Latest News

2021/05/10

Major U.S. Pipeline Crippled in Ransomware Attack

Colonial Pipeline Company says it is the victim of a cyberattack that forced the major provider of liquid fuels to the East Coast to temporarily halted all pipeline operations.

A ransomware attack is being blamed for halting pipeline activities for the Colonial Pipeline Company, which supplies the East Coast with roughly 45 percent of it liquid fuels.

In a statement released Saturday, the Colonial Pipeline Company said it temporarily halted pipeline operations in response to a cyberattack impacting the company on Friday.
2021/05/05

New Pingback Malware Using ICMP Tunneling to Evade C&C Detection

Researchers on Tuesday disclosed a novel Pingback Malware that uses a variety of tricks to stay under the radar and evade detection, while stealthily capable of executing arbitrary commands on infected systems.

Called ‘Pingback,’ the Windows malware leverages Internet Control Message Protocol (ICMP) tunneling for covert bot communications, allowing the adversary to utilize ICMP packets to piggyback attack code, according to an analysis published today by Trustwave.
2021/05/04

New Attacks Slaughter All Spectre Defenses

All defenses against Spectre side-channel attacks can now be considered broken, leaving billions of computers and other devices just as vulnerable today as they were when the hardware flaw was first announced three years ago.

A paper published on Friday by a team of computer scientists from the University of Virginia and the University of California, San Diego, describes how all modern AMD and Intel chips with micro-op caches are vulnerable to this new line of attack, given that it breaks all defenses. That includes all Intel chips that have been manufactured since 2011, which all contain micro-op caches.
2021/05/04

Researchers Explore Active Directory Attack Vector

Incident responders who investigate attacks targeting Active Directory discuss methods used to gain entry, elevate privileges, and control target systems.
Active Directory is a massive and complex attack surface that has long been a prime target for criminals seeking valuable privileges and data. Incident responders find the service is involved in the bulk of attacks they investigate, underscoring major security challenges for defenders.
2021/04/29

Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware

Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research.

The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious.

"The biggest risk for the targeted companies and individuals is the fact that security solutions still have a lot of problems with detecting malicious Excel 4.0 documents, making most of these slip by conventional signature based detections and analyst written YARA rules," researchers from ReversingLabs said in a report published today.