HawkEye Keylogger

Attackers have been observed targeting businesses on a worldwide scale during the last two months with the HawkEye keylogger malware according to a report from IBM X-Force.

As part of the April and May malicious campaigns which focused on business users, attackers used malspam emails to target organizations from numerous industry sectors like “transportation and logistics, healthcare, import and export, marketing, agriculture, and others.”

“HawkEye is designed to steal information from infected devices, but it can also be used as a loader, leveraging its botnets to fetch other malware into the device as a service for third-party cybercrime actors,” says IBM X-Force’s research team.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against HawkEye Keylogger and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-12329

According to the researcher’s proof-of-concept, the bug works by spoofing DuckDuckGo’s privacy browser’s omnibar. The exploit works with the help of a specially crafted JavaScript page which utilizes the setInterval function, needed to reload an URL every 10 to 50 ms.

The vulnerability can be exploited in URL spoofing attacks where the URL displayed in the address bar is changed to trick users into believing the website they’re visiting is legitimate and not controller by attackers.

Source: SensorsTechForum

How do you protect yourself?

DuckDuckGo’s security team concluded that the flaw doesn’t need a fix as it ‘doesn’t seem to be a serious issue’ and marked the bug as informative.

Sodinokibi Ransomware

Recent variants of Sodinokibi accounted for scaling issues as the ransomware family steadily moves to target large enterprises.

According to Coveware, some of the most recent samples of Sodinokibi used an encryption process that created multiple victim ID profiles and encrypted file extensions and corresponding Tor pages where victims could receive payment instructions.

Source: Security Intelligence

How do you protect yourself?

Proper security measures must be in place to defend against Sodinokibi Ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.