Threats of the Week – January 7, 2019

Jan 7, 2019 | Blog, General, Security Threats | 0 comments

Jolera Logo

Mirai Malware

 

 

Trend Micro noted that the threat, which was first identified in early December, takes advantage of an exploit in the ThinkPHP programming framework. The remote code execution (RCE) vulnerability allows threat actors to infect machines based on the Linux operating system and execute Miori, which then generates a notification on the victim’s console.

Once attackers verify that a system has been infected through their command-and-control (C&C) server, they utilize the Telnet protocol and take advantage of weak or commonly used passwords to conduct brute-force attacks on other IP addresses.

Source: SecurityIntelligence

How do you protect yourself?

Proper security measures must be in place to defend against Mirai malware and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2018-16011

 

 

Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Versions

Product Track Affected Versions Platform
Acrobat DC Continuous 2019.010.20064 and earlier versions Windows and macOS
Acrobat Reader DC Continuous 2019.010.20064 and earlier versions Windows and macOS
Acrobat 2017 Classic 2017 2017.011.30110 and earlier version Windows and macOS
Acrobat Reader 2017 Classic 2017 2017.011.30110 and earlier version Windows and macOS
Acrobat DC Classic 2015 2015.006.30461 and earlier versions Windows and macOS
Acrobat Reader DC Classic 2015 2015.006.30461 and earlier versions Windows and macOS

Source: Adobe

How do you protect yourself?

Adobe recommends users update their software installations to the latest versions.

 

EternalBlue Exploit

 

 

The latest version of NRSMiner has been spotted in recent attacks across Asia which are compromising systems which have not been patched against the well-known EternalBlue exploit.

According to cybersecurity researchers from F-Secure, unpatched machines in Asia — centered in Vietnam — are being infected with the latest version of NRSMiner, malware designed to steal computing resources in order to mine for cryptocurrency.

The new version of the malware relies on the EternalBlue exploit to spread through local networks.

EternalBlue is an SMBv1 (Server Message Block 1.0) exploit which is able to trigger remote code execution (RCE) attacks via vulnerable Windows Server Message Block (SMB) file-sharing services. The security flaw responsible for the attack, CVE-2017-0144, was patched by Microsoft in March 2017 and yet many systems have still not been updated and remain vulnerable to attack.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against EternalBlue exploit and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.