Xwo Malware

 

 

A new form of malware is scanning the internet for exposed web services and default passwords in what’s thought to be a reconnaissance operation – one which might signal a larger cyberattack is to come.

It’s still uncertain how Xwo started spreading or how it gains access to internet-connected machines, but the malware is designed to conduct reconnaissance and send back information to to the command and control server through an HTTP POST request.

Xwo collects information about the use of default credentials in services such as FTP, MySQL, PostgreSQL, MongoDB, Redis, Memcached, as well as default credentials and misconfigurations for Tomcat, an open source implementation of the Java Servlet.

The malware also looks to collect information about Default SVN and Git paths, Git repository format version content, PhP admin details and more. It’s highly likely the bot is conducting surveillance of weak points that can be exploited in more damaging attacks further down the line.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Xwo Malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2019-2027

 

 

Android has released its April security bulletin containing details of security vulnerabilities affecting Android devices.

In one of the patches released, the most severe vulnerability could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

Source: Android

How do you protect yourself?

Update your devices to the latest Android version.

 

vxCrypter Ransomware

 

 

The vxCrypter Ransomware could be the first ransomware infection that not only encrypts a victim’s data, but also tidy’s up their computer by deleting duplicate files.

When analyzing the ransomware, researchers noticed that the ransomware was keeping tracking of the SHA256 hashes of each file it encrypted. As the ransomware encrypted other files, if it encountered the same SHA256 hash, it would delete the file instead of decrypting it.

It is not known why the ransomware is doing this other than as a possible way to increase the speed of encrypting a computer.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against vxCrypter Ransomware and similar threats. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.