Cyber alerts

89 results

April 2017

Published Tuesday 11 April 2017 (12:00) (updated 17 February 2020)

Trend in Spam email campaigns appearing to be from phone providers

CareCERT is aware of a trend in spam email campaigns appearing to originate from phone providers such as Vodafone or O2 with a malicious link that is obfuscated as a legitimate link.

CC-1308 Medium

Published Wednesday 5 April 2017 (12:00) (updated 17 February 2020)

Managed Service Providers MSP Compromised by Known Threat Actor

A cyber actor using previously documented intrusion tools has targeted major international Managed Service Providers (MSP’s) within Enterprise Services and Cloud Hosting businesses since at least May 2016.

March 2017

CC-1301 Low

Published Thursday 30 March 2017 (12:00) (updated 17 February 2020)

Cybercriminals Targeting FTP Servers

Criminals are actively targeting File Transfer Protocol (FTP) servers associated with health facilities in order to access personally identifiable information.

CC-1286 Medium

Published Thursday 23 March 2017 (12:00) (updated 17 February 2020)

DDoS of Things Becoming a Growing Phenomenon

Distributed Denial of Service ( DDoS ) of Things is the term given to the act of using often unsecure IoT devices to launch powerful DDoS attacks.

CC-1291 Medium

Published Thursday 23 March 2017 (12:00) (updated 17 February 2020)

DoubleAgent Code-Injection Attack

Researchers have discovered a new Windows vulnerability which can allow an attacker full control of an affected system.

CC-1264 Low

Published Thursday 16 March 2017 (12:00) (updated 17 February 2020)

Gamaredon Group - New Toolset

Security researchers have discovered that the Gameredon Group are using a new, custom developed toolset rather than commercial-off-the-shelf (COTS) products.

CC-1262 Medium

Published Thursday 16 March 2017 (12:00) (updated 11 January 2022)

TorrentLocker Ransomware

TorrentLocker is a crypto-ransomware that received its name from the registry key used by the malware to store configuration information under ‘HKEY_CURRENT_USER\Software\Bit Torrent Application\Configuration’.

CC-1244 Medium

Published Wednesday 8 March 2017 (12:00) (updated 17 February 2020)

DNSMessenger - C2 Commands via DNS TXT record

A new Remote Access Trojan (RAT) has been discovered that downloads PowerShell commands stored inside a domain’s DNS TXT record. This makes it difficult to defend against, as DNS is required to resolve IP addresses to domain names.

CC-1243 Medium

Published Wednesday 8 March 2017 (12:00) (updated 11 January 2022)

Dridex uses technique called AtomBombing

Security researchers have discovered a new variant of the Dridex banking Trojan . It has been seen to be using a technique known as AtomBombing.

CC-1230 Medium

Published Thursday 2 March 2017 (12:00) (updated 17 February 2020)

Ransom Attacks on Databases Rise

There has been a rise in databases being the target for ransom attacks, with the latest target being MYSQL databases with weak credentials.