Threats of the Week – September 16, 2019

Threats of the Week – September 16, 2019

PsiXBot Malware

A new variant of PsiXBot, malware configured for the theft of information and cryptocurrency, has been spotted in the wild which abuses Google’s DNS over HTTPS service.

PsiXBot is a relatively new strain of malware, having first been discovered in 2017. Written in .NET, the malicious code has undergone an array of changes and evolutions, and according to Proofpoint researchers, the latest upgrade includes some very interesting alterations.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against PsiXBot Malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-23211

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Source: Adobe

How do you protect yourself?

Update Adobe Flash Player to version 32.0.0.255.

Ryuk Related Malware

A new malware with strange associations to the Ryuk Ransomware has been discovered to look for and steal confidential financial, military, and law enforcement files.

While Ryuk Ransomware encrypts a victim’s files and then demands a ransom, it is not known for actually stealing files from an infected computer. A new infection discovered today by MalwareHunterTeam, does exactly that by searching for sensitive files and uploading them to a FTP site under the attacker’s control.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Ryuk related malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – September 9, 2019

Threats of the Week – September 9, 2019

Glupteba Malware

A new variant of the Glupteba malware dropper is using the Bitcoin blockchain to fetch command and control (C2) server domains from Bitcoin transactions marked with OP_RETURN script opcodes.

The new version has switched to malvertising as the means of distribution and it comes with two more modules besides the newly added Bitcoin blockchain C2 updater, namely an info stealer and an exploit that targets local MikroTik routers.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Glupteba Malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-2176

Android has released its monthly security bulletin. The most severe of these issues is a critical security vulnerability in the Media framework component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. 

Source: Android

How do you protect yourself?

Check Android for the latest security patches and update accordingly.

Nemty Ransomware

The operators of Nemty ransomware appear to have struck a distribution deal to target systems with outdated technology that can still be infected by exploit kits.

Exploit kits are not as commonly used since they typically thrive on vulnerabilities in Internet Explorer and Flash Player, two products that used to dominate the web a few years ago but are now with one foot out in the grave.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Nemty Ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – September 3, 2019

Threats of the Week – September 3, 2019

Ares Botnet

A new IoT botnet named Ares is infecting Android-based devices that have left a debug port exposed on the Internet.

The attacks aren’t using a vulnerability in the Android operating systems, but are exploiting a configuration service that has been left enabled and unprotected on some set-top boxes installations.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Ares botnet and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-5869

A vulnerability has been discovered in Google Chrome which could result in arbitrary code execution. This vulnerability is a use-after-free vulnerability in Blink that can be exploited if a user visits, or is redirected to, a specially crafted web page.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions.

Source: Center for Internet Security

How do you protect yourself?

Update Google Chrome to version 76.0.3809.132.

Trickbot Trojan

A new Trickbot Trojan variant was spotted while focusing on stealing PIN codes from Verizon Wireless, T-Mobile, and Sprint users, marking a new step in this malware’s development.

TrickBot (also known as Trickster, TheTrick, and TrickLoader) is a banking Trojan that has been continuously upgraded throughout the years with new modules and capabilities since October 2016 when it was initially observed in the wild.

While in the beginning it only came with banking Trojan capabilities designed to collect and deliver as much sensitive data as possible to its masters, it is now also become a popular malware dropper capable of infecting compromised machines with other malware families.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Trickbot Trojan and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – August 26, 2019

Threats of the Week – August 26, 2019

Adwind Remote Access Trojan

Attackers are targeting entities from the utility industry with the Adwind Remote Access Trojan (RAT) malware via a malspam campaign that uses URL redirection to malicious payloads.

Adwind (also known as jRAT, AlienSpy, JSocket, and Sockrat) is distributed by its developers to threat actors under a malware-as-a-service (MaaS) model and it is capable of evading detection by most major anti-malware solutions.

While the Adwind Trojan manages to avoid detection by some anti-malware solutions, sandbox- and behavior-based antivirus software should be capable of detecting and block it successfully.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Adwind remote access trojan and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.


CVE-2019-13602


VideoLAN has released security updates for the VLC media player that address multiple vulnerabilities.

A remote user could create a specifically crafted file that could trigger issues ranging from buffer overflows to division by zero. If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.

Source: VideoLAN

How do you protect yourself?

Update the VLC media player to VLC media player 3.0.8.


NanoCore Remote Access Trojan


A new version of a powerful form of trojan malware is being offered on the dark web for free, with one cybersecurity company warning this could lead to a rise in attacks targeting passwords, bank details and other personal information, even by crooks with limited technical skills.

Uncovered by security researchers at LMNTRIX Labs, NanoCore v1.2.2 offers users a variety of attacks against Windows systems, including the ability to steal passwords, perform keylogging and secretly record audio and video footage using the webcam.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against NanoCore remote access trojan and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – August 19, 2019

Threats of the Week – August 19, 2019

Norman Cryptomining Malware

A newly-discovered form of cryptocurrency-mining malware is capable of remaining so well-hidden that researchers investigating it found that it had spread to almost every computer at a company that had become infected.

The malware has been built to be extremely persistent and it keeps in regular contact with a command and control server, which if needed, could provide new instructions or terminate the malware, although researchers note that during the analysis, no new commands were received.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Norman cryptomining malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-8077

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.    

Source: Adobe

How do you protect yourself?

Update the Adobe software to the latest version.

Cerberus Malware

A new banking trojan for Android devices relies on the accelerometer sensor to delay its running on the system and thus evade analysis from security researchers.

Payload and string obfuscation are normal techniques for making analysis and detection more difficult, but Cerberus also uses a mechanism that determines if the infected system is moving or not.

Source: Bleeping Computer

How do you protect yourself?

Proper security measures must be in place to defend against Cerberus malware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – August 12, 2019

Threats of the Week – August 12, 2019

Clipsa Malware

A new malware strain named Clipsa has been making the rounds for the past year, infecting users from all over the world.

What stands out about this new threat is that besides classic malware features — such as the ability to steal cryptocurrency wallet files, install a cryptocurrency miner, and hijacking the user’s clipboard to replace cryptocurrency addresses — Clipsa also includes a somewhat strange feature that allows it to launch brute-force attacks against WordPress websites.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Clipsa Malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-2130

Android has released its monthly security bulletin for August.

The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted PAC file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

Source: Android

How do you protect yourself?

Update Android to the latest version.

Echobot Botnet

A new variant of Echobot botnet has been spotted to include over 50 exploits leading to remote code execution (RCE) vulnerabilities in various Internet-of-Things devices.

The latest Echobot variant was found by security researcher Carlos Brendel Alcañiz, and uses 59 different RCE exploits to propagate.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Echobot Botnet and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.