Welcome to CyberPress
CyberPress is a source of relevant and recent information related to cyber threats and vulnerabilities.
Our mission is to provide intelligence analysts with situational awareness and provide the tools to translate open source information into actionable intelligence to defend their networks and disrupt malicious activity.
Weekly Threat Intelligence Digest
October 9, 2020
This week, we digest a ZeroLogon vulnerability campaign, the BAHAMUT threat group, the HEH Botnet, Magecart attacks, and more.
Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities
In a cybersecurity advisory, NSA has released 25 known public vulnerabilities being exploited by Chinese state-sponsored threat actors. The vulnerabilities affect a variety of products that facilitate defense contractors in remote access and external web services.
NSA Cybersecurity Advisory
Another Office 365 OAuth Attack Targets Coinbase Users to Gain Compromised Email Access
Researchers at KnowBe4 have discovered a new Consent app-based attack, designed to fool Office 365 users into giving mailbox access, instead of stealing credentials. The attacks target Coinbase digital currency exchange users with a phishing email desinged to look like a terms of service update.
New Vizom Malware Discovered Targets Brazilian Bank Customers with Remote Overlay Attacks
A new malware variant has been discovered by researchers at IBM Security, dubbed Vizom by the team, targeting Brazilian bank account holders. The malware disguises itself as video conferencing software, spreads through spam-based phishing campaigns, and uses remote overlay techniques and DLL hijacking.
GravityRAT: The Spy Returns
In a new blog post, researchers at Kaspersky discuss the modifications in the active GravityRAT campaign, which is likely attributed to a Pakistani hacker group and targeting Indian armed forces. The most notable change since the 2015-2018 campaign is multi-platformity; specifically, the addition of Android and MacOS versions.