Threat Intelligence Report: Feodo C&C Botnet

Date:   12 April 2019 Summary During Invinsec proactive threat hunting, malware Command and Control (C2) connection attempts were observed, originating from hosts infected with Feodo malware. Customers who had … Continue reading Threat Intelligence Report: Feodo C&C Botnet

Threat Intelligence Report: WinRAR Zero Day Threat

Date: 29 March 2019 Summary: A Zero-Day Vulnerability has recently been discovered in WinRAR. The vulnerability, which was assigned as CVE-2018-20250, allows attackers to set arbitrary destinations during file extraction … Continue reading Threat Intelligence Report: WinRAR Zero Day Threat

Threat Intelligence Report: Phish Point

Threat intelligence is an elusive concept. Cyber-security vendors have developed numerous definitions for it based upon different procedural viewpoints. As a result, the key concept and principle of threat intelligence is explaining the role it plays within cyber-security and network defence, while offering advice and best practice. This will equip the reader with a basic understanding of the benefits of threat intelligence and the importance of investing effort and resources into responding to it.

Threat Intelligence Report: Syn/Ack

We have been made aware of the latest form of ransomware to threaten organisations. SynAck ransomware adopts a new technique to infect computers – the ‘Doppelgänger’ approach. With the aim of infecting systems and encrypting victims’ files, SynAck uses this approach to transform files in order to bypass and avoid detection from anti-virus software. A demand is then made for a fee in order to release the files.

Threat Intelligence Report: FacexWorm

The invinsec Threat Intelligence Analysts have discovered a new malware exploit that is being seen on the web (researchers first discovered the exploit in August 2017 and immediately after, it was removed from the Chrome Web Store). In April 2018, researchers discovered a repackaged version of the malware with a few tweaks which had the additional capability to steal Facebook, Google and Cryptocurrency credentials amongst others.