WellMess Malware

45f6ca06-eec3-4ffc-9a71-7659da5cd9f7

 

WellMess malware can operate on Windows via Portable Excutables and on Linux via ELF (Executable and Linkable Format). The malware gives a remote attacker the ability to execute arbitrary commands as well as upload and download files, or run PowerShell scripts to automate tasks. The commands are transferred to the infected device via RC6 encrypted HTTP POST requests, with the results of executed commands transmitted to the C&C server via cookies.

Source: Tech Republic

How do you protect yourself?

Proper security measures must be in place to defend against WellMess Malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from cryptocurrency-mining malware.

 

CVE-2018-5007

Threat Meter

 

Adobe has released the latest patch package that addresses a total of 112 vulnerabilities in all of their products, most of them concern the Acrobat and Reader applications.

There are two critical bugs found in the Adobe Flash Player that allow arbitrary code execution (tracked in CVE-2018-5007) an information disclosure read bug (tracked in CVE-2018-5008). It’s important to note that practically all versions are affected. This includes all instances prior to version 30.0.0.113 in the Adobe Flash Player Desktop Runtime in Windows, MacOS, and Linux. The bug affects the Adobe Flash Player for Google Chrome for Windows, MacOS, Chrome OS and Linux and the associated plugin for Microsoft Edge and Internet Explorer 11 for the Windows 10 and 8.1 operating systems.

Source: SensorsTechForum

How do you protect yourself?

Adobe recommends users of the Adobe Flash Player to update to Adobe Flash Player 30.0.0.134.

 

GandCrab (v.4.1) Ransomware

Threat Meter

 

GandCrab version 4 sees the encryption mechanism switched from RSA-2048 to a much faster Salsa20 stream cipher, enabling files to be encrypted more quickly than before. This version of GandCrab is served up to victims via compromised WordPress websites which encourage users to download system tools via links which result in the malware being downloaded — researchers say the malware executable and download links are being updated regularly.

Victims who are unfortunate enough to become infected with the ransomware have their files encrypted with a new extension “.KRAB”. The updated encryption mechanism also allows the files to be encrypted even if the user isn’t connected to the internet — as opposed to previous versions that needed to connect to a command and control server before file encryption.

GandCrab can now also spread via an SMB exploit — including the ability to compromise machines running Windows XP and Windows Server 2003 in this way. It’s the first time ransomware has been able to organically spread itself to these older operating systems.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against GandCrab ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.