FlawedAmmyy RAT

45f6ca06-eec3-4ffc-9a71-7659da5cd9f7

 

This malspam attack is different as the attackers are using Microsoft Publisher. It is targeting banks rather than enterprises and will install the FlawedAmmyy RAT malware. It is a small campaign being distributed via the Necurs botnet.

This attack relies on user apathy around malware attachments. Users get emails with attachments all the time. This means that they have to think before they click or open them. Users should treat any unexpected email attachment, especially one claiming to be an invoice, as suspicious. It is a very common attachment attack vector. The use of .pub rather than this being a Word document may have been enough to catch out curious users.

FlawedAmmyy RAT contains a remote desktop tool, a file system manager and several other capabilities. An infected machine allows an attacker to install other malware on the computer. This allows them to steal security credentials and use the computer to carry out other attacks.

One attack vector is sending email to other users inside the same organisation. Users are more likely to accept email and open attachments from someone inside the same organisation than they are from an outsider. This makes infection by FlawedAmmyy and other RATs especially dangerous.

Source: Enterprise Times

How do you protect yourself?

Proper security measures must be in place to defend against FlawedAmmyy RAT malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from cryptomining malware.

 

 

CVE-2018-12810

Threat Meter

 

Adobe has released updates for Photoshop CC for Windows and macOS. These updates resolve critical vulnerabilities in Photoshop CC 19.1.5 and earlier 19.x versions, as well as 18.1.5 and earlier 18.x versions. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Source: Adobe

How do you protect yourself?

Adobe recommends users update their software installations via each application’s update mechanism by launching each application, navigating to the Help menu, and clicking “Updates.”

Product Updated versions:
Photoshop CC 2018 19.1.6 Windows and macOS
Photoshop CC 2017 18.1.6 Windows and macOS

Ryuk Ransomware

Threat Meter

 

A new ransomware strain named Ryuk is making the rounds, and, according to current reports, the group behind it has already made over $640,000 worth of Bitcoin.

Security researchers from various companies have not been successful at identifying how this ransomware spreads and infects victims.

The common train of thought is that this ransomware spreads via targeted attacks, with the Ruk crew targeting selected companies one at a time, either via spear-phishing emails or Internet-exposed and poorly secured RDP connections, albeit researchers have not been able to pinpoint the exact entry vector for infections as of yet.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Ryuk ransomware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.