Tuesday, March 26, 2019

Mikrotik Proxy Botnet

Mikrotik is a Latvian router and is a popular hardware product in many countries.  Beginning in 2018, attackers began exploiting vulnerabilities for Mikrotik routers, as well as attempting brute force attacks.  As a result, compromised Mikrotik routers have since been leveraged in a host of botnet-related activities and fraud.

To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM
Posted by at
Labels: ,

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: March 26, 2019 

On 26 March 2019, Wapack Labs identified 49 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 
Posted by at
Labels: ,

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: March 26, 2019

Wapack Labs identified connections from 45,870 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.
Posted by at
Labels: ,

Thursday, March 21, 2019

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: March 21, 2019 

On 21 March 2019, Wapack Labs identified 6 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 
Posted by at
Labels: ,

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: March 21, 2019

Wapack Labs identified connections from 74,293 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.
Posted by at
Labels: ,

Tuesday, March 5, 2019

South American Hacking Group Specializing In Phishing

Blind Eagle (BE) is an effective hacking group specializing in phishing emails, primarily attacking Colombia. BE has been carrying out attacks against Colombian government institutions, to include the financial sector, petroleum industry and professional manufacturing. This advanced persistent threat (APT) group is believed to be South American based, due to the Spanish coded malware.

 To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM
Posted by at
Labels: , , , , ,

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: March 4, 2019 

On 4 March 2019, Wapack Labs identified 375 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 
Posted by at
Labels: ,

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: March 4, 2019

Wapack Labs identified connections from 46,515 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.
Posted by at
Labels: ,
Subscribe to: Posts (Atom)