Upcoming TriVault Platform Updates

We are excited to announce some upcoming updates to the TriVault integrated platform. These updates are scheduled for 2/16/2019 around midnight, with an expected downtime of roughly 2 hours. The release will take 2 hours to deploy, during which time TriVault’s operations will be in maintenance mode; however, we are still able to log and monitor during this time and will have dedicated staff doing so. Updates: TLS 1.2 will be used as an option across our communication client. Fixed licensing issue displaying the wrong count at times. No individuals […]

Hacked Twitter Accounts Being Used to Promote Saudi Leaders

“An account spreading pro-Saudi messages actually belonged to a deceased Weather Channel meteorologist.” – Aljazeera Multiple verified Twitter accounts have been taken over by some pro-Saudi operatives. They are being used to promote Saudi Arabia and its leadership, according to an academic that researches multiple digital propaganda silos and Twitter bots. At least four of these accounts are verified Twitter accounts, meaning that these people usually hold some sort of weight or social impact and are verified to be who they are. One even belonged to a meteorologist who died over […]

Android Phones can be Hacked Remotely by Viewing Malicious Image

“Android users are being told to patch their Android OS Nougat (7.0), Oreo (8.0) and Pie (9.0) as soon as updates are available after a bug related to PNG images was found.” Android devices are now vulnerable to a new malicious image that looks innocent, but can be dangerous and acquired just by browsing the internet or receiving the image via text. While this doesn’t apply to all images, Google has discovered that a specific malicious PNG image is being used to hijack a variety of Android devices (those running […]

Ransomware Update: Where We Stand With This Threat

This past week we saw a lot of new variants of the same existing ransomware out in the wild. While TriVault is able to prevent and mitigate ransomware, stopping it in its tracks isn’t always easy for other cyber security companies. With the number of variants out there still on a steady increase, this goes to show that there are still victims in troves. New variants of STOP, Dharma, and Jigsaw ransomware were introduced this past week. According to Bleepingcomputer.com, there was also a ransomware downloader created from “pixels of […]

Fake Google Update Trojan, Azorult, Steals Passwords

The AZORult malware strain, an information stealer and downloader, has been observed by Minerva labs’ research team to be posing as a signed Google Update installer and achieves persistence by replacing the real Google Updater program on machines that have been compromised. This trojan, also known to be acting as a downloader for multiple other malware payloads, deploys malware in multi-stage campaigns and has been detected as part of complex campaigns that have been involved in spreading ransomware, data and cryptocurrency stealing malware. AZORult is designed to exfiltrate sensitive information, especially in large quantities, from files, […]

FCC’s Ajit Pai isn’t Going to Meet Congress About Phone-Tracking Scandal

The chairman is blaming government shutdown… Federal Communications Commission Chairman Ajit Pai has decided not to brief a Congressional committee on Monday about mobile carriers’ abilities to share their subscribers’ location data with third parties, even if those subscribers are not aware of the sharing or unwilling to share. Rep. Frank Pallone Jr., who is the chair of the congressional House Committee on Energy and Commerce, reached out to Pai for an emergency briefing after a Motherboard investigation revealed that carriers are selling their customers’ location data. The committee was told theleader of the FCC wouldn’t […]

Increase in Scammers Stealing Employee Paychecks

Business email compromise (BEC) scams are way up. There is a new trend showing its true colors where fraudsters are tricking human resource departments into changing employee’s direct deposit banks to divert paychecks into an account they own and/or control. More common BEC scams surround wire transfers and tricking employees into wiring money to unauthorized accounts; however, these cybercriminals are going one step further by stealing employee paychecks. TriVault has seen a massive increase in BEC attempts recently surrounding the diversion of monthly and bi-weekly wages. While filtering out dangerous […]

TriVault February Updates Announced

The February update will primarily consist of updates to our EDR suite; however, the much-anticipated launch of the TriVault SOC Tool will be coming in February as well. All enterprise organizations that request access to the TriVault SOC Tool will be provided this access at absolutely no cost. Individuals are not yet free to use this tool, unless sponsored by an organization. In continuance of our previous update, throughout January and February, expect changes and adjustments to be made to the website. We are continuously adding new content, and will […]

Kaspersky Potentially Helped U.S. Catch Alleged NSA Data Thief

Kaspersky came under fire in recent history over potential shady ties to the Russian government; however, with a twist of events, it appears that Kaspersky Lab may have assisted the U.S. National Security Agency (NSA) in capturing an alleged data thief. Back in late August of 2016, U.S. authorities had arrested Harold T. Martin III, and then indicted him in February of 2017 on 20 counts of unauthorized and willful retention of national defense information and data. This is after a tip from the Moscow-based security firm had led authorities […]

Criminals Claimed at Least 4.3% of All Monero Crypto Coins

Researchers from the Universidad Carlos III de Madrid, as well as the King’s College London, have analyzed a large set of data including over 4.4 million malware samples collected from 2007 to 2018. The researchers quantified the amount of Monero cryptocurrency (XMR) coins that criminals using crypto-mining malware have been able to acquire. OSINT data and static/dynamic analyses were grouped to efficiently extract data from these malware samples. This includes mining pools and wallet identifiers. The remaining information extracted has allowed researchers to estimate the rough sum of profits secured […]