DanaBot Trojan

45f6ca06-eec3-4ffc-9a71-7659da5cd9f7

 

The recently-discovered DanaBot banking trojan is making the rounds in a phishing campaign that targets potential victims with fake invoices from software company MYOB.

The emails purport to be invoices from MYOB, an Australian multinational corporation that provides tax, accounting and other business services software for SMBs. But in reality, the missives contain a dropper file that downloads the DanaBot banking trojan, which once downloaded steals private and sensitive information, and sends screenshots of the machine’s system and desktop to the Command and Control server.

Interestingly, instead of using the more common HTTP application layer protocol for links, the emails leveraged the file transfer protocol (FTP) pointing to compromised FTP servers (mostly using Australian domains).

Source: ThreatPost

How do you protect yourself?

Proper security measures must be in place to defend against DanaBot Trojan and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from cryptocurrency-mining malware.

 

CVE-2018-8011

Threat Meter

 

Vulnerability affects Apache HTTP Server 2.4.33. By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server.

Source: CVE

How do you protect yourself?

The vulnerability is fixed in Apache HTTP Server 2.4.34.

Magniber Ransomware

Threat Meter

 

After spending nine months targeting only South Korean users, the Magniber ransomware has expanded its targeting spectrum and is now also capable of infecting users who also feature a Chinese (Macau, China, Singapore) and Malay (Malaysia, Brunei) PC language setting.

The reasons for these changes are unknown, but they also affected the Magnitude exploit kit, which has been the only source of Magniber infections in the past nine months. The “magni” in Magniber comes from Magnitude due to their close connection.

The recent Magnitude exploit kit campaigns that have been seen deploying this new and improved Magniber version have utilized an Internet Explorer zero-day discovered in April, patched in May, and also adopted by other exploit kits by June.

Users who had files encrypted by this recent Magniber version can identify it by the “.dyaaghemy” file extension added at the end of locked files. There’s no known method to recover files encrypted by the Magniber ransomware at the time of writing.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Magniber ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.