Threats of the Week – January 27, 2020

Threats of the Week – January 27, 2020

sLoad malware

sLoad’s main purpose is to infect Windows PCs, gather information about the system they infected, send this info to a command and control (C&C) server, and then wait for instructions to download and install a second malware payload.

The malware exists to serve as a delivery system for more potent malware strains and to help the sLoad gang make money by providing pay-per-install space for other cybercriminal operations (e.g.; such as the Ramnit banking trojan gang).

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against sLoad malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-6858

Schneider Electric is aware of a vulnerability in the MSX Configurator product. Uncontrolled Search Path Element vulnerability exists which could cause privilege escalation when injecting a malicious DLL.

Source: Schneider Electric

How do you protect yourself?

This vulnerability is fixed in version V1.0.8.1 MSX Configurator software.

FTCODE Ransomware

The recently discovered ransomware FTCODE has evolved to include new information-stealing capabilities, and is now infecting victims via VBScript links in phishing emails.

The new iteration, version 1117.1, contains code that steals credentials from Internet Explorer, Mozilla Firefox and Thunderbird, Google Chrome and Microsoft Outlook.

Source: SC Magazine

How do you protect yourself?

Proper security measures must be in place to defend against FTCODE Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – January 27, 2020

Threats of the Week – January 20, 2020

Oski malware

An emergent and effective data-harvesting tool dubbed Oski is proliferating in North America and China, stealing online account credentials, credit-card numbers, cryptowallet accounts and more.

Oski started out targeting victims in North America, but in the last few days has added China to its set of targeted geographies. It’s also virulent: when it was first investigated, Oski had racked up 43,336 stolen passwords, primarily from Google campaigns. About 10 hours later, that number had increased to 49,942, with an in the logs from 88 to 249.

Source: ThreatPost

How do you protect yourself?

Proper security measures must be in place to defend against Oski malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-16466

Adobe has released security updates for Adobe Experience Manager (AEM). These updates resolve multiple vulnerabilities in AEM versions 6.5 and below rated Important and Moderate. Successful exploitation could result in sensitive information disclosure.

Source: Adobe

How do you protect yourself?

Download and install the latest updates.

Ryuk Ransomware

The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them.

Wake-on-Lan is a hardware feature that allows a powered down device to be woken up, or powered on, by sending a special network packet to it. This is useful for administrators who may need to push out updates to a computer or perform scheduled tasks when it is powered down.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Ryuk Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – January 27, 2020

Threats of the Week – January 13, 2020

Predator the Thief malware

A hacking campaign that infects victims with username and password-stealing malware has been updated with new tricks as cyber criminals look to make their attacks more efficient, stealthier and more lucrative.

It adds new phishing documents to use as the lure to hook victims, such as invoices; a previous campaign used a fake court summons as a lure. The malware has also been provided with more tricks to avoid detection and analysis, using shellcode to make the malware more effective at detecting debuggers and sandboxes – something it now checks for every five seconds.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Lampion Trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-0002

Android has released its monthly security bulletin that contains details of security vulnerabilities affecting Android devices.

In one vulnerability, a remote attacker could use a specially crafted file to execute arbitrary code within the context of a privileged process.

Source: Android

How do you protect yourself?

Update Android to the latest version.

SNAKE Ransomware

A new ransomware family has been discovered that is being used to target and encrypt all of the devices on business networks.

The SNAKE ransomware is the latest example of enterprise targeting ransomware which is used by cybercriminals to infiltrate business networks, gather administrative credentials and encrypt the files of every computer on a network using post-exploitation tools.

Source: TechRadar

How do you protect yourself?

Proper security measures must be in place to defend against SNAKE Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – January 27, 2020

Threats of the Week – January 6, 2020

Lampion Trojan

New trojan called ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax during the last days of 2019.

It looks like the malware features the Trojan-Banker.Win32.ChePro family, but with improvements that make hard its detection and analysis.

Source: SecurityAffairs

How do you protect yourself?

Proper security measures must be in place to defend against Lampion Trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-20144

Gitlab has released a software security update for for GitLab Community Edition (CE) and Enterprise Edition (EE).

In one vulnerability, insufficient access verification lead to unauthorized modification of group runners through the API.

Source: Gitlab

How do you protect yourself?

Download and install versions 12.6.2, 12.5.6, and 12.4.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).

Clop Ransomware

The Clop Ransomware continues to evolve with a new and integrated process killer that targets some interesting processes belonging to Windows 10 apps, text editors, programming IDEs and languages, and office applications.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Clop Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – January 27, 2020

Threats of the Week – December 30, 2019

Mozi Botnet

Netgear, D-Link, and Huawei routers are actively being probed for weak Telnet passwords and taken over by a new peer-to-peer (P2P) botnet dubbed Mozi and related to the Gafgyt malware as it reuses some of its code.

The botnet is implemented using a custom extended Distributed Hash Table (DHT) protocol based on the standard one commonly used by torrent clients and other P2P platforms to store node contact info.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Momentum botnet and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-5702

NVIDIA has released a software security update for NVIDIA® GeForce Experience™. This update addresses an issue that may lead to denial of service or escalation of privileges.

Source: NVIDIA

How do you protect yourself?

To protect your system, download and install this software update through the GeForce Experience Downloads page, or open the client to automatically apply the security update.

Ryuk Ransomware

A new version of the Ryuk Ransomware was released that will purposely avoid encrypting folders commonly seen in *NIX operating systems.

With the rising popularity of the Windows Subsystem for Linux (WSL), the Ryuk actors likely encrypted a Windows machine at some point that also affected the *NIX system folders used by WSL. This would have caused these WSL installations to no longer work.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Ryuk ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – January 27, 2020

Threats of the Week – December 23, 2019

Momentum Botnet

A new botnet dubbed Momentum has been found targeting Linux systems running on a variety of different processors and pushing a list of well-known backdoors with the goal of being able to launch DDoS attacks.

Once injected into a device the malware achieves persistence by modifying the rc files and then connecting to the command and control server and joins an internet relay chat channel named #hellboy to register and begin accepting commands. The chat channel is used to command the botnet devices.

Source: SC Magazine

How do you protect yourself?

Proper security measures must be in place to defend against Momentum botnet and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-18267

An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution.

Source: CISA

How do you protect yourself?

GE produced and released Version 07A04, which fixed the vulnerability.

Maze Ransomware

The cybercriminals behind the Maze Ransomware strain erected a Web site on the public Internet, and it currently lists the company names and corresponding Web sites for eight victims of their malware that have declined to pay a ransom demand.

The information disclosed for each Maze victim includes the initial date of infection, several stolen Microsoft Office, text and PDF files, the total volume of files allegedly exfiltrated from victims (measured in Gigabytes), as well as the IP addresses and machine names of the servers infected by Maze.

Source: KrebsonSecurity

How do you protect yourself?

Proper security measures must be in place to defend against Maze ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.