Zebrocy Malware

A recently observed campaign from the Zebrocy APT operators relied on a revamped backdoor to maintain access to victim hosts and extract profiling information.

The backdoor comes with previously seen capabilities but the operators used a Golang-based version instead of the variant written in Delphi, which security researchers were familiar with.

Zebrocy is a toolkit of downloaders, droppers, and backdoors, that is associated with the Russian-speaking advanced threat group Sednit; the hackers are also known by the names APT28, Fancy Bear, Sofacy, Group 74, and STRONTIUM and run cyber-espionage operations.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Zebrocy Malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-8072

Adobe has released security updates for ColdFusion versions 2018 and 2016. These updates resolve two critical and one important vulnerability that could lead to arbitrary code execution.

Source: Adobe

How do you protect yourself?

Adobe recommends updating your ColdFusion JDK/JRE to the latest version. Applying the ColdFusion update without a corresponding JDK update will NOT secure the server.  

REvil Ransomware

A new form of ransomware shares a number of links with GandCrab malware according to security company researchers, even though the developers of that infamous piece of ransomware earlier this year claimed to have retired.

REvil – also known as Sodinokibi – first emerged shortly before GandCrab ceased operation and has gone onto become one of the most prominent families of ransomware of 2019.

Analysis of REvil found that the string decoding functions employed by REvil and GandCrab are nearly identical, suggesting a strong link between the two forms of ransomware. REvil and GandCrab also share URL building functionality which produces the same URL patterns for command and control servers.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against REvil Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.