StealthWorker Malware

 

 

Hackers are running a new campaign which drops the StealthWorker brute-force malware on Windows and Linux machines that end up being used to brute force other computers in a series of distributed brute force attacks.

As later discovered, the malware is capable of exploiting a number of vulnerabilities in to infiltrate Magento, phpMyAdmin, and cPanel Content Management Systems (CMSs), as well as brute force its way in if everything else fails.

While previously the StealthWorker payload was observed while being dropped on targeted servers with the help of the double-packed WallyShack Trojan downloader, the new campaign switched to a brute force-only approach aiming for any vulnerable host with weak or default credentials.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against StealthWorker malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2019-7816

 

 

Adobe has released security updates for ColdFusion versions 2018, 2016 and 11. These updates resolve a critical vulnerability that could lead to arbitrary code execution in the context of the running ColdFusion service.

Adobe is aware of a report that CVE-2019-7816 has been exploited in the wild.

Source: Adobe

How do you protect yourself?

Adobe recommends customers apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guides.

 

CryptoMix Ransomware

 

 

A new CryptoMix Ransomware variant has been discovered that appends the .CLOP or .CIOP extension to encrypted files. Of particular interest, is that this variant is now indicating that the attackers are targeting entire networks rather than individual computers.

This variant is currently being distributed using executables that have been code-signed with a digital signature. Doing so makes the executable appear more legitimate and may help to bypass security software detections.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against CryptoMix Ransomware and similar threats. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.