Winson Digital Techniques

  Taiwanese PC company MSI (short for Micro-Star International) officially confirmed it was the victim of a cyber attack on its systems. The company said it "promptly" initiated incident response and recovery measures after detecting "network anomalies." It also said it alerted law enforcement agencies of the matter. That said, MSI did not disclose any specifics about when the attack took place and if it entailed the exfiltration of any proprietary information, including source code. "Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business," the company said in a brief notice shared on Friday. In a regulatory filing with the Taiwan Stock Exchange, it said that it's setting up enhanced controls of its network and infrastructure to ensure the security of data. MSI is further urging users to obtain firmware/BIOS updates only from its official website and refrain from downloading files from...

The Iranian nation-state group known as  MuddyWater  has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation. That's according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud infrastructures in partnership with another emerging activity cluster dubbed  DEV-1084 . "While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the unrecoverable actions show destruction and disruption were the ultimate goals of the operation," the tech giant revealed Friday. MuddyWater is the name assigned to an Iran-based actor that the U.S. government has publicly connected to the country's Ministry of Intelligence and Security (MOIS). It's been known to be active since at least 2017. It's also tracked by the cybersecurity community under various names, including Boggy Serpens, Cobalt Ulste...

  In yet another sign that Telegram is increasingly becoming a   thriving hub   for cybercrime, researchers have found that threat actors are using the messaging platform to peddle phishing kits and help set up phishing campaigns. "To promote their 'goods,' phishers create Telegram channels through which they educate their audience about phishing and entertain subscribers with polls like, 'What type of personal data do you prefer?'," Kaspersky web content analyst Olga Svistunova said in a report published this week. The links to these Telegram channels are distributed via YouTube, GitHub, and the phishing kits that are developed by the crooks themselves. The Russian cybersecurity firm said it detected over 2.5 million malicious URLs generated using phishing kits in the past six months. One of the prominent services offered is to provide threat actors with Telegram bots that automate the process of generating phishing pages and collecting user data. Although it...

  A coordinated international law enforcement operation has dismantled Genesis Market, an illegal online marketplace that specialized in the sale of stolen credentials associated with email, bank accounts, and social media platforms. Coinciding with the infrastructure seizure, the major crackdown, involved authorities from 17 countries, culminating in 119 arrests and 208 property searches in 13 nations. However, the .onion mirror of the market appears to be still up and running. The "unprecedented" law enforcement exercise has been codenamed  Operation Cookie Monster . Genesis Market, since its inception in March 2018, evolved into a major hub for criminal activities, offering access to data stolen from over 1.5 million compromised computers across the world totaling more than 80 million credentials. A majority of infections associated with Genesis Market-related malware have been detected in the U.S., Mexico, Germany, Turkey, Sweden, Italy, ...

  Every year hundreds of millions of malware attacks occur worldwide, and every year businesses deal with the impact of viruses, worms, keyloggers, and ransomware. Malware is a pernicious threat and the biggest driver for businesses to look for cybersecurity solutions. Naturally, businesses want to find products that will stop malware in its tracks, and so they search for solutions to do that. But malware protection alone is not enough, instead what's needed is a more holistic approach. Businesses need to defend against malware entering the network, and then on top of that have systems and processes in place to restrict the damage that malware can do if it infects a user device. This approach will not only help stop and mitigate the damage from malware, but defend against other types of threats too, such as credential theft as a result of phishing, insider threats, and supply-chain attacks. Malware Protection and Web Filtering # The first and most sensible place to begin ...

  Portuguese users are being targeted by a new malware codenamed   CryptoClippy   that's capable of stealing cryptocurrency as part of a malvertising campaign. The activity leverages SEO poisoning techniques to entice users searching for "WhatsApp web" to rogue domains hosting the malware, Palo Alto Networks Unit 42 said in a new report published today. CryptoClippy, a C-based executable, is a type of cryware known as clipper malware that monitors a victim's clipboard for content matching cryptocurrency addresses and substituting them with a wallet address under the threat actor's control. "The clipper malware uses regular expressions (regexes) to identify what type of cryptocurrency the address pertains to," Unit 42 researchers said. "It then replaces the clipboard entry with a visually similar but adversary-controlled wallet address for the appropriate cryptocurrency. Later, when the victim pastes the address from the clipboard to cond...

Clouded vision CTI systems are confronted with some major issues ranging from the size of the collection networks to their diversity, which ultimately influence the degree of confidence they can put on their signals. Are they fresh enough and sufficiently reliable to avoid any false positives or any poisoning? Do I risk acting on outdated data? This difference is major since a piece of information is just a decision helper, whereas a piece of actionable information can directly be weaponized against an aggressor. If raw data are the hayfields, information is the haystacks, and needles are the actionable signal. To illustrate the collection networks' size & variety point, without naming anyone in particular, let's imagine a large CDN provider. Your role is to deliver, on a massive scale, content over HTTP(s). This attracts a lot of "attention" and signals, but only on the HTTP layer. Also, any smart attacker will probably avoid probing your IP ranges (which are pub...