Vega Stealer
Ransomware

45f6ca06-eec3-4ffc-9a71-7659da5cd9f7

 

Vega Stealer is a variant of August Stealer. Written in .NET, August Stealer locates and steals credentials, sensitive documents, and cryptocurrency wallet details from infected machines.

Vega Stealer is also written in .NET and focuses on the theft of saved credentials and payment information in Google Chrome. These credentials include passwords, saved credit cards, profiles, and cookies.

When the Firefox browser is in use, the malware harvests specific files that store various passwords and keys.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Vega Stealer malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from cryptocurrency-mining malware.

 

CVE
2018-5151

Threat Meter

 

Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user’s system. A remote user can bypass security controls on the target system. A remote user can obtain potentially sensitive information on the target system. A remote user can spoof filenames.

Source: Security Tracker

How do you protect yourself?

Ensure Firefox is up-to-date and that you have proper firewall and endpoint systems setup within your network.

 

GandCrab
Ransomware

Threat Meter

 

GandCrab payload was found hiding on legitimate but compromised websites. These, when analyzed, were found to be riddled with vulnerabilities stemming from outdated software, highlighting one of the biggest issues when it comes to the security of cyberspace.

GandCrab spreads via the RIG and GrandSoft exploit kits, as well as via email spam as seen in the latest campaigns.

Source: Threatpost

How do you protect yourself?

Proper security measures must be in place to defend against GandCrab and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from cryptocurrency-mining malware.