Grey Wolf Security

Grey Wolf Security Grey Wolf Security specializes in cyber security solutions. We deliver subject matter experts to your project and ready to secure your valuable infrastructure.

Let’s defend your enterprise today!

Operating as usual

Since the SolarWinds supply chain attack was disclosed last Sunday, there has been a whirlwind of news, technical detail...
12/21/2020
The SolarWinds cyberattack: The hack, the victims, and what we know

Since the SolarWinds supply chain attack was disclosed last Sunday, there has been a whirlwind of news, technical details, and analysis released about the hack.

Because the amount of information that was released in such a short time is definitely overwhelming, we have published this as a roundup of this week's SolarWinds news.

By Lawrence Abrams - Bleeping Computer

Since the SolarWinds supply chain attack was disclosed last Sunday, there has been a whirlwind of news, technical details, and analysis released about the hack. Because the amount of information that was released in such a short time is definitely overwhelming, we have published this as a roundup o...

Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned ...
12/21/2020
Gitpaste-12 worm botnet returns with 30+ vulnerability exploits

Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with even more exploits.

The first iteration of Gitpaste-12 shipped with reverse shell and crypto-mining capabilities and exploited over 12 known vulnerabilities, therefore the moniker.

By Ax Sharma - Bleeping Computer

Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with over 30 vulnerability exploits, according to researchers at Juniper Labs.

Flavor and fragrance developer Symrise has suffered a Clop ransomware attack where the attackers allegedly stole 500 GB ...
12/21/2020
Flavors designer Symrise halts production after Clop ransomware attack

Flavor and fragrance developer Symrise has suffered a Clop ransomware attack where the attackers allegedly stole 500 GB of unencrypted files and encrypted close to 1,000 devices.

Symrise is a major developer of flavors and fragrances used in over 30,000 products worldwide, including those from Nestle, Coca-Cola, and Unilever. Symrise generated €3.4 billion in revenue for 2019 and employs over 10,000 people.

By Lawrence Abrams - Bleeping Computer

Flavor and fragrance developer Symrise has suffered a Clop ransomware attack where the attackers allegedly stole 500 GB of unencrypted files and encrypted close to 1,000 devices.

A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker foru...
12/21/2020
Physical addresses of 270K Ledger owners leaked on hacker forum

A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free.

Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows.

By Lawrence Abrams - Bleeping Computer

A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free.

While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoo...
12/21/2020
New SUPERNOVA backdoor found in SolarWinds cyberattack analysis

While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor.

Named SUPERNOVA, the malware is a webshell planted in the code of the Orion network and applications monitoring platform and enabled adversaries to run arbitrary code on machines running the trojanized version of the software.

By Ionut Ilascu - Bleeping Computer

While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor.

VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks but denied fur...
12/21/2020
VMware latest to confirm breach in SolarWinds hacking campaign

VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks but denied further exploitation attempts.

The company said that the hackers did not make any efforts to further exploiting their access after deploying the backdoor now tracked as Sunburst or Solarigate.

By Sergiu Gatlan - Bleeping Computer

VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks and said that the hackers did not make any attempts of further exploitation after gaining access through the deployed backdoor.

Europol and the European Commission have launched a new decryption platform that will help boost Europol’s ability to ga...
12/19/2020
Europol launches new decryption platform for law enforcement

Europol and the European Commission have launched a new decryption platform that will help boost Europol’s ability to gain access to information stored in encrypted media collected during criminal investigations.

The new decryption platform operated by Europol's European Cybercrime Centre (EC3) was developed in collaboration with the European Commission's Joint Research Centre science and knowledge service.

By Sergiu Gatlan - Bleeping Computer

Europol and the European Commission have launched a new decryption platform that will help boost Europol's ability to gain access to information stored in encrypted media collected during criminal investigations.

An advisory from the U.S. National Security Agency provides Microsoft Azure administrators guidance to detect and protec...
12/19/2020
NSA warns of hackers forging cloud authentication information

An advisory from the U.S. National Security Agency provides Microsoft Azure administrators guidance to detect and protect against threat actors looking to access resources in the cloud by forging authentication information.

The document considers an adversary that already breached the local network and has privileged access to the on-premise authentication mechanisms for the cloud infrastructure.

By Ionut Ilascu - Bleeping Computer

An advisory from the U.S. National Security Agency is providing Microsoft Azure administrators guidance to detect and protect against threat actors looking to access resources in the cloud by forging authentication information.

Google has disabled a feature that displays a warning when submitting insecure forms after receiving many complaints fro...
12/19/2020
Google Chrome disables insecure form warnings after complaints

Google has disabled a feature that displays a warning when submitting insecure forms after receiving many complaints from users and website administrators.

Google has been focusing on removing mixed-content in Google Chrome, when a secure page (HTTPS) loads content from an insecure (HTTP) URL. As part of this initiative, Google rolled out a new feature in Chrome 86 that warns users when submitting insecure forms from a secure (HTTPS) page to an insecure (HTTP) URL.

By Lawrence Abrams - Bleeping Computers

Google has disabled a feature that displays a warning when submitting insecure forms after receiving many complaints from users and website administrators.

In the past few months researchers have detected hundreds of attempted SystemBC deployments globally, as part of recent ...
12/17/2020
Ryuk, Egregor Ransomware Attacks Leverage SystemBC Backdoor

In the past few months researchers have detected hundreds of attempted SystemBC deployments globally, as part of recent Ryuk and Egregor ransomware attacks.

Commodity malware backdoor SystemBC has evolved to now automate a number of key activities, as well as use the anonymizing Tor platform. These overarching changes make it both easier for cybercriminals to deploy the backdoor, as well as cloak the destination of the command-and-control (C2) traffic.

By Lindsey O'Donnell - Threatpost

In the past few months researchers have detected hundreds of attempted SystemBC deployments globally, as part of recent Ryuk and Egregor ransomware attacks.

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrenc...
12/17/2020
Malicious RubyGems packages used in cryptocurrency supply chain attack

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users.

RubyGems is a package manager for the Ruby programming language that allows developers to download and integrate code developed by other people into their programs.

By Lawrence Abrams - Bleeping Computer

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users.

Iranian-backed hacking group Fox Kitten has been linked to the Pay2Key ransomware operation that has recently started ta...
12/17/2020
Iranian nation-state hackers linked to Pay2Key ransomware

Iranian-backed hacking group Fox Kitten has been linked to the Pay2Key ransomware operation that has recently started targeting organizations from Israel and Brazil.

"We estimate with medium to high confidence that Pay2Key is a new operation conducted by Fox Kitten, an Iranian APT group that began a new wave of attacks in November-December 2020 that entailed dozens of Israeli companies," threat intelligence firm ClearSky says.

By Sergiu Gatlan - Bleeping Computer

Iranian-backed hacking group Fox Kitten has been linked to the Pay2Key ransomware operation that has recently started targeting organizations from Israel and Brazil.

Microsoft, FireEye, and GoDaddy have collaborated to create a kill switch for the SolarWinds Sunburst backdoor that forc...
12/17/2020
FireEye, Microsoft create kill switch for SolarWinds backdoor

Microsoft, FireEye, and GoDaddy have collaborated to create a kill switch for the SolarWinds Sunburst backdoor that forces the malware to terminate itself.

This past weekend it was revealed that Russian state-sponsored hackers breached SolarWinds and added malicious code to a Windows DLL file used by their Orion IT monitoring platform.

By Lawrence Abrams - Bleeping Computer

Microsoft, FireEye, and GoDaddy have collaborated to create a kill switch for the SolarWinds Sunburst backdoor that forces the malware to terminate itself.

The compromise of multiple US federal networks following the SolarWinds breach was officially confirmed for the first ti...
12/17/2020
FBI, CISA officially confirm US govt hacks after SolarWinds breach

The compromise of multiple US federal networks following the SolarWinds breach was officially confirmed for the first time in a joint statement released earlier today by the FBI, DHS-CISA, and the Office of the Director of National Intelligence (ODNI).

"Over the course of the past several days, the FBI, CISA, and ODNI have become aware of a significant and ongoing cybersecurity campaign," the US intelligence agencies said [1, 2].

By Sergiu Gatlan - Bleeping Computer

The compromise of multiple US federal networks following the SolarWinds breach was officially confirmed for the first time in a joint statement released earlier today by the FBI, DHS-CISA, and the Office of the Director of National Intelligence (ODNI).

The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch.The vul...
12/17/2020
WordPress plugin with 5 million installs has a critical vulnerability

The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch.

The vulnerable plugin, Contact Form 7, has over 5 million active installs making this urgent upgrade a necessity for WordPress site owners out there.

By Ax Sharma - Bleeping Computer

The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch. The vulnerable plugin, Contact Form 7, has over 5 million active installations making this upgrade a necessity for WordPress site owners out there.

Hewlett Packard Enterprise (HPE) has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insi...
12/16/2020
HPE discloses critical zero-day in server management software

Hewlett Packard Enterprise (HPE) has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux.

While security updates are not yet available for this remote code execution (RCE) vulnerability, HPE has provided Windows mitigation info and is working on addressing the zero-day.

By Sergiu Gatlan - Bleeping Computer

Hewlett Packard Enterprise (HPE) has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux.

SystemBC, a commodity malware sold on underground marketplaces, is being used by ransomware-as-a-service (RaaS) operatio...
12/16/2020
Ransomware gangs automate payload delivery with SystemBC malware

SystemBC, a commodity malware sold on underground marketplaces, is being used by ransomware-as-a-service (RaaS) operations to hide malicious traffic and automate ransomware payload delivery on the networks of compromised victims.

The malware, first spotted in 2018 and used in several 2019 campaigns as a "virtual private network", has allowed ransomware gangs and their affiliates to deploy a persistent backdoor on the targets' systems in the form of a Tor SOCKS5 proxy.

By Sergiu Gatlan - Bleeping Computer

SystemBC, a commodity malware sold on underground marketplaces, is being used by ransomware-as-a-service (RaaS) operations to hide malicious traffic and automate ransomware payload delivery on the networks of compromised victims.

The City of Independence, Missouri, suffered a ransomware attack last week that continues to disrupt the city's services...
12/16/2020
Ransomware attack causing billing delays for Missouri city

The City of Independence, Missouri, suffered a ransomware attack last week that continues to disrupt the city's services.

At the beginning of the month, Independence suffered a ransomware attack that forced them to shut down their IT system as they recovered from the attack.

By Lawrence Abrams - Bleeping Computer

The City of Independence, Missouri, suffered a ransomware attack last week that continues to disrupt the city's services.

Vulnerability submissions have increased over the past 12 months on at least one crowdsourced security platform, with cr...
12/16/2020
Pandemic year increases bug bounties and report submissions

Vulnerability submissions have increased over the past 12 months on at least one crowdsourced security platform, with critical issue reports recording a 65% jump.

The data comes from the Bugcrowd platform and also reflects growth in payouts as ethical hackers are hunting down more critical vulnerabilities by chaining bugs and developing proof-of-concept exploit code.

By Ionut Ilascu - Bleeping Computer

Vulnerability submissions have increased over the past 12 months on at least one crowdsourced security platform, with critical issue reports recording a 65% jump.

Newly discovered Windows info-stealing malware linked to an active threat group tracked as AridViper shows signs that it...
12/16/2020
New Windows malware may soon target Linux, macOS devices

Newly discovered Windows info-stealing malware linked to an active threat group tracked as AridViper shows signs that it might be used to infect computers running Linux and macOS.

The new trojan, dubbed PyMICROPSIA by Unit 42, was discovered while investigating AridViper activity (also tracked as Desert Falcon and APT-C-23), a group of Arabic speaking cyberspies focusing their attacks on Middle Eastern targets since at least 2011.

By Sergiu Gatlan - Bleeping Computer

Newly discovered Windows info-stealing malware linked to an active threat group tracked as AridViper shows signs that it might be used to infect computers running Linux and macOS.

Microsoft has announced today that Microsoft Defender will begin quarantining compromised SolarWind Orion binaries start...
12/16/2020
Microsoft to quarantine compromised SolarWinds binaries tomorrow

Microsoft has announced today that Microsoft Defender will begin quarantining compromised SolarWind Orion binaries starting tomorrow morning.

Over the weekend, it was revealed that Russian nation-state hackers breached SolarWinds, a network management software developer, and added malicious code to their Orion Platform.

By Lawrence Abrams - Bleeping Computer

Microsoft has announced today that Microsoft Defender will begin quarantining compromised SolarWind Orion binaries starting tomorrow morning.

This week, Mattermost, in coordination with Golang has disclosed 3 critical vulnerabilities within Go language's XML par...
12/15/2020
Critical Golang XML parser bugs can cause SAML authentication bypass

This week, Mattermost, in coordination with Golang has disclosed 3 critical vulnerabilities within Go language's XML parser.

If exploited, these vulnerabilities, also impacting multiple Go-based SAML implementations, can lead to a complete bypass of SAML authentication which powers prominent web applications today.

By Ax Sharma - Bleeping Computer

This week, Mattermost, in coordination with Golang has disclosed 3 critical vulnerabilities within Go language's XML parser. If exploited, these vulnerabilities, also impacting multiple Go-based SAML implementations, can lead to a complete bypass of SAML authentication which powers prominent web ap...

After 24 years of fun games and abuse by threat actors, Adobe has released their final Flash Player update and thanked e...
12/14/2020
Adobe releases final Flash Player update, warns of 2021 kill switch

After 24 years of fun games and abuse by threat actors, Adobe has released their final Flash Player update and thanked everyone for the fantastic content that they have released over the years.

The first version of Adobe Flash Player was released in January 1996 and was immediately adopted by developers to create interactive content on the web. For many, the first introduction to an online game was through Flash games strewn across the Internet.

By Lawrence Abrams - Bleeping Computer

After 24 years of fun games and abuse by threat actors, Adobe has released their final Flash Player update and thanked everyone for the fantastic content that they have released over the years.

Intel-owned AI processor developer Habana Labs has suffered a cyberattack where data was stolen and leaked by threat act...
12/14/2020
Intel's Habana Labs hacked by Pay2Key ransomware, data stolen

Intel-owned AI processor developer Habana Labs has suffered a cyberattack where data was stolen and leaked by threat actors.

Habana Labs is an Israeli developer of AI processors that accelerate artificial intelligence workloads in the datacenter. Intel purchased the company in December 2019 for approximately $2 billion.

By Lawrence Abrams - Bleeping Computer

​Intel-owned AI processor developer Habana Labs has suffered a cyberattack where data was stolen and leaked by threat actors.

Molerats cyberespionage group has been using in recent spear-phishing campaigns fresh malware that relies on Dropbox, Go...
12/14/2020
Hacking group’s new malware abuses Google and Facebook services

Molerats cyberespionage group has been using in recent spear-phishing campaigns fresh malware that relies on Dropbox, Google Drive, and Facebook for command and control communication and to store stolen data.

The hackers have been active since at least 2012 and are considered to be the low-budget division of a larger group called the Gaza Cybergang.

By Ionut Ilascu - Bleeping Computer

Molerats cyberespionage group has been using in recent spear-phishing campaigns fresh malware that relies on Dropbox, Google Drive, and Facebook for command and control communication and to store stolen data.

Address

161 Fort Evans Rd NE Ste 325
Leesburg, VA
20176

Opening Hours

Monday 09:00 - 17:00
Tuesday 09:00 - 17:00
Wednesday 09:00 - 17:00
Thursday 09:00 - 17:00
Friday 09:00 - 17:00

Telephone

(703) 995-9903

Alerts

Be the first to know and let us send you an email when Grey Wolf Security posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Grey Wolf Security:

Nearby computer & electronics services


Other Information Technology Companies in Leesburg

Show All