Health Care
Education
IT & Telecom
Government
CISO/CTO
DevSecops
Product
Our Product
We are Reshaping the way companies find and fix critical vulnerabilities before they can be exploited.
Threatspy
Solutions
By Industry
Health Care
Education
IT & Telecom
By Role
Government
CISO/CTO
DevSecops
Resources
Resource Library
Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.
Threat Feeds
Threat Research
White Paper
SB Blogs
Subscribe to Our Weekly Threat Digest
Company
Contact Us
Have queries, feedback or prospects? Get in touch and we shall be with you shortly.
Our Story
Our Team
Careers
Press & Media
Contact Us
Request Demo
By submitting this form, you agree to our Subscription Agreement and Legal Policies.
Be informed in your inbox
Sign up now to our Threat intelligence Newsletter and be the first to know about threats first in your inbox.
Postal Service
Ransomware
Greece
Greece's postal services ELTA suffered a ransomware attack resulting in system outage
ELTA Greece public postal service crippled due to a massive ransomware attack resulting in system wide outage impacting over 2,500 computers…
23-Mar-2022
3 min read
Related Articles
Brexit
Russia
Data Breach
Huntley, who directs Google's Threat Analysis Group, told Reuters that the "Engl...
According to a Google cybersecurity officer and the former chief of UK foreign intelligence, a new website that released hacked emails from numerous key proponents of Britain's secession from the European Union is linked to Russian hackers. The website, branded "Very English Coop d'Etat," claims to have exposed private emails from former British spymaster Richard Dearlove, major Brexit advocate Gisela Stuart, pro-Brexit historian Robert Tombs, and other Brexit supporters. According to the website, they are part of a gang of hardcore pro-Brexit politicians who are covertly directing the shots in the UK. While the authenticity of the leaked emails could not be immediately established, two leak victims revealed on Wednesday that they had been targeted by hackers and accused the Russian government. "I am completely aware of a Russian operation targeting a Proton account containing communications to and from me," Dearlove added, referring to the privacy-focused email provider ProtonMail. Dearlove, who oversaw Britain's foreign intelligence organization, known as MI6, from 1999 to 2004, told Reuters that the stolen data should be regarded with caution in light of "the current crisis in ties with Russia." In an email, Tombs stated that he and his colleagues were aware of "Russian misinformation based on unlawful hacking." He declined to comment further. Stuart, who led Britain's Leave campaign in 2016, did not respond to emails. According to Shane Huntley, director of Google's Threat Analysis Gang, the "English Coop" website was linked to what Alphabet Inc (GOOGL.O)-owned business recognized as "Cold River," a Russia-based hacking group. "We can see that through technical indications," Huntley explained. Huntley stated that the entire operation had "obvious technological ties" from Cold River's hacking attempts to publishing the disclosures. The Russian embassies in London and Washington did not respond to requests for comment. The Foreign Office in the United Kingdom, which handles media inquiries for MI6, declined to comment. Other Brexit supporters whose emails were suspected of being distributed on the website did not respond to emails sent to them. 'APPEARS TO BE VERY FAMILIAR' It's unclear how the emails were obtained, and the website that hosted them made no attempt to explain who was behind the leak. The majority of the disclosed texts appear to have been transmitted using ProtonMail. ProtonMail has refused to comment. Although Reuters could not independently confirm Google's judgment of a Russian link to the website, Thomas Rid, a cybersecurity specialist at Johns Hopkins University, said the site was similar to previous hack-and-leak operations ascribed to Russian hackers. "What strikes me is how similar the M.O. is to Guccifer 2 and DCLeaks," he added, referring to two sites that released stolen emails from Democrats in the run-up to the 2016 U.S. presidential election. "In some aspects, it seems extremely familiar, particularly the sloppiness," he remarked. If the leaked texts are genuine, it will be the second time in three years that suspected Kremlin agents have obtained and released private emails from a top British national security officer. According to Reuters, sensitive US-UK trade documents were published ahead of the UK election in 2019 after being taken from the email account of former trade minister Liam Fox. The specifics of the operation were never verified by UK officials, but then-British Foreign Minister Dominic Raab said the hack-and-leak was an attempt by the Kremlin to meddle in Britain's election, an accusation Moscow disputed. The "English Coop" website makes a number of claims, including that Dearlove was at the center of a plot by Brexit hardliners to depose former British Prime Minister Theresa May, who had negotiated a withdrawal agreement with the European Union in early 2019, and replace her with Johnson, who took a more hardline stance. According to Dearlove, the emails documented a "legitimate lobbying activity that, when viewed through an adversarial lens, is now vulnerable to distortion." He declined to comment further. Johnson, who took office in May of this year, has taken a firm line on Russia's invasion of Ukraine, pledging hundreds of millions of dollars in military weapons to the Ukrainian government. Johnson was in Kiev in April for a televised walkabout with Ukrainian President Volodymyr Zelensky. more info Johnson was formally barred from entering Russia on April 16. The "Coop" website was registered three days later, according to Internet domain data. Its URL includes the phrase "sneaky strawhead," a dig at Johnson's messy haircut. While media should not be afraid to cover authenticated data uncovered by the leak, Rid cautioned them to tread cautiously. "If the leak contains noteworthy detail, it is likewise important to note that the material originates from a hostile intelligence organization, especially in wartime," Rid added.
26-May-2022
4 min read
Washington
Data Breach
Medical School
Washington University School of Medicine started notifying its patients about a ...
Washington University School of Medicine, a St. Louis-based med school, started notifying about a cybersecurity incident that might have impacted the _"confidentiality and security of our patients' and research participants' information,"_ resulting in a possible data breach of personally identifiable health information. According to a notice on the website, the School of Medicine emails all its patients whose information may have been identified in this incident involving unauthenticated access to employee email accounts following the confirmation. <br> However, given the continuing investigation in affiliation with a computer forensic business, how many people were affected by this data breach may be unclear. The health system was able to identify the emails containing patient and participant data, including names, dates of birth, addresses, medical records, patient account numbers, and clinical information. <br> Between March 4 and March 28, the website for Washington University School of Medicine's health system became aware of unauthorized access to specific staff email accounts. <br> Although the investigators could not identify whether the unauthorized user ever accessed any emails or attachments, instances of health insurance information and Social Security numbers were detected in the compromised accounts. <br> The letter from Washington University School of Medicine emphasized, _" This incident did not affect all School of Medicine patients/research participants, but just those whose information was contained in the compromised email accounts. We apologize for any worry or inconvenience caused by this occurrence. We are dedicated to safeguarding the privacy and safety of our patients and study participants' data."_ <br> Following the completion of the security review on March 23, the School of Medicine will start sending emails to additional people whose information is contained in the accounts and for whom it has sufficient contact information. Moreover, it has also established a dedicated, toll-free contact centre open from 8:00 a.m. to 5:30 p.m. Central Time, Monday through Friday, to address any concerns anyone may have concerning the event. In addition, the School of Medicine provides free credit monitoring and identity protection services to individuals whose Social Security numbers are included in their email accounts. <br> Additionally, the School of Medicine advises concerned persons to scrutinize any correspondence they receive from their health insurance or healthcare providers. If customers discover costs for services they did not get, they should immediately inform their insurance or provider. <br> To prevent a similar incident in the future, the School of Medicine has increased its staff's education on spotting and avoiding suspicious emails. In addition, it is enhancing the security of its email environment.
26-May-2022
3 min read
Malware
Chrome
ChromeLoader is a browser hijacker that can modify the victim's web browser sett...
ChromeLoader malware detections have increased this month, after being largely consistent since the beginning of the year, making the browser hijacking a widespread concern. ChromeLoader is a browser hijacker that modifies the settings of the victim's web browser to display search results that advertise unwanted software, phony freebies and surveys, pornographic games, and dating sites. By routing user traffic to advertising sites, the malware's controllers profit financially through a system of marketing association. There are other hijackers of this type, but ChromeLoader stands out due to its persistence, volume, and aggressive PowerShell-based infection method. According to researchers at Red Canary who have been monitoring ChromeLoader's behavior since February, the hijacker's operators employ a malicious ISO archive file to infect their victims. The ISO masquerades as a cracked executable for a game or commercial program, so victims likely download it via torrent or malicious websites. The researchers have also observed tweets marketing hacked Android games and providing QR codes that link to sites containing malware. When the ISO file is double-clicked on Windows 10 or later, it will be mounted as a virtual CD-ROM drive. This ISO file contains a program with the name "CS Installer.exe" that purports to be a game crack or keygen. ChromeLoader concludes by executing and decoding a PowerShell command that retrieves an archive from a remote resource and loads it as a Google Chrome extension. The PowerShell will then delete the scheduled operation, leaving Chrome infected with a stealthily installed extension that hijacks the browser and manipulates search results. The operators of ChromeLoader also target macOS systems, with the intention of manipulating both Chrome and Safari. On macOS, the infection chain is comparable, but instead of ISO files, the threat actors employ DMG (Apple Disk Image) files, a more prevalent format on that operating system. In addition, instead of the installer executable, the macOS version use an installer bash script that downloads and decompresses the ChromeLoader extension to the "private/var/tmp" directory. Red Canary's report states, "To preserve persistence, the macOS variant of ChromeLoader will add a preference ('plist') file to the '/Library/LaunchAgents' directory." This enables ChromeLoader's Bash script to run continuously whenever a user connects into a graphical session. Check out these guides for Chrome and Safari for information on how to determine which extensions are active in your browser and how to manage, limit, or uninstall them.
25-May-2022
3 min read
Secure Blink built a heuristic application security management platform that offers Vulnerability Management, Version Management & Application Healthbot. Secure Blink envisions a safer web by reinventing cybersecurity.
