This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.
“A hacking tool allegedly used by the NSA-linked threat actor “Equation Group” that was exposed to the public roughly a week ago has been already observed in live attacks.
Dubbed DoublePulsar, the backdoor was released by the Shadow Brokers hacker group on Friday before the Easter holiday, as part of a password-protected archive containing a larger set of tools and exploits. Last week Microsoft said that the newly revealed exploits don’t affect up-to-date systems.
DoublePulsar is the primary payload in SMB (Server Message Block) and RDP (Remote Desktop Protocol) exploits in the NSA’s FuzzBunch software, an exploitation framework similar to Metasploit, penetration tester zerosum0x0 explains.”
– Security Week
“A sophisticated Trojan malware operation is targeting financial organisations across the globe — but with a particular focus on the UK banking sector.
The credential-stealing TrickBot banking trojan has been plaguing the financial sector since last year, targeting private banks, private wealth management firms, investment banking, and even a retirement insurance firm.
But that isn’t enough targets for the cybercriminal operation behind the scheme, as cybersecurity researchers at IBM X-Force say the hackers are targeting a growing list of business banks — including a UK-based one described as “among the oldest banks in the world”.”
– ZD Net
“Fast-casual restaurant chain Chipotle Mexican Grill, which has more than 2,000 locations in the United States and other countries, informed customers on Tuesday that its payment processing systems have been breached.
Chipotle said it recently detected unauthorized activity on the network that supports payment processing for its restaurants. The company’s investigation into the incident is ongoing and only limited information has been made public for now.
An initial investigation showed that attackers may have accessed data from cards used at restaurants between March 24 and April 18, 2017, but it’s unclear how many locations are affected.”
– Security Week
“US military contractor Northrop Grumman has admitted that hackers managed to infiltrate its systems, and gained access to sensitive employee records.
As The Register reports, the makers of America’s stealth bomber acknowledged in a letter sent to employees and the California Attorney General’s office that hackers infiltrated its online portal at various times over the course of almost a year, gaining access to workers’ W-2 paperwork for the 2016 tax year.”
You May Also Be Interested In…
- [WEBINAR] Building a Threat Intelligence Program
- [WHITE PAPER] Building a Threat Intelligence Program That Works For You
- [Data Sheet] LookingGlass Cyber Threat Center
- [Data Sheet] Information Protection