Babylon RAT

 

 

Researchers spotted a phishing campaign delivering a multi-feature, open-source remote administration tool known as Babylon RAT.

Cofense observed that the Babylon RAT samples distributed in this campaign were written in C# and came with an administration panel written in C++. This control feature allows the malware to manage multiple server configuration options around port numbers, network keys for authentication and IP versions. Together, these features enable digital attackers to customize the malware according to their needs.

A deeper analysis of the campaign revealed that the initial command-and-control (C&C) server connection that was made after execution came hardcoded in the binary.

Source: Security Intelligence

How do you protect yourself?

Proper security measures must be in place to defend against Babylon RAT and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2019-9815

 

 

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads.

Note: users need to update to macOS 10.14.5 in order to take advantage of this change.

Source: Mozilla

How do you protect yourself?

Update to Firefox 67.

 

Satan Ransomware

 

 

First observed in early 2017, the malware has received constant updates to more effectively compromise machines and maximize the attackers’ profits. One of the observed campaigns, Fortinet’s security researchers note, also employed a cryptominer.

Satan is targeting both Linux and Windows machines and attempts to propagate by exploiting a large number of vulnerabilities.

Depending on the campaign, the initial spreader can propagate either via private networks only or through both private and public networks. The Windows component of the ransomware still employs the EternalBlue exploit from the NSA-linked Equation Group.

Source: Security Week

How do you protect yourself?

Proper security measures must be in place to defend against Satan Ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.