The team at Jigsaw Security is watching closely a campaign known as Capesand. It appears as though the exploit kit is in active development and we have been tracking activity associated with the threat actor. The exploits observed are not all new but newer vulnerabilities are being leveraged to gain a foothold on victims computers. Observed Vulnerabilities Some of the observed vulnerabilities include CVE-2019-0752 aimed at targeting Internet Explorer users and CVE-2018-4878 a

Analytics within Jigsaw Security's Analytic Platform are indicating a huge and very active campaign by Russia to infiltrate critical infrastructure, Government, military and contractor facilities silently. Much of the activity has been discovered and stopped but we have noticed large numbers of systems looking for vulnerabilities that should have been patched for years. Routers are a specific and favorite target of this groups activity. We are all aware of VPNFilter malware a

ASUS router users should pay attention. Our SOC started seeing an old vulnerability CVE-2014-9583 originating from 179.219.203[.]40. End users should stay vigilant. Recently there have been a large number of attacks on network routers since ISP's seem to forget that the default passwords need to be changed. We have seen large botnets forming and being used in some very large attacks. While most ASUS brand routers have probably been patched against this threat, it is probably

Today we are reporting on a phishing attempt and although we don't normally agree with Kaspersky, they got it right this time. A screenshot from Virustotal IOC's of Concern 104[.]168[.]177[.]9 adoos[.]us burraqcloud[.]com cancerhelpworld[.]com cshop[.]click diamondedgeoutdoormanagement[.]com e-fair[.]com[.]sg hotlocalmarketing[.]com https://kaidestivs[.]com/gheldium/ kaidestivs[.]com nolansbrickovenbistro[.]net pcgaminglabs[.]com thetrendng[.]com www.e-fair.com[.

Jigsaw Security has been watching (and receiving of late) many malware laden documents. Starting about 2 weeks ago we started seeing an uptick in documents in our inboxes. Shortly after Cisco Talos posted a bulletin and several organizations to include Alienvault and Cisco began sharing information. Upon researching the documents we have decided to release the list of host that are involved as well as some of the recent detections. Here is what Cisco Talos had to say about it