Avoiding Black Friday Phishing Scams

Nov 19, 2021 | Phishing

Black Friday is coming and threat actors are already surfing this wave of retail insanity. Not surprisingly, phishing remains an effective way to lure users into handing over their bank credentials and credit card data. Popular brands are often used as bait.Last year...

MISP Configuration Guide

Nov 18, 2021 | Configuration Guide, Malware, Malware Patrol Services, Phishing, Ransomware

MISP is a threat intelligence platform for gathering, sharing, storing, and correlating indicators of compromise of targeted attacks, threat intelligence, financial fraud information, and vulnerability information.It can be configured to ingest MISP-formatted data...

Fortinet Configuration Guide

Nov 13, 2021 | Configuration Guide, Malware Patrol Services

FortiGate NGFWs deliver industry-leading enterprise security for any edge at any scale with full visibility and threat protection. Organizations can weave security deep into the hybrid IT architecture and build security-driven networks to achieve:Ultra-fast security,...

InfoSec Articles (10/26/2021 – 11/8/2021)

Nov 8, 2021 | Archive

Over the last two weeks, we observed a new threat referred to as “SQUIRRELWAFFLE” is being spread more widely via spam campaigns, infecting systems with a new malware loader. In addition, Black Friday, one of the biggest retail spending days of the year, is fast...

InfoSec Articles (10/12/21 – 10/25/2021)

Oct 25, 2021 | Archive

Over the past two weeks, we saw New PurpleFox botnet variant uses WebSockets for C2 communication. In addition, since July 2021, malicious cyber actors have used BlackMatter ransomware to target multiple U.S. critical infrastructure entities, including a U.S. Food and...

Mikrotik Router Configuration

Oct 20, 2021 | Configuration Guide

Malware Patrol provides a Mikrotik-compatible version of our Malicious Domains and the Tor Exit Nodes data feeds. In this Mikrotik router configuration guide, you will find all the steps necessary. However, feel free to contact our support if you need any...

What is Ransomware?

Oct 15, 2021 | Malware, Malware Patrol Services, Ransomware

 Malware Patrol’s CEO Andre Correa was recently interviewed by Dana Mantilia from Identity Protection Planning. They discussed the basics – and more – about ransomware:What is Ransomware?What should a company do in the case of an attack?Why is paying...

InfoSec Articles (9/28/21 – 10/11/21)

Oct 11, 2021 | Archive

Malware patrol selected some relevant cybersecurity news over the past 2 weeks. A survey of cyber investigators and antiabuse service providers to understand how ICANN’s application of the European Union’s General Data Protection Regulation (GDPR) has impacted the...

InfoSec Articles (09/13/21 – 9/27/21)

Sep 27, 2021 | Archive

In the past 2 weeks, CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks. Also, following a recent Incident Response,...

InfoSec Articles (08/30/21 – 09/13/21)

Sep 13, 2021 | Archive

In the first 2 weeks of September, we saw the LockFile is a new ransomware family that emerged in July 2021 following the discovery in April 2021 of the ProxyShell vulnerabilities in Microsoft Exchange servers. Also, ransomware groups have shown no signs of slowing...

InfoSec Articles (08/16/21 – 08/30/21)

Aug 30, 2021 | Archive

In the last 2 weeks of August, we saw campaigns use a multitude of infection components to deliver two widely popular commodity malware and remote access trojans (RATs): njRAT and AsyncRAT. Also, campaigns use a multitude of infection components to deliver two widely...

Best Practices to Protect Against Ransomware

Aug 19, 2021 | Cybersecurity News, Malware, Ransomware

Everyone wants to know how to protect against ransomware – 2021 is the year of ransomware! The Colonial Pipeline attack shutdown a major oil distribution line and held it for ransom. Kaseya, a software vendor, was targeted with a $70 million ransom in bitcoin on...

InfoSec Articles (08/02/21 – 08/16/21)

Aug 16, 2021 | Archive

In this first half of August, we saw that during Cyble’s routine Open-Source Intelligence (OSINT) research, we came across a malware posted by a researcher on Twitter. Also, a new Android trojan, dubbed FlyTrap, that’s spread to more than 10,000 victims via rigged...

InfoSec Articles (07/19/21 – 08/02/21)

Aug 2, 2021 | Archive

Over the past two weeks, we saw that the Government sanctioned cyber-surveillance is back in the news, following an exposé that reveals how commercial malware is being used by authoritarian regimes used to target activists, politicians, and journalists. Also, we...

Malware Patrol Data Offered in ThreatBlockr Marketplace

Jul 28, 2021 | Malware Patrol Services, Press Release

Updated on 2022.03.22 – Bandura Cyber now is ThreatBlockr.Press Release   St. Petersburg, FL, July 28, 2021 — Malware Patrol, the veteran threat intelligence company, announced today that they now offer data feeds through the ThreatBlockr (formerly known...

InfoSec Articles (07/05/21 – 07/19/21)

Jul 19, 2021 | Archive

Over the past 2 weeks, we saw Threat actors behind the infamous TrickBot malware have been linked to a new ransomware strain named “Diavol,”. Also, a new malware that targets online gambling companies in China via a watering hole attack, in which visitors are...

InfoSec Articles (06/21/21 – 07/05/21)

Jul 5, 2021 | Cybersecurity News, Malware

Malware patrol selected some relevant news over the past 2 weeks. Microsoft has confirmed signing a malicious driver being distributed within gaming environments. “Netfilter,” a rootkit that was observed communicating with Chinese command-and-control (C2) IPs....

InfoSec Articles (06/07/21 – 06/21/21)

Jun 21, 2021 | Cybersecurity News, Malware, Phishing

In the last two weeks of June, we saw the Japanese multinational conglomerate Fujifilm said it has refused to pay a ransom demand to the cyber gang that attacked its network in Japan. “Fujifilm Corporation in Tokyo does not comment on the demand but I can confirm we...

Three Types of Cyber Threat Intelligence

Jun 16, 2021 | Cybersecurity News, Malware, Malware Patrol Services

Cyber Threat Intelligence (CTI) is one of the main pillars of cybersecurity. Although it is not the answer to all problems, CTI is one of the most relevant tools for the prevention, detection, and response to cyberattacks. In this article, we will clarify why it is...

InfoSec Articles (05/24/21 – 06/07/21)

Jun 7, 2021 | Archive

At the end of March and beginning of June, we saw the Evolution of the JSWorm ransomware, the ransomware threat landscape has been gradually changing. We have been witness to a paradigm shift. Also, the Bizarro banking malware targets 70 banks in Europe and South...

InfoSec Articles (05/10/21- 05/24/21)

May 24, 2021 | Archive

In the past two weeks of May, we noticed that the whole world is susceptible to cyber-attacks and even banks. Bizarro is another family of banking Trojans originating in Brazil that is now found in other regions of the world. In addition, fake Android and iOS apps...

InfoSec Articles (04/26/21 – 05/10/21)

May 10, 2021 | Archive

At the end of April and the first week of March, we realized that cyberattacks do not rest, recently the Cybereason Nocturnus team responded to several incident response (IR) cases involving Prometei Botnet infections against companies in North AmericaFor more...

InfoSec Articles (04/12/21 – 04/26/21)

Apr 26, 2021 | Archive

In the second half of April, we noticed a growing wave of cyber attacks Microsoft threat analysts have been tracking activity where contact forms published on websites are abused to deliver malicious links. For more articles, check out our #onpatrol4malware blog....

InfoSec Articles (03/29/21 – 04/12/21)

Apr 13, 2021 | Archive

In this first half of April, we noticed that cyber threats are spreading all over the world and involve major investigations. This new threat, which we’ve named Janeleiro, attempts to deceive its victims with pop-up windows designed to look like the websites of some...

InfoSec Articles (03/15/21 – 03/29/21)

Mar 29, 2021 | Archive

In this second half of March, we observed an interesting email campaign by a threat actor we track as TA800. They distributed a new malware we are calling NimzaLoader. Also, another ransomware gang has started to target vulnerable Exchange servers with another...

InfoSec Articles (03/01/21 – 03/15/21)

Mar 15, 2021 | Archive

In the first half of March, we recently observed a new series of Microsoft-themed phishing attacks. Also, with ransomware becoming the most significant cybersecurity threat faced by organizations, we found a distinct shift in the cyber threat landscape.   ...

InfoSec Articles (02/15/21 – 03/01/21)

Mar 1, 2021 | Archive

In the last two weeks’ worth of infosec articles, we saw a lot of writing about APT activities and even a phishing attack method that uses Morse code to disguise malicious URLs. The Lookout article about the Confucious APT’s Android Spyware includes an...

InfoSec Articles (01/31/21 – 02/14/21)

Feb 14, 2021 | Archive

Onto the 2nd month of 2021, and we have seen supply-chain attacks, phishing campaigns, botnets, and ransomware such as the HelloKitty ransomware. CD Project disclosed that they were the target of HelloKitty ransomware attack that encrypted devices on their network and...

InfoSec Articles (01/16/21 – 01/30/21)

Jan 30, 2021 | Archive

On to the end of January and we’re seeing banking malware such as Vadokrist and many others. Vadokrist is written in Delphi and has an unusually large amount of unused code in the binaries. It is believed that this is an attempt to evade detection and dissuade...

InfoSec Articles (01/01/21 – 01/15/21)

Jan 15, 2021 | Archive

On to a new year, but it’s still good to review some malware such as APT37 to help us understand more about cybercrimes. APT37 is associated with an attack that embeds macro that uses a VBA self decoding technique to decode itself within the memory spaces of MS...

InfoSec Articles (12/17/20 – 12/31/20)

Dec 31, 2020 | Archive

On to the last day of the controversial year, cybercrime is still rife, as the attack activities of the Quasar Family. Quasar is an open-source RAT with a variety of functions. This is easy to use and therefore exploited by several APT actors. Learn more in this batch...

InfoSec Articles (12/02/20 – 12/16/20)

Dec 16, 2020 | Archive

A week before Christmas, cryptocurrency mining botnet PGMiner is showing smarter ways to hack into a victim’s machine. At its core, PGMiner attempts to connect to the mining pool for Monero mining. Learn more on this and other malware in this batch of InfoSec...

InfoSec Articles (11/17/20 – 12/01/20)

Dec 1, 2020 | Archive

On to the start of the last month of the year and just around Thanksgiving, cyber crimes are still rampant. Even GoDaddy was also a victim of a scam using voice phishing or vishing. The scam shows how vishing can be more deceptive than email schemes. Learn more about...

InfoSec Articles (11/02/20 – 11/16/20)

Nov 16, 2020 | Archive

Several cases were observed where DLL side-loading was used to execute the malicious code. Side-loading is the use of a malicious DLL spoofing a legitimate one, relying on legitimate Windows executables. Learn more on this and other news in this batch of InfoSec...

InfoSec Articles (10/18/20 – 11/01/20)

Nov 1, 2020 | Archive

Upon entering the second to the last month of the year, there are a lot of botnets, banking malware, and malware making the news. But one that stands out is Kimsuky. Kimsuky uses various spearphishing and social engineering methods to obtain Initial Access to victim...