Threats of the Week – May 7, 2020

Threats of the Week – May 7, 2020

GoDaddy Hack

Customers of one of the largest domain name registrar company – GoDaddy – are being warned about an attack that took place last October. An intruder gained access to users’ login information of their hosting account. The attack was only discovered last April 23. GoDaddy proceeded to reset the passwords for all the 28,000 users affected by the attack.

Source: Threat Post

How do you protect yourself?

Your organization should enact a credential monitoring program to be alerted when important credentials leak onto the dark web. Services like Secure IT – User Defence continuously scans the dark web for credential leaks and also train end-users on best cybersecurity practices.

Nefilim Ransomware

Toll Group, an Australian transportation company said its systems had been targeted by a new form of ransomware called Nefilim. The company that operates across 50 countries, detected unusual activity on some of its servers, which led to delays to customers. The hackers behind Nefilim gain access through vulnerable Remote Desktop Protocol (RDP) servers, like other types of ransomware, namely Nemty, Crysis and SamSam.

Source: Threat Post

How do you protect yourself?

Attacks via Remote Desktop Protocol servers are widespread these days. In order to prevent them, organizations should enable 24/7 monitoring and remediation solutions. Services like Endpoint Protection and SIEM (Security Information & Event Management) help avoid or at least isolate these attacks from spreading.

Cisco WebEx Phishing

A series of phishing attacks are targeting Cisco WebEx users by using fake certificate error warnings. These phishing emails include graphics and formatting similar to communications sent by Cisco WebEx to users. Users are requested to click on a hyperlink to unlock their accounts and are then redirected to a phishing credential site.

Source: Bleeping Computer

How do you protect yourself?

Users should be cautious whenever clicking links suggesting they need to unlock their accounts. Services like Secure IT – Mail help scan the links within emails to detect if they are legitimate or not. If they are not legitimate, these tools will block users from even visiting the malicious website.

Threats of the Week – May 7, 2020

Threats of the Week – April 29, 2020

Microsoft Teams GIF Vulnerability

A vulnerability has been identified in Microsoft Teams that involved a simple GIF image. For the attack to work, the victim had only to view the malicious GIF, which illustrated Donald Duck character sweeping a row of Mickey Mouse toys. The attackers were then able to steal data from specific systems and have access into the company’s Teams accounts.

Source: Info Security

How do you protect yourself?

Microsoft has already corrected this vulnerability by updating misconfigured DNS records, thus mitigating the problem.

PhantomLance

A new spyware campaign has been identified and has been ongoing for 4 years. Named PhantomLance by Kaspersky, this spyware is distributed by dozens of Android apps available on Google Play (in addition to other points of sale). The attack implements high levels of encryption, in addition to being able to download and execute additional malicious payloads that would be suited to the specific environment of the device.

Source: ZD Net

How do you protect yourself?

Kaspersky reported his findings to Google that has since removed the malicious apps from the Play Store.

Critical Adobe Illustrator, Bridge and Magento Flaws

Critical flaws were detected in several Adobe tools, namely Illustrator, Bridge and Magento. These critical flaws include a stack-based buffer overflow flaw (CVE-2020-9555), heap overflow bugs (CVE-2020-9562, CVE-2020-9563), memory corruption glitch (CVE-2020-9568) and use-after-free vulnerabilities (CVE-2020-9566, CVE-2020-9567). Also included are critical out-of-bounds write flaws (CVE-2020-9554, CVE-2020-9556, CVE-2020-9559, CVE-2020-9560, CVE-2020-9561, CVE-2020-9564, CVE-2020-9565, CVE-2020-9569). All of these could be exploited remotely by an attacker, allowing arbitrary code execution.

Source: The Hacker News

How do you protect yourself?

Users need to update to the latest version of the software.

Threats of the Week – May 7, 2020

Threats of the Week – April 22, 2020

RagnarLocker

The RagnarLocker ransomware targeted Portuguese multinational energy giant EDP. More than 10TB of sensitive files have been stolen. Attackers are now asking for $10.9M to prevent stolen information from being leaked and are threatening to notify customers, partners and competitors. In addition to the files that have since been released, the attackers have also included an edpradmin2.kdb file – a KeePass password manager database.

Source: Bleeping Computer

How do you protect yourself?

To protect yourself from Ransomware, you should first ensure your mail environment is protected to prevent any possible breach and then also protect your endpoints with services like Secure IT – Endpoint.

CVE-2020-0760

A vulnerability was identified when Microsoft Office loads arbitrary type libraries. This vulnerability allows the installation of programs, in addition to viewing, modifying and deleting data, as well as the creation of new accounts with full permission by malicious agents. For attackers to be able to exploit this vulnerability, the user must open an Office document, created especially for this purpose.

Source: Microsoft

How do you protect yourself?

Updates of Microsoft Office products now address the vulnerability by correcting how Office handles type libraries.

Trickbot

The Coronavirus crisis is being widely exploited by hackers to deceive users. The crew responsible for Trickbot are no exception. They sent hundreds of emails related to alerts and tests about COVID-19, containing malicious documents that install Trickbot Malware. Computers are infected with keyloggers, trojans and ransomware.

Source: ZD Net

To protect yourself from malware, you should first ensure your mail environment is protected to prevent any possible breach and then also protect your endpoints with services like Secure IT – Endpoint.

Threats of the Week – May 7, 2020

Threats of the Week – April 13, 2020

CoViper

Researchers have identified a new COVID-19 themed malware. This malware rewrites the Master Boot Record (MBR), rendering the device non-functional until the MBR can be reinstalled.

Source: SonicWall

How do you protect yourself?

Avoiding malware like CoViper should begin with user training and awareness; employees must know how to identify suspicious emails and attachments, as this is a likely mechanism for delivering malware of this kind. Organizations may sign up for automated programs such as Secure IT – User Defence to train their employees.

Avast Emulator

The emulator that loads the low-level antivirus engine was found to run unsandboxed, thus potentially exposing systems to attackers.

Source: Security Week

How do you protect yourself?

Avast has since patched the vulnerability, and it is suggested all users update to the latest version to ensure their devices are secure.

Netwalker Ransomware

Netwalker is ransomware formerly called Mailto that has become active recently. The new phishing campaign is using an attachment that contains an embedded Netwalker Ransomware executable. Once executed, the ransomware will encrypt the files on the computer and append a random extension to encrypted file names.

Source: Bleeping Computer

How do you protect yourself?

You should always have your organization’s email protected from phishing and malicious attachments. Ensure your email is protected with comprehensive security solutions, for example, Secure IT – Mail.

Threats of the Week – May 7, 2020

Threats of the Week – April 6, 2020

Firefox Vulnerabilities

CVE-2020-6819 and CVE-2020-6820 allowed unauthenticated attackers to trick potential victims into visiting a maliciously crafted website to be able to execute arbitrary code on devices running unpatched versions of Firefox.

Source: Bleeping Computer

How do you protect yourself?

All users who use Firefox should install the latest version of Firefox 74.01, which has been patched. Mozilla released Firefox 74.0.1 and Firefox ESR 68.6.1 earlier to address these two critical vulnerabilities that were actively used by threat actors against vulnerable machines. 

CVE-2020-11548

The Search Meter plugin for WordPress through the latest version 2.13.2 allows user input within the search bar to become a formula. The attacker can achieve remote code execution via this method.

Source: National Vulnerability Database

How do you protect yourself?

This plugin hasn’t been updated for the last three major releases of WordPress, and it is advised you deactivate the plugin right away and look for alternative solutions.

Fake Zoom installers

Threat actors have distributed several different versions of Zoom client installers, which look legitimate, however, now officially from Zoom. These clients are bundled with malware such as Coinminers, Remote Access Trojans, and Adware Bundles.

Source: Bleeping Computer

How do you protect yourself?

You should always install software from the vendor directly to prevent accidentally using fake installers. If a fake installer is downloaded, ensure your computer is protected with endpoint protection, for example, Secure IT – Endpoint.

Threats of the Week – May 7, 2020

Threats of the Week – March 30, 2020

Tekya Malware

A new malware family has been discovered operating in 56 Google Play applications, which have collectively been downloaded nearly one million times around the world. Dubbed “Tekya,” the malware aims to commit mobile ad fraud by imitating user actions to click advertisements.

Source: DarkReading

How do you protect yourself?

Proper security measures must be in place to defend against Tekya malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-3808

Adobe has released a security update for the Adobe Creative Cloud Desktop Application for Windows. This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary file deletion.

Source: Adobe

How do you protect yourself?

Update Adobe Creative Cloud Desktop Application to the latest software version.

Milum RAT

Malware that shows no similarities with samples used in known campaigns is currently used to attack computers in various organizations.

The malware is a fully-developed trojan with “solid capabilities for remote device management” of a compromised host.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Milum RAT and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.