Mirai Malware
Trend Micro noted that the threat, which was first identified in early December, takes advantage of an exploit in the ThinkPHP programming framework. The remote code execution (RCE) vulnerability allows threat actors to infect machines based on the Linux operating system and execute Miori, which then generates a notification on the victim’s console.
Once attackers verify that a system has been infected through their command-and-control (C&C) server, they utilize the Telnet protocol and take advantage of weak or commonly used passwords to conduct brute-force attacks on other IP addresses.
Source: SecurityIntelligence
How do you protect yourself?
Proper security measures must be in place to defend against Mirai malware and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE-2018-16011
Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Affected Versions
Source: Adobe
How do you protect yourself?
Adobe recommends users update their software installations to the latest versions.
EternalBlue Exploit
The latest version of NRSMiner has been spotted in recent attacks across Asia which are compromising systems which have not been patched against the well-known EternalBlue exploit.
According to cybersecurity researchers from F-Secure, unpatched machines in Asia — centered in Vietnam — are being infected with the latest version of NRSMiner, malware designed to steal computing resources in order to mine for cryptocurrency.
The new version of the malware relies on the EternalBlue exploit to spread through local networks.
EternalBlue is an SMBv1 (Server Message Block 1.0) exploit which is able to trigger remote code execution (RCE) attacks via vulnerable Windows Server Message Block (SMB) file-sharing services. The security flaw responsible for the attack, CVE-2017-0144, was patched by Microsoft in March 2017 and yet many systems have still not been updated and remain vulnerable to attack.
Source: ZDNet
How do you protect yourself?
Proper security measures must be in place to defend against EternalBlue exploit and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.