Threats of the Week – April 13, 2020

Threats of the Week – April 13, 2020

CoViper

Researchers have identified a new COVID-19 themed malware. This malware rewrites the Master Boot Record (MBR), rendering the device non-functional until the MBR can be reinstalled.

Source: SonicWall

How do you protect yourself?

Avoiding malware like CoViper should begin with user training and awareness; employees must know how to identify suspicious emails and attachments, as this is a likely mechanism for delivering malware of this kind. Organizations may sign up for automated programs such as Secure IT – User Defence to train their employees.

Avast Emulator

The emulator that loads the low-level antivirus engine was found to run unsandboxed, thus potentially exposing systems to attackers.

Source: Security Week

How do you protect yourself?

Avast has since patched the vulnerability, and it is suggested all users update to the latest version to ensure their devices are secure.

Netwalker Ransomware

Netwalker is ransomware formerly called Mailto that has become active recently. The new phishing campaign is using an attachment that contains an embedded Netwalker Ransomware executable. Once executed, the ransomware will encrypt the files on the computer and append a random extension to encrypted file names.

Source: Bleeping Computer

How do you protect yourself?

You should always have your organization’s email protected from phishing and malicious attachments. Ensure your email is protected with comprehensive security solutions, for example, Secure IT – Mail.

Threats of the Week – April 13, 2020

Threats of the Week – April 6, 2020

Firefox Vulnerabilities

CVE-2020-6819 and CVE-2020-6820 allowed unauthenticated attackers to trick potential victims into visiting a maliciously crafted website to be able to execute arbitrary code on devices running unpatched versions of Firefox.

Source: Bleeping Computer

How do you protect yourself?

All users who use Firefox should install the latest version of Firefox 74.01, which has been patched. Mozilla released Firefox 74.0.1 and Firefox ESR 68.6.1 earlier to address these two critical vulnerabilities that were actively used by threat actors against vulnerable machines. 

CVE-2020-11548

The Search Meter plugin for WordPress through the latest version 2.13.2 allows user input within the search bar to become a formula. The attacker can achieve remote code execution via this method.

Source: National Vulnerability Database

How do you protect yourself?

This plugin hasn’t been updated for the last three major releases of WordPress, and it is advised you deactivate the plugin right away and look for alternative solutions.

Fake Zoom installers

Threat actors have distributed several different versions of Zoom client installers, which look legitimate, however, now officially from Zoom. These clients are bundled with malware such as Coinminers, Remote Access Trojans, and Adware Bundles.

Source: Bleeping Computer

How do you protect yourself?

You should always install software from the vendor directly to prevent accidentally using fake installers. If a fake installer is downloaded, ensure your computer is protected with endpoint protection, for example, Secure IT – Endpoint.

Threats of the Week – April 13, 2020

Threats of the Week – March 30, 2020

Tekya Malware

A new malware family has been discovered operating in 56 Google Play applications, which have collectively been downloaded nearly one million times around the world. Dubbed “Tekya,” the malware aims to commit mobile ad fraud by imitating user actions to click advertisements.

Source: DarkReading

How do you protect yourself?

Proper security measures must be in place to defend against Tekya malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-3808

Adobe has released a security update for the Adobe Creative Cloud Desktop Application for Windows. This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary file deletion.

Source: Adobe

How do you protect yourself?

Update Adobe Creative Cloud Desktop Application to the latest software version.

Milum RAT

Malware that shows no similarities with samples used in known campaigns is currently used to attack computers in various organizations.

The malware is a fully-developed trojan with “solid capabilities for remote device management” of a compromised host.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Milum RAT and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – April 13, 2020

Threats of the Week – March 23, 2020

Cookiethief Malware

Researchers have found two Android malware modifications. When combined, they aim to secure root rights on a target device and transfer cookies from the browser and Facebook app to a command-and-control (C2) server. Researchers have not determined how the Trojan lands on target devices but say the cause is not a flaw in Facebook or the browser itself.

Source: DarkReading

How do you protect yourself?

Proper security measures must be in place to defend against Cookiethief malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-3795

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Source: Adobe

How do you protect yourself?

Update Adobe Acrobat and Reader to the latest software version.

Nefilim Ransomware

A new ransomware called Nefilim that shares much of the same code as Nemty has started to become active in the wild and threatens to release stolen data.

Nefilim became active at the end of February 2020 and while it not known for sure how the ransomware is being distributed, it is most likely through exposed Remote Desktop Services.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Nefilim Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – April 13, 2020

Threats of the Week – March 16, 2020

Mozart Malware

Mozart sets up a direct line of communication between an infected client and its server. It does this by hardcoding a DNS server IP address to which an infected client resolves, thus bypassing central DNS servers, policy rules, and monitoring. The commands which are then transmitted between the malware server and infected device are hidden in DNS TXT records.

Source: TechRadar

How do you protect yourself?

Proper security measures must be in place to defend against Mozart malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-6805

Mozilla has released security updates for Firefox. When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash.

Source: Mozilla

How do you protect yourself?

Update Firefox to the latest version.

Paradise Ransomware

A ransomware campaign has returned with a new trick to fool the unwary into compromising their network with file-encrypting malware. And it’s an attack that many Windows machines won’t even recognise as potentially malicious.

The new variant of Paradise ransomware, which has been active in one form or another since 2017, spreads via phishing emails, but it’s different from other ransomware campaigns because it uses an uncommon – but effective – file type to infiltrate the network.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Paradise Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – April 13, 2020

Threats of the Week – March 9, 2020

LeifAccess Malware

A new malware family called LeifAccess or Shopper is taking advantage of the accessibility features in Android to create accounts, download apps, and post reviews.

LeifAccess, “is a broad campaign [and] is using alternate methods to achieve installation but thereafter trying to achieve legitimacy to the user with fake warnings,”

Source: TechRepublic

How do you protect yourself?

Proper security measures must be in place to defend against LeifAccess malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-0031

Android has released its monthly security bulletin addressing details of security vulnerabilities affecting Android devices. The vulnerability in this section could enable a local malicious application to bypass operating system protections that isolate application data from other applications.

Source: Android

How do you protect yourself?

Update Android to the latest version.

PwndLocker Ransomware

Driven by the temptation of big ransom payments, a new ransomware called PwndLocker has started targeting the networks of businesses and local governments with ransom demands over $650,000.

This new ransomware began operating in late 2019 and has since encrypted a stream of victims ranging from local cities to organizations.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against PwndLocker Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.