Threats of the Week – February 19, 2020

Threats of the Week – February 19, 2020

Emotet Trojan

A newly uncovered Emotet malware sample has the ability to spread to insecure Wi-Fi networks that are located nearby to an infected device.

If the malware can spread to these nearby Wi-Fi networks, it then attempts to infect devices connected to them — a tactic that can rapidly escalate Emotet’s spread, said researchers

Source: ThreatPost

How do you protect yourself?

Proper security measures must be in place to defend against Emotet trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-3742

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Source: Adobe

How do you protect yourself?

Updated Adobe Acrobat and Reader to the latest version.

KBOT Virus

KBOT, a virus that spreads by injecting malicious code into Windows executable files, is the “first “living” virus in recent years that we have spotted in the wild.”

KBOT is able to spread through Internet-facing systems, local networks, and removable drives. Once a system is infected, the malware writes itself to Startup and the Task Scheduler, infecting all .exe files on logical drives and shared network folders in its path.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against KBOT virus and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – February 19, 2020

Threats of the Week – February 3, 2020

CARROTBALL malware

A new malware called CARROTBALL, used as a second-stage payload in targeted attacks, was distributed in phishing email attachments delivered to a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against CARROTBALL malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-3715

Magento has released updates for Magento Commerce and Open Source editions. These updates resolve critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution.

Source: Adobe

How do you protect yourself?

Updated Magento Commerce and/or Open Source to the latest version.

Snake Ransomware

An Israeli cybersecurity firm said it believes a new strain of ransomware was created by Iran and has the ability to lock up or even delete industrial control systems.

The ransomware, like others of its kind, encrypts programs and documents on infected machines. But it also removes all file copies from infected stations, preventing the victims from recovering encrypted files.

Source: Bloomberg

How do you protect yourself?

Proper security measures must be in place to defend against Snake Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – February 19, 2020

Threats of the Week – January 27, 2020

sLoad malware

sLoad’s main purpose is to infect Windows PCs, gather information about the system they infected, send this info to a command and control (C&C) server, and then wait for instructions to download and install a second malware payload.

The malware exists to serve as a delivery system for more potent malware strains and to help the sLoad gang make money by providing pay-per-install space for other cybercriminal operations (e.g.; such as the Ramnit banking trojan gang).

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against sLoad malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-6858

Schneider Electric is aware of a vulnerability in the MSX Configurator product. Uncontrolled Search Path Element vulnerability exists which could cause privilege escalation when injecting a malicious DLL.

Source: Schneider Electric

How do you protect yourself?

This vulnerability is fixed in version V1.0.8.1 MSX Configurator software.

FTCODE Ransomware

The recently discovered ransomware FTCODE has evolved to include new information-stealing capabilities, and is now infecting victims via VBScript links in phishing emails.

The new iteration, version 1117.1, contains code that steals credentials from Internet Explorer, Mozilla Firefox and Thunderbird, Google Chrome and Microsoft Outlook.

Source: SC Magazine

How do you protect yourself?

Proper security measures must be in place to defend against FTCODE Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – February 19, 2020

Threats of the Week – January 20, 2020

Oski malware

An emergent and effective data-harvesting tool dubbed Oski is proliferating in North America and China, stealing online account credentials, credit-card numbers, cryptowallet accounts and more.

Oski started out targeting victims in North America, but in the last few days has added China to its set of targeted geographies. It’s also virulent: when it was first investigated, Oski had racked up 43,336 stolen passwords, primarily from Google campaigns. About 10 hours later, that number had increased to 49,942, with an in the logs from 88 to 249.

Source: ThreatPost

How do you protect yourself?

Proper security measures must be in place to defend against Oski malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-16466

Adobe has released security updates for Adobe Experience Manager (AEM). These updates resolve multiple vulnerabilities in AEM versions 6.5 and below rated Important and Moderate. Successful exploitation could result in sensitive information disclosure.

Source: Adobe

How do you protect yourself?

Download and install the latest updates.

Ryuk Ransomware

The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them.

Wake-on-Lan is a hardware feature that allows a powered down device to be woken up, or powered on, by sending a special network packet to it. This is useful for administrators who may need to push out updates to a computer or perform scheduled tasks when it is powered down.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Ryuk Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – February 19, 2020

Threats of the Week – January 13, 2020

Predator the Thief malware

A hacking campaign that infects victims with username and password-stealing malware has been updated with new tricks as cyber criminals look to make their attacks more efficient, stealthier and more lucrative.

It adds new phishing documents to use as the lure to hook victims, such as invoices; a previous campaign used a fake court summons as a lure. The malware has also been provided with more tricks to avoid detection and analysis, using shellcode to make the malware more effective at detecting debuggers and sandboxes – something it now checks for every five seconds.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Lampion Trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-0002

Android has released its monthly security bulletin that contains details of security vulnerabilities affecting Android devices.

In one vulnerability, a remote attacker could use a specially crafted file to execute arbitrary code within the context of a privileged process.

Source: Android

How do you protect yourself?

Update Android to the latest version.

SNAKE Ransomware

A new ransomware family has been discovered that is being used to target and encrypt all of the devices on business networks.

The SNAKE ransomware is the latest example of enterprise targeting ransomware which is used by cybercriminals to infiltrate business networks, gather administrative credentials and encrypt the files of every computer on a network using post-exploitation tools.

Source: TechRadar

How do you protect yourself?

Proper security measures must be in place to defend against SNAKE Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – February 19, 2020

Threats of the Week – January 6, 2020

Lampion Trojan

New trojan called ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax during the last days of 2019.

It looks like the malware features the Trojan-Banker.Win32.ChePro family, but with improvements that make hard its detection and analysis.

Source: SecurityAffairs

How do you protect yourself?

Proper security measures must be in place to defend against Lampion Trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-20144

Gitlab has released a software security update for for GitLab Community Edition (CE) and Enterprise Edition (EE).

In one vulnerability, insufficient access verification lead to unauthorized modification of group runners through the API.

Source: Gitlab

How do you protect yourself?

Download and install versions 12.6.2, 12.5.6, and 12.4.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).

Clop Ransomware

The Clop Ransomware continues to evolve with a new and integrated process killer that targets some interesting processes belonging to Windows 10 apps, text editors, programming IDEs and languages, and office applications.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Clop Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.