Patrick Domingues

There is another large-scale spam campaign going to spread the Emotet banking trojan. The Emotet banking trojan is mostly used as the dropper for other payloads like ICedID, Trickbot, Zeus Panda Banker and a few others. These infections can scan and harvest different types of sensitive information, scan email 180 days back,  have the ability to open firewall ports and it can spread around in the network like a worm.

So how is this infection infiltrate a network? Well this infection comes in as an email with an attachment being a word doc or pdf doc. When you open up the document and click on a link and allow it to run that’s when you have compromised the system and potentially the entire network.

Do you have the best AV around? Sometimes that doesn’t help there are new variants of this Emotet payload being created every day and it can … Read the rest

A brand new botnet which is a variant of the BCMUPnP_Hunter is taking advantage of this 5 year router flaw and 360 Netlab research shows that hundreds and thousands of of bots have already seeded themselves into routers.  This same bot takes advantage of the same vulnerability that was discovered in 2013 (  BroadCom UPnp Vulnerability ).

Once the targeted router has been taken over the hacker can make Proxy changes to the next work profit from scripting simulation clicks and using mail servers like Outlook, Hotmail, and Yahoo mail just to take a few to send massive amounts of spam from your network.

Affected Router Brands Are:

• D-Link,
• Linksys,
• Technicolor router,
• Netgear
• Asus
• Trendnet
• Belkin
• TP-Link,
• ZTE,
• Zyxel,
• NetComm,
• ISP CenturyLink Routers

You may want to look up your router model and see if you are affected. Contact me on Linkedin, Twitter or through email if you need assistance … Read the rest

A New Intel CPU Exploit : As if the Intel CPU couldn’t catch a break. A team of researches discovered a serious side-channel vulnerability in the CPU which could allow the attacker to find protected data like OPENSSL keys, Cypto Keys, Passwords and other processes that are running but only if the CPU has multi-threading feature enabled. They have dubbed the Vulnerability PortSmash (CVE-2018-5407), This Vulnerability is just as dangerous as the Meltdown and Spectre, TLbleed and Foreshadow.

So how do you protect yourself for the PortSmash vulnerability? The only method right now is to disable SMT/Hyper-Threading in the CPU chip’s BIOS until Intel releases security patches.

OpenSSL software is offering users a patch that can prevent the exploit from its own software.

• Tackling Shadow IT: The Unseen Network Security Risk
• How to Spot and Report Cybercrime Effectively
• IT Management Strategies For Startups
• 3 Common Mistakes in IT Operations You Can’t

The author of Kraken Ransomware has adopted the ransomware-as-a-service (RaaS) Model.  In the Dark Web you can find more details about joining the affiliate program which requires a small fee to be considered a trusted partner. The interesting part about this affiliate program is that you get about 70% to 80% of the earnings and requires little to no knowledge of the criminal of deployment or software coding. The developer gets enough kick back to continue updates to the software code. This means they can afford a bigger Dev Team and instead of updates and revisions of Kraken taking a week or two they can do it within a day or a matter of hours. This put Antivirus providers on their toes day to day. I believe the integration of some sort of AI intelligence must play a roll here to combat these Zero Day ransomware infections. Regardless no matter … Read the rest