Apr 11, 2022 | Archive
Over the last two weeks, we saw that “from the beginning of 2022, we have dealt with six different strains of wiper malware targeting Ukraine: WhisperKill, WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, and DoubleZero. These attacks are notable on their...
Mar 31, 2022 | Archive
Over the last two weeks, we saw that KELA published a report on ransomware operators’ overall trends and movements over 2021. The cybersecurity firm says that the number of major organizations tracked as ransomware victims increased from 1460 to 2860. In addition,...
Mar 15, 2022 | Archive
Over the last couple of weeks we saw On February 24, 2022, Anonymous — a global collective of hackers — announced it was launching a cyber operation against Russian President Vladimir Putin and the Russian state for invading Ukraine. At 2:50 PM EST on February 24,...
Mar 4, 2022 | Cybersecurity News, Malware, Malware Patrol Services, Ransomware
In information security, the ability to predict and adapt to the behaviors of criminals can help organizations improve defense strategies against cyber threats.We can do this through the use of threat intelligence where data comprised of past and current indicators of...
Feb 28, 2022 | Archive
Over the past two weeks, we saw that Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO) routers, and network-attached storage (NAS) devices. In...
Feb 26, 2022 | Configuration Guide, Malware Patrol Services
Malware Patrol + FortiSIEMMalware Patrol offers (5) Enterprise* feeds formatted for integration into FortiSIEM. This allows users to combine the quality of Fortinet’s SIEM security platform with the protection from our threat intelligence. Customers can choose...
Feb 20, 2022 | Configuration Guide, Malware Patrol Services
pfSense The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and it also includes third-party free software packages for additional functionality. pfSense software, with the help of the package system,...
Feb 14, 2022 | Archive
Over the past two weeks, we saw “FritzFrog”, a peer-to-peer (P2P) botnet, which means its command and control server is not limited to a single, centralized machine, but rather can be done from every machine in its distributed network. And also, Qualys...
Feb 11, 2022 | Cybersecurity News
Bots don’t sleep, ransomware finds new ways to infiltrate systems and yesterday’s defenses may be ineffective tomorrow. Cybersecurity requires vigilance. But vigilance alone won’t suffice. That’s why threat researchers and enterprise security...
Jan 31, 2022 | Archive
Over the last two weeks, Varonis Threat Labs has observed one such RaaS provider, ALPHV (aka BlackCat ransomware), gaining traction since late 2021, actively recruiting new affiliates and targeting organizations across multiple sectors worldwide. In addition, we...
Jan 17, 2022 | Archive
Over the past two weeks, we saw the operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020, it was observed targeting only Windows systems....
Jan 4, 2022 | Archive
Over the past two weeks, we saw that AvosLocker is a relatively new ransomware-as-a-service. The Sophos Rapid Response team has so far seen AvosLocker attacks in the Americas, Middle East, and Asia-Pacific, targeting Windows and Linux systems. In addition, we also saw...
Dec 20, 2021 | Archive
Over the last two weeks, we saw the ten families of malicious samples are spreading using the Log4j2 vulnerability Now. NetLab published a blog disclosing Mirai and Muhstik botnet samples propagating through Log4j2 RCE vulnerability. You will also find here the...
Dec 6, 2021 | Archive
Over the last 2 weeks we saw A new parasitic malware targets the popular Nginx web server, Sansec discovered. This novel code injects itself into a host Nginx application and is nearly invisible. Sansec also discovered a sophisticated threat that is packed with...
Nov 22, 2021 | Archive
Over the past 2 weeks, we observed a QAKBOT operators resumed email spam operations towards the end of September after an almost three-month hiatus. The Federal Bureau of Investigation (FBI) email servers were hacked to distribute spam email impersonating FBI warnings...
Nov 19, 2021 | Phishing
Black Friday is coming and threat actors are already surfing this wave of retail insanity. Not surprisingly, phishing remains an effective way to lure users into handing over their bank credentials and credit card data. Popular brands are often used as bait.Last year...
Nov 18, 2021 | Configuration Guide, Malware, Malware Patrol Services, Phishing, Ransomware
MISP is a threat intelligence platform for gathering, sharing, storing, and correlating indicators of compromise of targeted attacks, threat intelligence, financial fraud information, and vulnerability information.It can be configured to ingest MISP-formatted data...
Nov 13, 2021 | Configuration Guide, Malware Patrol Services
FortiGate NGFWs deliver industry-leading enterprise security for any edge at any scale with full visibility and threat protection. Organizations can weave security deep into the hybrid IT architecture and build security-driven networks to achieve:Ultra-fast security,...
Nov 8, 2021 | Archive
Over the last two weeks, we observed a new threat referred to as “SQUIRRELWAFFLE†is being spread more widely via spam campaigns, infecting systems with a new malware loader. In addition, Black Friday, one of the biggest retail spending days of the year, is fast...
Oct 25, 2021 | Archive
Over the past two weeks, we saw New PurpleFox botnet variant uses WebSockets for C2 communication. In addition, since July 2021, malicious cyber actors have used BlackMatter ransomware to target multiple U.S. critical infrastructure entities, including a U.S. Food and...
Oct 20, 2021 | Configuration Guide
Malware Patrol provides a Mikrotik-compatible version of our Malicious Domains and the Tor Exit Nodes data feeds. In this Mikrotik router configuration guide, you will find all the steps necessary. However, feel free to contact our support if you need any...
Oct 15, 2021 | Malware, Malware Patrol Services, Ransomware
Malware Patrol’s CEO Andre Correa was recently interviewed by Dana Mantilia from Identity Protection Planning. They discussed the basics – and more – about ransomware:What is Ransomware?What should a company do in the case of an attack?Why is paying...
Oct 11, 2021 | Archive
Malware patrol selected some relevant cybersecurity news over the past 2 weeks. A survey of cyber investigators and antiabuse service providers to understand how ICANN’s application of the European Union’s General Data Protection Regulation (GDPR) has impacted the...
Sep 27, 2021 | Archive
In the past 2 weeks, CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks. Also, following a recent Incident Response,...
Sep 13, 2021 | Archive
In the first 2 weeks of September, we saw the LockFile is a new ransomware family that emerged in July 2021 following the discovery in April 2021 of the ProxyShell vulnerabilities in Microsoft Exchange servers. Also, ransomware groups have shown no signs of slowing...
Aug 30, 2021 | Archive
In the last 2 weeks of August, we saw campaigns use a multitude of infection components to deliver two widely popular commodity malware and remote access trojans (RATs): njRAT and AsyncRAT. Also, campaigns use a multitude of infection components to deliver two widely...
Aug 19, 2021 | Cybersecurity News, Malware, Ransomware
Everyone wants to know how to protect against ransomware – 2021 is the year of ransomware! The Colonial Pipeline attack shutdown a major oil distribution line and held it for ransom. Kaseya, a software vendor, was targeted with a $70 million ransom in bitcoin on...
Aug 16, 2021 | Archive
In this first half of August, we saw that during Cyble’s routine Open-Source Intelligence (OSINT) research, we came across a malware posted by a researcher on Twitter. Also, a new Android trojan, dubbed FlyTrap, that’s spread to more than 10,000 victims via rigged...
Aug 2, 2021 | Archive
Over the past two weeks, we saw that the Government sanctioned cyber-surveillance is back in the news, following an exposé that reveals how commercial malware is being used by authoritarian regimes used to target activists, politicians, and journalists. Also, we...
Jul 28, 2021 | Malware Patrol Services, Press Release
Updated on 2022.03.22 – Bandura Cyber now is ThreatBlockr.Press Release  St. Petersburg, FL, July 28, 2021 — Malware Patrol, the veteran threat intelligence company, announced today that they now offer data feeds through the ThreatBlockr (formerly known...
Jul 19, 2021 | Archive
Over the past 2 weeks, we saw Threat actors behind the infamous TrickBot malware have been linked to a new ransomware strain named “Diavol,â€. Also, a new malware that targets online gambling companies in China via a watering hole attack, in which visitors are...
Jul 5, 2021 | Cybersecurity News, Malware
Malware patrol selected some relevant news over the past 2 weeks. Microsoft has confirmed signing a malicious driver being distributed within gaming environments. “Netfilter,†a rootkit that was observed communicating with Chinese command-and-control (C2) IPs....
Jun 21, 2021 | Cybersecurity News, Malware, Phishing
In the last two weeks of June, we saw the Japanese multinational conglomerate Fujifilm said it has refused to pay a ransom demand to the cyber gang that attacked its network in Japan. “Fujifilm Corporation in Tokyo does not comment on the demand but I can confirm we...
Jun 16, 2021 | Cybersecurity News, Malware, Malware Patrol Services
Cyber Threat Intelligence (CTI) is one of the main pillars of cybersecurity. Although it is not the answer to all problems, CTI is one of the most relevant tools for the prevention, detection, and response to cyberattacks. In this article, we will clarify why it is...
Jun 7, 2021 | Archive
At the end of March and beginning of June, we saw the Evolution of the JSWorm ransomware, the ransomware threat landscape has been gradually changing. We have been witness to a paradigm shift. Also, the Bizarro banking malware targets 70 banks in Europe and South...
