Info collector

ST18-002: Defending Against Illicit Cryptocurrency Mining Activity

By on June 26, 2018 in Recent Vulnerabilities

Original release date: June 26, 2018 The popularity of cryptocurrency, a form of digital currency, is rising; Bitcoin, Litecoin, Monero, Ethereum, and Ripple are just a few types of the cryptocurrencies available. Though cryptocurrency is a common topic of conversation, many people lack a basic understanding of cryptocurrency and the risks associated with it. This […]

Continue Reading »

ST18-001: Securing Network Infrastructure Devices

By on June 21, 2018 in Recent Vulnerabilities

Original release date: June 21, 2018 Network infrastructure devices are ideal targets for malicious cyber actors. Most or all organizational and customer traffic must traverse these critical devices. An attacker with presence on an organization’s gateway router can monitor, modify, and deny traffic to and from the organization. An attacker with presence on an organization’s […]

Continue Reading »

Phishing and fraudulent sites hosted on 188.241.58.60 (Qhoster)

By on May 22, 2018 in Latest SPAM

Nigerian registrants. Dodgy Eastern European  host offering bulletproof and anonymous hosting. Yup, I very much doubt there is anything legitimate at all hosted on 188.241.58.60.. or indeed any part of Qhoster’s network. 237buzz.com255page.ga702mine.com779999977.

Continue Reading »

Malware spam: “New documents available for download” / service@barclaysdownloads.co.uk / barclaysdownloads.com

By on May 10, 2018 in Latest SPAM

This fake Barclays spam seems to lead to the Trickbot banking trojan. From:    Barclays [service@barclaysdownloads.co.uk]Date:    10 May 2018, 13:16Subject:    New documents available for downloadSigned by:    barclaysdownloads.co.ukSecurity:    Standard encryption (TLS) Learn moreBarclays Bank PLC Has Sent You Important Account Documents to SignYou can view the document in your Barclays

Continue Reading »

“Best porno ever” Necurs spam

By on May 4, 2018 in Latest SPAM

This spam (apparently from the Necurs botnet) promises much, but seems not to deliver. From:    Susanne@victimdomain.tld [Susanne@victimdomain.tld]Date:    4 May 2018, 10:22Subject:    Best porno everHi [redacted],Best gay,teen,animal porno everPlease click the following link to activate your account.hxxp:||46.161.40.145:3314Regards,Susanne The sender’s name varies, but is always in the same

Continue Reading »

MS-ISAC Releases Advisory on PHP Vulnerabilities

By on April 27, 2018 in Recent Vulnerabilities

Original release date: April 27, 2018 The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review MS-ISAC Advisory  2018-046 and the PHP Downloads page and […]

Continue Reading »

Drupal Releases Critical Security Updates

By on April 26, 2018 in Recent Vulnerabilities

Original release date: April 25, 2018 Drupal has released critical updates addressing a vulnerability in Drupal 8.x and 7.x. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review Drupal’s Security Advisory and apply the necessary updates. This product is provided subject to this Notification […]

Continue Reading »

New Traffic Light Protocol (TLP) levels for 2018

By on April 1, 2018 in Latest SPAM

The Traffic Light Protocol should be familiar to anyone working with sensitive data, with levels RED, AMBER, GREEN and WHITE being used to specify how far information can be shared. In recent years it has become clear that these four levels are not enough, so the United Nations International Committee on Responsible Naming (UN/ICoRN) has […]

Continue Reading »

“Faster payment” scam is not quite what it seems

By on March 8, 2018 in Latest SPAM

I see a lot of “fake boss” fraud emails in my day job, but it’s rare that I see them sent to my personal email address. These four emails all look like fake boss fraud emails, but there’s something more going on here. From:    Ravi [Redacted] Reply-To:    Ravi [Redacted] To:    accounts@victimdomain.comDate:    23 February 2018 at […]

Continue Reading »

Swisscoin [SIC] cryptocurrency spam

By on January 15, 2018 in Latest SPAM

Swisscoin is a fairly low-volume self-styled cryptocurrency that has been the target of a Necurs-based spam run starting on Saturday 13th January, and increasing in volume to huge levels on Monday. From:    Florine Fray [Fray.419@redacted.tld] Date:    15 January 2018 at 10:51 Subject:    Could this digital currency actually make you a millionaire? Every once in a […]

Continue Reading »

Top
All of these posts originated on blog.dynamoo.com, us-cert.gov and malwaredomainlist.com and are automatically reposted on colors.cbnetsecurity.com.X