Momentum Botnet

A new botnet dubbed Momentum has been found targeting Linux systems running on a variety of different processors and pushing a list of well-known backdoors with the goal of being able to launch DDoS attacks.

Once injected into a device the malware achieves persistence by modifying the rc files and then connecting to the command and control server and joins an internet relay chat channel named #hellboy to register and begin accepting commands. The chat channel is used to command the botnet devices.

Source: SC Magazine

How do you protect yourself?

Proper security measures must be in place to defend against Momentum botnet and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-18267

An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution.

Source: CISA

How do you protect yourself?

GE produced and released Version 07A04, which fixed the vulnerability.

Maze Ransomware

The cybercriminals behind the Maze Ransomware strain erected a Web site on the public Internet, and it currently lists the company names and corresponding Web sites for eight victims of their malware that have declined to pay a ransom demand.

The information disclosed for each Maze victim includes the initial date of infection, several stolen Microsoft Office, text and PDF files, the total volume of files allegedly exfiltrated from victims (measured in Gigabytes), as well as the IP addresses and machine names of the servers infected by Maze.

Source: KrebsonSecurity

How do you protect yourself?

Proper security measures must be in place to defend against Maze ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.