MSS News: Today's Daily Report


Overall things have been steady over the past few days. We are still seeing EvilOSX and Drupal vulnerabilities being exploited. IN addition Necurs activity has increased and is significantly expanded. We have reported some suspicious CDN activity as well as some targeted malware infections that appear to be nation state activity.

Most of the Drupal based activity is cryptocurrency mining operations but there have been some targeted reports of direct attacks from North Korea using these same methods but they are a rarity. We are seeing Criminal Click Through activity as well and the usual scanning and automation attempts. It is apparent that SamSam is also active and being exploited in the healthcare sector.

Recent Security News

Office365 Targeting - We have seen an uptick in Office 365 "Synching Failed" messages. You can clearly tell it's not from Microsoft when links are to compromised servers. Keep an eye out for this type of activity. See activity below.

Additional alerts have been sent to Jigsaw Security customers.

Recent Security Events

Office 365 Message Sync Messages - This activity continues and is being used to track those that click the links in the email which then targets the users for additional attacks. Event: 28786

Adsense Activity - Seeing lots of ad tracking from Adsense domains. Event: None (Blocked/Sinkholed)

Network Time Protocol Windows Daemon getEndptFromIoCtx Denial of Service - Which is covered in CVS-2016-9312 - We are seeing this activity from 51[.]15[.]13[.]124.

NetCore and Remote Command Execution Attacks - We are still seeing router based attacks from 2 IP's Event: Historical

IOCS:

51[.]15[.]13[.]124

#MSS

5 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.