Cyber Security News — Past 24 hours | 05.07.2021

TrickBot Botnet Found Deploying A New Ransomware Called Diavol

Threat actors behind the infamous TrickBot malware have been linked to a new ransomware strain named «Diavol,» according to the latest research.
Diavol and Conti ransomware payloads were deployed on different systems in a case of an unsuccessful attack targeting one of its customers earlier this month, researchers from Fortinet’s FortiGuard Labs said last week.
TrickBot, a banking Trojan first detected in 2016, has been traditionally a Windows-based crimeware solution, employing different modules to perform a wide range of malicious activities on target networks, including credential theft and conduct ransomware attacks.
The source of intrusion remains unknown as yet. What’s clear, though, is that the payload’s source code shares similarities with that of Conti, even as its ransom note has been found to reuse some language from Egregor ransomware.
«As part of a rather unique encryption procedure, Diavol operates using user-mode Asynchronous Procedure Calls without a symmetric encryption algorithm,» the researchers said. Prior to locking files and changing the desktop wallpaper with a ransom message, some of the major functions carried out by Diavol include registering the victim device with a remote server, terminating running processes, finding local drives and files in the system to encrypt, and preventing recovery by deleting shadow copies.

Source —

Getting Started with Security Testing: A Practical Guide for Startups

A common misconception among startup founders is that cybercriminals won’t waste time on them, because they’re not big or well known enough yet.
But just because you are small doesn’t mean you’re not in the firing line.

Vulnerability Assessment: an automated security test using tools to scan your systems or applications for security issues.

Why Perform Security Testing?

Veracode’s State of Software Security Report revealed that 83% of the study sample, comprising 85,000 software applications used by 2,300 companies worldwide, had at least one security vulnerability discovered during an initial security test. Without the test, these flaws would have been released into production, making the software vulnerable to cyber attacks.

Think about Strategy before Individual Security Tests

Every company is unique, and for that reason, your risk will be unique to you.

If you don’t store particularly sensitive data

For example, you might provide a website uptime monitoring tool and don’t store particularly sensitive data.

If you store customer data

‍Maybe you’re a marketing data analysis platform, so you may face less threats from insiders and criminal gangs, but you certainly need to worry about customers accessing each other’s data or a general data breach.

What do you need to protect?

Ideally, before planning the security testing itself, you should consider what assets you have, both technical and informational, a process known as «asset management».

How Often Should a Startup Perform Security Testing?

It depends on the type of test! Clearly, the benefit of automated tests is they can be run as regularly as you want.

You can choose from several types of vulnerability scanners — network-based, agent-based, web application, and infrastructure.

What are the Benefits of Vulnerability Assessment?

Vulnerability assessment aims to automatically uncover as many security flaws as possible so these can be mitigated before threat actors can get to them.

When to run a penetration test?

Pen testers mimic real-life cyber attackers, but unlike threat actors, they follow a predefined scope and do not abuse the organization’s assets and data. Compared to vulnerability scanning, they are much more likely to uncover complicated or high-impact business-layer weaknesses, such as manipulating product pricing, using a customer account to access another customer’s data, or pivoting from one initial weakness into full system control.


Security testing is a critical cybersecurity process that aims to detect vulnerabilities in systems, software, networks, and applications. Its most common forms are vulnerability assessment and penetration testing, but the goal is always to address security flaws before malicious actors can exploit them.

Source —

Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities

Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France as part of a global phishing and credit card fraud scheme.
The two-year investigation, dubbed Operation Lyrebird by the international, intergovernmental organization, resulted in the arrest of a Moroccan citizen nicknamed Dr HeX, cybersecurity firm Group-IB disclosed today in a report shared with The Hacker News.
The credentials entered by unsuspecting victims on the fake web page were then redirected to the perpetrator’s email. At least three different phishing kits presumably developed by the threat actor have been extracted.
The scripts included in the phishing kit contained the name Dr HeX and the individual’s contact email address, using which the cybercriminal was eventually identified and deanonymized, in the process uncovering a YouTube channel as well as another name used by the adversary to register at least two fraudulent domains that were used in the attacks.
Additionally, Group-IB said it was also able to map the email address to the malicious infrastructure employed by the accused in various phishing campaigns, of which included as many as five email addresses, six nicknames, and his accounts on Skype, Facebook, Instagram, and YouTube.

Source —

Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers

technology firm Kaseya, which is firefighting the largest ever supply-chain ransomware strike on its VSA on-premises product, ruled out the possibility that its codebase was unauthorizedly tampered with to distribute malware. While initial reports raised speculations that the ransomware gang might have gained access to Kaseya’s backend infrastructure and abused it to deploy a malicious update to VSA servers running on client premises, in a modus operandi similar to that of the devastating SolarWinds hack, it has since emerged that a never-before-seen security vulnerability in the software was leveraged to push ransomware to Kaseya’s customers. «This allowed the attackers to leverage the standard VSA product functionality to deploy ransomware to endpoints. » Hackers associated with the Russia-linked REvil ransomware-as-a-service group initially demanded $70 million in Bitcoins to release a decryptor tool for restoring all the affected businesses’ data, although they have swiftly lowered the asking price to $50 million, suggesting a willingness to negotiate their demands in return for a lesser amount.

«REvil ransomware has been advertised on underground forums for three years and it is one of the most prolific RaaS operations,» Kaspersky researchers said Monday, adding «the gang earned over $100 million from its operations in 2020». «Exe utility to decode a malicious executable that drops a legitimate Microsoft binary and malicious library , which is the REvil ransomware. » .

Source —




First they begin with Us..

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Infinite Launch Airdrop Announcement

Smart Contract Security Newsletter #41

Analysis of Popsicle Finance Lightning Loan Attack

{UPDATE} Beat Racer-Beats the world! Hack Free Resources Generator

Knowsec Blockchain Lab | In-depth understanding of denial of service vulnerabilities

DODO and ACoconut pools coming online

{UPDATE} 口袋湖南麻将 Hack Free Resources Generator


Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


First they begin with Us..

More from Medium

Secondhand World: A Handbook of Global Yard Sale Investigations

January Highlights

FAKE: This image of a ‘Reversible’ Durex condom pack is doctored