Alerts

213,000 Bruneian Facebook Users' Info Leaked Online admin 05 Apr 2021

Background

The personal data of over 500 million Facebook users has been posted online in a low-level hacking forum, making it widely accessible to anyone. Researchers have found approximately 213,000 Bruneian records might be exposed to data leakage. The leak includes personal information such as phone numbers, full names, location, email address, birthdates, and biographical information.

Impact

[ALERT] Advisory on Emergency patches for zero-day exploits in Microsoft Exchange admin 04 Mar 2021

Background

[ALERT] ADVISORY ON HELLO (WICKRME) RANSOMWARE irteam 06 Feb 2021

BACKGROUND

A brand new ransomware variant called .hello ransomware or WickrMe Ransomware uses a Microsoft SharePoint 2019 vulnerability (CVE-2019-0604) to enter the victims’ network. From there, the threat actor leverages Cobalt Strike to pivot to the domain controller and launch ransomware attacks.

.hello (WickrMe) ransomware encrypts files and appends the ".hello" extension. For example, it renames a file named "1.jpg" to "1.jpg.hello", "2.jpg" to "2.jpg.hello", etc.

[ALERT] ADVISORY ON RANSOM DDOS ATTACKS irteam 29 Jan 2021

Background

Ransomware groups are now using DDoS attacks as a negotiation tactic to increase pressure on victims who do not cooperate in paying the ransom. This "Triple Extortion" strategy has recently been used by ransomware operators SunCrypt, RagnarLocker, and Avaddon.

[ALERT] ADVISORY ON DREAMBUS BOTNET irteam 25 Jan 2021

BACKGROUND

A new botnet named DreamBus is a malware with worm-like behavior that can propagate itself both across the Internet and literally through compromised internal networks using a variety of techniques. It installs the XMRig crypto miner on powerful enterprise-class Linux and Unix systems with the goal of using their computing power to Mine Monero cryptocurrency.