Malware

September 4, 2019

Researchers are warning of a high-severity zero-day vulnerability in Google’s Android operating system, which if exploited could give a local attacker escalated privileges on a target’s device. The specific flaw exists within the v4l2 (Video4Linux 2) driver, which is the Android media driver. When exploited, a component within the v4l2 “does not validate the existence of ...

August 29, 2019

Russian authorities have arrested members of the TipTop cybercrime group, believed to have infected more than 800,000 Android smartphones with malware since 2015. The group operated by renting Android banking trojans from underground hacking forums, which they later hid inside Android apps distributed via search engine ads and third-party app stores. TipTop has been active since 2015, ...

August 29, 2019

The group is using the More_eggs JScript backdoor to anchor its attack. The financial cybergang known as the FIN6 group, known for going after brick-and-mortar point-of-sale (PoS) data in the U.S. and Europe, has changed up its tactics to target e-commerce sites. According to researchers at IBM X-Force Incident Response and Intelligence Services (IRIS), FIN6 (a.k.a. ITG08) ...

August 29, 2019

In May 2019, Microsoft released an out-of-band patch update for remote code execution vulnerability CVE-2019-0708, which is also known as “BlueKeep” and resides in code to Remote Desktop Services (RDS). This vulnerability is pre-authentication and requires no user interaction, making it particularly dangerous as it has the unsettling potential to be weaponized into a destructive exploit. ...

August 29, 2019

Despite having an apparent lull in the first half of 2019, phishing will remain a staple in a cybercriminal’s arsenal, and they’re not going to stop using it. The latest example is a phishing campaign dubbed Heatstroke, based on a variable found in their phishing kit code. Heatstroke demonstrates how far phishing techniques have evolved —  from merely mimicking ...

August 28, 2019

NATO Secretary General Jens Stoltenberg has said a cyber attack on a single member state could constitute an attack on all 29 members. The announcement effectively incorporates cyber security into Article 5 of the NATO founding treaty, a “collective defence commitment” which compels all members to come to the defence of one or more countries threatened ...

August 21, 2019

A major botnet operation has been attacking and taking over the web shells (backdoors on web servers) of other malware operations for more than a year, security researchers from Positive Technologies revealed today. Researchers linked the botnet to a former Windows trojan named Neutrino (also known as Kasidet), whose operators appear to have shifted from targeting desktop users ...

August 19, 2019

A detailed look at underground forums shows that cybercriminals aren’t sure where to look on the heels of the GandCrab ransomware group shutting its doors – and low-level actors are taking advantage of that by developing their own strains. Ransomware continues to be a top threat, with Friday’s ransomware attack on 23 Texas local government and agencies and two ...

August 19, 2019

Attackers are targeting entities from the utility industry with the Adwind Remote Access Trojan (RAT) malware via a malspam campaign that uses URL redirection to malicious payloads. Adwind (also known as jRAT, AlienSpy, JSocket, and Sockrat) is distributed by its developers to threat actors under a malware-as-a-service (MaaS) model and it is capable of evading detection by most major anti-malware ...

August 19, 2019

In May, during the Managed Detection and Response service on-boarding process of an electronics company in the Asia-Pacific region, we noticed suspicious activity via the Trend Micro™ Deep Discovery™ Inspector that turned out to be related to EternalBlue, an exploit perhaps more popularly known for being used in the WannaCry attacks. After the discovery, we sent our first alert to the ...