurers' arguments gained more weight when the US indicted six members of the Russian military for a variety of cyber operations, including the NotPetya wiper attack that disrupted business operations worldwide. Damages from those attacks are at the heart of major lawsuits against insurance companies, including a $1.3 billion legal action brought by pharmaceutical giant Merck against a collection of insurers and a $100 million lawsuit brought by food and beverage conglomerate Mondelez against Zurich Insurance.
In both cases, insurers claim the NotPetya attack represented a hostile act by a sovereign power, preventing any payout.
Abbadon remote access trojan (RAT) gets commands via DiscordLees het originele artikel hier
The new 'Abaddon' remote access trojan may be the first to use Discord as a full-fledged command and control server that instructs the malware on what tasks to perform on an infected PC.
Abaddon implements data-stealing feature, it was designed to steal multiple data from the infected host, including Chrome cookies, saved credit cards, and credentials, Steam credentials, Discord tokens and MFA information.
The malware also collects system information such as country, IP address, and hardware information.
According to Bleeping Computer the malware supports the following commands:
- Steal a file or entire directories from the computer
- Get a list of drives
- Open a reverse shell that allows the attacker to execute commands on the infected PC.
- Launch in-development ransomware (more later on this).
- Send back any collected information and clear the existing collection of data.