Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-18360 netlabHui Wang, Alex.Turing, litao3rd, YANG XU
@online{wang:20211118:pitfall:23ff4ea, author = {Hui Wang and Alex.Turing and litao3rd and YANG XU}, title = {{The Pitfall of Threat Intelligence Whitelisting: Specter Botnet is 'taking over' Top Legit DNS Domains By Using ClouDNS Service}}, date = {2021-11-18}, organization = {360 netlab}, url = {https://blog.netlab.360.com/the-pitfall-of-threat-intelligence-whitelisting-specter-botnet-is-taking-over-top-legit-dns-domains-by-using-cloudns-service/}, language = {English}, urldate = {2021-11-19} } The Pitfall of Threat Intelligence Whitelisting: Specter Botnet is 'taking over' Top Legit DNS Domains By Using ClouDNS Service
Specter
2021-11-13YouTube (AGDC Services)AGDC Services
@online{services:20211113:automate:487e01f, author = {AGDC Services}, title = {{Automate Qbot Malware String Decryption With Ghidra Script}}, date = {2021-11-13}, organization = {YouTube (AGDC Services)}, url = {https://www.youtube.com/watch?v=4I0LF8Vm7SI}, language = {English}, urldate = {2021-11-19} } Automate Qbot Malware String Decryption With Ghidra Script
QakBot
2021-11-11AT&TOfer Caspi
@online{caspi:20211111:att:4c2bbed, author = {Ofer Caspi}, title = {{AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits}}, date = {2021-11-11}, organization = {AT&T}, url = {https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits}, language = {English}, urldate = {2021-11-17} } AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits
BotenaGo
2021-11-08CitizenLabCitizenLab
@online{citizenlab:20211108:devices:47e5c60, author = {CitizenLab}, title = {{Devices of Palestinian Human Rights Defenders Hacked with NSO Group’s Pegasus Spyware}}, date = {2021-11-08}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/11/palestinian-human-rights-defenders-hacked-nso-groups-pegasus-spyware/}, language = {English}, urldate = {2021-11-08} } Devices of Palestinian Human Rights Defenders Hacked with NSO Group’s Pegasus Spyware
Chrysaor
2021-11-08MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20211108:threat:0d18523, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus}}, date = {2021-11-08}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/08/threat-actor-dev-0322-exploiting-zoho-manageengine-adselfservice-plus/}, language = {English}, urldate = {2021-11-09} } Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
2021-11-04Security Service of UkraineSecurity Service of Ukraine
@techreport{ukraine:20211104:gamareddon:7be7543, author = {Security Service of Ukraine}, title = {{Gamareddon / Armageddon Group: FSB RF Cyber attacks against Ukraine}}, date = {2021-11-04}, institution = {Security Service of Ukraine}, url = {https://ssu.gov.ua/uploads/files/DKIB/Technical%20report%20Armagedon.pdf}, language = {English}, urldate = {2021-11-08} } Gamareddon / Armageddon Group: FSB RF Cyber attacks against Ukraine
EvilGnome Pteranodon RMS
2021-11-04Security Service of UkraineSecurity Service of Ukraine
@online{ukraine:20211104:ssu:d4fcd5b, author = {Security Service of Ukraine}, title = {{SSU identified FSB hackers who carried out more than 5,000 cyberattacks on state bodies of Ukraine (video)}}, date = {2021-11-04}, organization = {Security Service of Ukraine}, url = {https://ssu.gov.ua/en/novyny/sbu-vstanovyla-khakeriv-fsb-yaki-zdiisnyly-ponad-5-tys-kiberatak-na-derzhavni-orhany-ukrainy}, language = {English}, urldate = {2021-11-08} } SSU identified FSB hackers who carried out more than 5,000 cyberattacks on state bodies of Ukraine (video)
2021-10-29360 netlabGhost
@online{ghost:20211029:pink:1464c64, author = {Ghost}, title = {{Pink, a botnet that competed with the vendor to control the massive infected devices}}, date = {2021-10-29}, organization = {360 netlab}, url = {https://blog.netlab.360.com/pink-en/}, language = {English}, urldate = {2021-11-03} } Pink, a botnet that competed with the vendor to control the massive infected devices
Pink
2021-10-22DarkowlDarkowl
@online{darkowl:20211022:page:90c7728, author = {Darkowl}, title = {{“Page Not Found”: REvil Darknet Services Offline After Attack Last Weekend}}, date = {2021-10-22}, organization = {Darkowl}, url = {https://www.darkowl.com/blog-content/page-not-found-revil-darknet-services-offline-after-attack-last-weekend}, language = {English}, urldate = {2021-10-26} } “Page Not Found”: REvil Darknet Services Offline After Attack Last Weekend
REvil REvil
2021-10-20sonatypeSonatype Security Research Team
@online{team:20211020:newly:a54f6dc, author = {Sonatype Security Research Team}, title = {{Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices}}, date = {2021-10-20}, organization = {sonatype}, url = {https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices}, language = {English}, urldate = {2021-10-26} } Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices
2021-10-14Palo Alto Networks Unit 42Yue Guan, Jin Chen, Leo Olson, Wayne Xin, Daiping Liu
@online{guan:20211014:attackers:ff202a1, author = {Yue Guan and Jin Chen and Leo Olson and Wayne Xin and Daiping Liu}, title = {{Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes}}, date = {2021-10-14}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/exploits-interactsh/}, language = {English}, urldate = {2021-10-25} } Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
2021-10-14Trend MicroMarshall Chen, Loseway Lu, Paul Pajares, Fyodor Yarochkin
@online{chen:20211014:analyzing:ae5c6a4, author = {Marshall Chen and Loseway Lu and Paul Pajares and Fyodor Yarochkin}, title = {{Analyzing Email Services Abused for Business Email Compromise}}, date = {2021-10-14}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_in/research/21/j/analyzing-email-services-abused-for-business-email-compromise.html}, language = {English}, urldate = {2021-10-26} } Analyzing Email Services Abused for Business Email Compromise
2021-10-05Trend MicroFyodor Yarochkin, Janus Agcaoili, Byron Gelera, Nikko Tamana
@online{yarochkin:20211005:ransomware:e5f5375, author = {Fyodor Yarochkin and Janus Agcaoili and Byron Gelera and Nikko Tamana}, title = {{Ransomware as a Service: Enabler of Widespread Attacks}}, date = {2021-10-05}, organization = {Trend Micro}, url = {https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-as-a-service-enabler-of-widespread-attacks}, language = {English}, urldate = {2021-10-20} } Ransomware as a Service: Enabler of Widespread Attacks
Cerber Conti DarkSide Gandcrab Locky Nefilim REvil Ryuk
2021-09-29Check Point ResearchIsrael Wernik, Bohdan Melnykov
@online{wernik:20210929:pixstealer:08ca6c6, author = {Israel Wernik and Bohdan Melnykov}, title = {{PixStealer: a new wave of Android banking Trojans abusing Accessibility Services}}, date = {2021-09-29}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2021/pixstealer-a-new-wave-of-android-banking-trojans-abusing-accessibility-services/}, language = {English}, urldate = {2021-11-18} } PixStealer: a new wave of Android banking Trojans abusing Accessibility Services
PixStealer
2021-09-25Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210925:thread:afea874, author = {Microsoft Security Intelligence}, title = {{Thread on Malicious Android apps posing as bank loan services are being widely distributed to targets in Asia}}, date = {2021-09-25}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1441524497924833282?s=20}, language = {English}, urldate = {2021-09-28} } Thread on Malicious Android apps posing as bank loan services are being widely distributed to targets in Asia
Unidentified APK 006
2021-09-21MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210921:catching:4621a10, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Catching the big fish: Analyzing a large-scale phishing-as-a-service operation}}, date = {2021-09-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/21/catching-the-big-fish-analyzing-a-large-scale-phishing-as-a-service-operation/}, language = {English}, urldate = {2021-09-22} } Catching the big fish: Analyzing a large-scale phishing-as-a-service operation
2021-09-20Rostelecom-SolarRostelecom-Solar
@online{rostelecomsolar:20210920:how:cfe97c4, author = {Rostelecom-Solar}, title = {{How we searched for a connection between Mēris and Glupteba, and gained control over 45 thousand MikroTik devices}}, date = {2021-09-20}, organization = {Rostelecom-Solar}, url = {https://habr.com/ru/company/solarsecurity/blog/578900/}, language = {Russian}, urldate = {2021-09-22} } How we searched for a connection between Mēris and Glupteba, and gained control over 45 thousand MikroTik devices
Glupteba
2021-09-19The RecordCatalin Cimpanu
@online{cimpanu:20210919:alaska:5238129, author = {Catalin Cimpanu}, title = {{Alaska discloses ‘sophisticated’ nation-state cyberattack on health service}}, date = {2021-09-19}, organization = {The Record}, url = {https://therecord.media/alaska-discloses-sophisticated-nation-state-cyberattack-on-health-service/}, language = {English}, urldate = {2021-09-22} } Alaska discloses ‘sophisticated’ nation-state cyberattack on health service
2021-09-16CISAUS-CERT
@online{uscert:20210916:actors:ee20adf, author = {US-CERT}, title = {{APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus}}, date = {2021-09-16}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/alerts/aa21-259a}, language = {English}, urldate = {2021-09-19} } APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
2021-09-16Department of Health and Social Services (DHSSDepartment of Health and Social Services (DHSS
@techreport{dhss:20210916:department:745be5a, author = {Department of Health and Social Services (DHSS}, title = {{Department of Health and Social Services 2021 Cyberattack: Frequently Asked Questions Updated Sept. 16, 2021}}, date = {2021-09-16}, institution = {Department of Health and Social Services (DHSS}, url = {http://dhss.alaska.gov/news/Documents/press/2021/DHSS_FAQs_FMS_Cyberattack_20210916.pdf}, language = {English}, urldate = {2021-09-22} } Department of Health and Social Services 2021 Cyberattack: Frequently Asked Questions Updated Sept. 16, 2021