Threats of the Week – July 15, 2019

Threats of the Week – July 15, 2019

Agent Smith Malware

A newly discovered piece of Android malware that replaces portions of apps with its own code has infected more than 25 million devices, according to security firm Check Point. Check Point’s researchers named the malware “Agent Smith” because of the methods it uses to attack a device and avoid detection.

The malware doesn’t steal data from a user. Instead, it hacks apps and forces them to display more ads or takes credit for the ads they already display so that the malware’s operator can profit off the fraudulent views. Check Point says the malware looks for known apps on a device, such as WhatsApp, Opera Mini, or Flipkart, then replaces portions of their code and prevents them from being updated.

Source: The Verge

How do you protect yourself?

Proper security measures must be in place to defend against Agent Smith malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-1170

Mozilla has released security patches for vulnerabilities in Firefox. Some of these bugs showed evidence of memory corruption and is presumed that with enough effort that some of these could be exploited to run arbitrary code.

Source: Mozilla

How do you protect yourself?

Update Firefox to version 68.

eCh0raix Ransomware

A newly discovered form of ransomware is targeting network storage devices by brute-forcing weak credentials and exploiting known vulnerabilities in their systems.

Dubbed eCh0raix after a string of code, the new form of file-locking malware emerged in June and has been detailed by cybersecurity researchers at Anomali. The ransomware specifically targets QNAP network attached storage (NAS) devices produced by Taiwanese firm QNAP systems, which has offices in 16 countries and customers around the world.

The attacks are opportunistic, with the initial infection coming via unsecured, internet-facing ports and the use of brute-force attacks to bypass weak login credentials. NAS devices make appealing targets for cybercriminals dealing in ransomware, because they’re used to store critical data and backups – but despite this, the devices don’t tend to be equipped with security software.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against eCh0raix ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – July 8, 2019

Threats of the Week – July 8, 2019

Golang Malware

A new form of malware has been spotted in the wild by cybersecurity companies which say the code’s main focus is the fraudulent mining of the Monero (XMR) cryptocurrency.

The spreader malware is based on the open-source Go programming language.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Golang malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-2104

Android has released its monthly security bulletin. Security patch levels of 2019-07-05 or later address all of these issues.

The vulnerability in this section could enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions.

Source: Android

How do you protect yourself?

Check your Android for updates to the latest version.

Sodin Ransomware

The ransomware, named Sodin, takes advantage of a zero-day vulnerability in the Windows operating system, which means that victims don’t even need to download and run a malicious attachment (which was typically essential for the success of a ransomware campaign).

Instead, all they need to do is find a vulnerable server and send a command to download a malicious file called “radm.exe.” This then saved the ransomware locally and executed it.

Source: ITProPortal

How do you protect yourself?

Proper security measures must be in place to defend against Sodin ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – July 2, 2019

Threats of the Week – July 2, 2019

Silex Malware

A new strain of malware is wiping the firmware of IoT devices in attacks reminiscent of the old BrickerBot malware that destroyed millions of devices back in 2017.

Named Silex, this malware began operating earlier today, about three-four hours before this article’s publication.

The malware had bricked around 350 devices when this reporter began investigating its operations, and the number quickly spiked to 2,000 wiped devices by the time we published, an hour later.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Silex malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.


CVE-2019-5439


VideoLAN has released a security advisory that affects VLC media player 3.0.6 and earlier.

A remote user can create some specially crafted avi or mkv files that, when loaded by the target user, will trigger a heap buffer overflow (read) in ReadFrame (demux/avi/avi.c), or a double free in zlib_decompress_extra() (demux/mkv/utils.cpp) respectively

If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.

Source: VideoLAN

How do you protect yourself?

VLC media player 3.0.7 addresses the issues. This release also fixes an important security issue that could lead to code execution when playing an AAC file.


Sodinokibi Ransomware


The Sodinokibi Ransomware has been spotted being distributed through malvertising that redirects to the RIG exploit kit. With the use of exploit kits, Sodinokibi is now using a wide stream of vectors to infect victims with the ransomware.

With the addition of exploit kits to the distribution arsenal, this ransomware is poised to be a big player in the ransomware space.

Source: Bleeping Computer

How do you protect yourself?

Proper security measures must be in place to defend against Sodinokibi ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – June 24, 2019

Threats of the Week – June 24, 2019

Plurox Malware

A new strain of malware has been spotted in the wild by the Kaspersky security team. Named Plurox, this new malware is a cut above the usual malware strains security researchers encounter on a daily basis.

According to Kaspersky, Plurox, despite being in early testing, has some pretty advanced features and can act as a backdoor into infected enterprise networks, can spread laterally to compromise even more systems, and can mine cryptocurrencies using one of eight different plugins.

In other words, the malware can work as a backdoor trojan, a self-spreading virus, and a crypto-miner, all at the same time.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Plurox malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-11708

Mozilla Firefox has announced security updates for Firefox and Firefox ESR.

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user’s computer.

Source: Mozilla

How do you protect yourself?

Security vulnerabilities are fixed in Firefox 67.0.4 and Firefox ESR 60.7.2. Ensure your browser is up to date.

Ryuk Ransomware

A new variant of the Ryuk Ransomware has been discovered that adds IP address and computer blacklisting so that matching computers will not be encrypted.

With this new variant, the ransomware will check the output of arp -a for particular IP address strings, and if they are found, will not encrypt the computer.

Source: Bleeping Computer

How do you protect yourself?

Proper security measures must be in place to defend against Ryuk ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – June 17, 2019

Threats of the Week – June 17, 2019

IPStorm Malware

A new malware campaign aimed at Windows machines features a novel technique to control the resulting botnet, with the group behind it hiding their communications using a P2P network.

It’s not known who the author of IPStorm is or where they are operating from, but the malware has a ‘reverse shell’ functionality that can allow hackers to execute any arbitrary PowerShell code on the infected machine.

What’s interesting about the malware, according to researchers at cybersecurity firm Anomali, is that it is the first malware found in the wild that is using IPFS’ p2p network for its command and control communication. By using a legitimate p2p network, the malware can hide its network traffic among legitimate p2p network traffic.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against IPStorm malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-7845

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability in Adobe Flash Player versions 32.0.0.192  and earlier. Successful exploitation could lead to arbitrary code execution in the context of the current user. 

Source: Adobe

How do you protect yourself?

Ensure Adobe Flash Player is updated with the latest version (Version 32.0.0.207).

Buran Ransomware

The RIG exploit kit is now infecting victim’s computers with a new ransomware variant called Buran. This ransomware is a variant of the Vega ransomware that was previously being distributed through Russian malvertising campaigns.

While there are some minor changes in the new Buran variant, the encryption process for the most part appears to be the same as the one distributed in Russia.

Source: Bleeping Computer

How do you protect yourself?

Proper security measures must be in place to defend against Buran ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – June 10, 2019

Threats of the Week – June 10, 2019

BlackSquid Malware

A new form of malware has emerged from the depths to attack web servers with a barrage of exploits designed to land illicit cryptocurrency miners.

The overall aim is to compromise web servers, network drives, and removable storage to install XMRig, a Monero cryptocurrency miner script, on target machines.

In addition, BlackSquid is capable of brute-force attacks, anti-virtualization, anti-debugging, and anti-sandboxing techniques, as well as worm-like propagation capabilities.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against BlackSquid malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-2093

Android has released its monthly security bulletin. The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

Source: Android

How do you protect yourself?

Ensure your Android is updated with the latest version.

Maze Ransomware

A variant of the Maze Ransomware, otherwise known as the ChaCha Ransomware, has been spotted being distributed by the Fallout exploit kit. An interesting feature of this ransomware is that it says the ransom amount will be different depending on whether the victim is a home computer, server, or workstation.

An interesting feature of this ransomware is that it will try and detect whether the computer is a home computer, workstation, domain controller, server, etc and then states it changes the ransom amounts accordingly.

Source: Bleeping Computer

How do you protect yourself?

Proper security measures must be in place to defend against Maze ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.