Among the many malware families wreaking havoc for Windows users is Agent Tesla, a keylogger, information stealer and spyware that was first discovered in 2014. According to MITRE ATT&CK, Agent Tesla has employed various techniques ranging from collecting account information from a victim’s machine to using HTTP and SMTP for C2 communications. It can steal […]
The Associated Press recently reported that email addresses of top DHS officials had been compromised as part of the massive SolarWinds hack. According to a DHS spokesperson, “a small number of employees’ accounts were targeted in the breach” and the agency “no longer sees indicators of compromise on our networks.” But what does that actually […]
Banking Trojans are a dime a dozen, making it difficult to keep track of the myriad ways that an adversary can drop a payload. We recently wrote about Ramnit, a Trojan botnet, which has evolved over time. Similarly, another Trojan targeting the financial sector, IcedID, also known as BokBot, was discovered in 2017 by IBM […]
Undoubtedly, news that a Florida water plant had been hacked raised a lot of alarms outside the cybersecurity industry. The idea that a water source could be contaminated hit home for many Americans, highlighting the vulnerability of the nation’s utilities and critical infrastructure. But this attack came as no surprise to security experts. It was […]
Over a decade ago, security researchers at Microsoft identified a computer worm and dubbed it Ramnit. The malware family, “infects Windows executable files (.EXE) and HTML files (.HTML). It can also give a malicious hacker access to your PC. It spreads through infected removable drives, such as USB flash drives,” Microsoft warned. Fast forward to […]
Last October, a threat actor known as UNC1878 made headlines for a widespread criminal campaign targeting the healthcare industry (and other organizations) around the world. Over three months have passed since this group’s activities became widely known, yet in spite of high public awareness, many of UNC1878’s victims remain actively compromised to this day. Prevailion’s […]