Last week we came across ransomware with unique evasion techniques in a new variant, or possibly a copycat, of the MedusaLocker ransomware. MedusaLocker ransomware, first seen in September 2019, came with a batch file to evade detection. Batch files contain script commands running in a Command Prompt on Windows machines and have the .bat extension. In the malicious … [Read more...]
Vulnerability Research Into VPN Software
Last week Jan Youngren from VPNpro wrote about several vulnerabilities his team found in the client software of various VPN service providers. He didn't investigate the protocols used for VPNs but looked at the rest of the software, like how they setup connections and install updates. Many VPN clients have a mechanism to connect back to the provider and retrieve … [Read more...]
Chase Bank Scams Target Our Own
The other day, a WatchGuard employee received a text alert stating that Chase bank had limited access to their account. They right away knew the message was bogus and offered it to us to investigate. We found the link within the message sends the user to a fake Chase login. Fortunately, the employee knew better and didn't follow the link in the text message, but others might … [Read more...]
State Sponsored, and Other COVID-19 Attacks We Know About
Over the past few months, we’ve found multiple reports of nation state hackers training to gather more information on COVID-19. We've read reports about numerous attempts from various actors targeting the WHO (World Health Organization), China, and other organizations related to combating the pandemic. Some attacks seem to look for information hidden by governments on … [Read more...]
Don’t “Zoom” Through This Phishing Attempt
Yesterday AbnormalSecurity reported a phishing site that cybercriminals designed to capture Zoom and company login credentials. We visited this site, so you don't have to. The phishing attempt starts off when the victim receives an email about a Zoom meeting starting soon. You can see a copy of this email here provided by AbnormalSecurity. In the email, the meeting purpose … [Read more...]
