Some further info from Germany's @bka in response to our inquiries into the new module.
The US DOJ also released press release today with further information about a "law enforcement file" that would be distributed to devices infected with Emotet. justice.gov/opa/pr/emotet-…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
In a 'Data Incident' incident notification, SANS states they discovered that one of their employees' email accounts was compromised during a phishing attack.
As part of this attack, a malicous Office 365 addon (most likely an Oauth app) was installed and a rule was created to forward incoming mail to an unknown external email address.
BREAKING: BleepingComputer has confirmed that Garmin received decryptor for their WastedLocker Ransomware attack. bleepingcomputer.com/news/security/…
BleepingComputer has been able to obtain the decryptor received by Garmin after they likely paid the ransom to the WastedLocker operators.
The decryptor was included in a workstation restoration package created by Garmin's IT department that decrypts a workstation and then installs a variety of security software.
TrickBot has ported their Windows Anchor_DNS malware to a native Linux malware executable that can also be used to infect other Windows devices on the network.
The general consensus has always been that you should not defrag an SSD drive to prevent unnecessary wear and tear.
Based on an article by Microsoft's Scott Hanselman, Windows 10 performs a defrag of SSDs once a month if volume snapshots are enabled. hanselman.com/blog/TheRealAn…
Last week we reported on eBay port scanning their visitor's computer for remote access programs. These scans are part of an anti-fraud product and are most likely used to find compromised computers making fraudulent purchases. bleepingcomputer.com/news/security/…
While anti-fraud measures are important for any e-commerce site, many felt that a site port scanning your computer when you visit it was too intrusive.
Security researchers @_g0dmode and @hackerfantastic revealed tonight that the Zoom client is vulnerable to UNC injection that can be used to steal Windows login credentials or attempt to launch a program.
When using Zoom's built-in chat feature, users can send URLs that are automatically converted into clickable hyperlinks. It was also discovered that UNC paths can also be sent and automatically converted to clickable links.