Malware Patrol

High-Severity Chrome Bugs Allow Browser Hacks

High-Severity Chrome Bugs Allow Browser Hacks.
https://threatpost.com/google_chrome_bugs_patched/161907/

threatpost.com Desktop versions of the browser received a total of eight fixes, half rated high-severity.

2020: The State of Encrypted Attacks | Zscaler

2020: The State of Encrypted Attacks.
https://www.zscaler.com/blogs/security-research/2020-state-encrypted-attacks

zscaler.com ThreatLabZ analyzed Zscaler cloud traffic for nine months to uncover on the types of cyberattacks that use encryption and the extent of the risk to enterprises.

Protecting computer from unauthorized access

How to avert an evil-maid attack.
https://www.kaspersky.com/blog/evil-maid-attack/37901/

kaspersky.com What an evil-maid attack is and how to defend your company computers against one.

Credit card stealing malware hides in social media sharing icons

Credit card stealing malware hides in social media sharing icons.
https://www.bleepingcomputer.com/news/security/credit-card-stealing-malware-hides-in-social-media-sharing-icons/

bleepingcomputer.com Newly discovered web skimming malware is capable of hiding in plain sight to inject payment card skimmer scripts into compromised online stores.

InfoSec Handlers Diary Blog

Detecting Actors Activity with Threat Intel.
https://isc.sans.edu/diary/rss/26848

isc.sans.edu Detecting Actors Activity with Threat Intel, Author: Guy Bruneau

Another LILIN DVR 0-day being used to spread Mirai.
https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/

Experts Uncover 'Crutch' Russian Malware Used in APT Attacks for 5 Years

Experts Uncover 'Crutch' Russian Malware Used in APT Attacks for 5 Years.
https://thehackernews.com/2020/12/experts-uncover-crutch-russian-malware.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29

thehackernews.com Cybersecurity Researchers Uncover 'Crutch' Russian Malware Framework Used in APT Attacks for 5 Years

How to Protect Your Business From Multi-Platform Malware Systems

How to Protect Your Business From Multi-Platform Malware Systems.
https://www.tripwire.com/state-of-security/featured/protect-your-business-from-multi-platform-malware-systems/

tripwire.com A dive into what you need to know about malware attacks and how multi-platform frameworks are different to standard malware attacks.

Mac users warned of more Ocean Lotus malware targeted attacks

Mac users warned of more Ocean Lotus malware targeted attacks.
https://grahamcluley.com/mac-users-warned-of-more-ocean-lotus-malware-targeted-attacks/

grahamcluley.com Security researchers have warned of the latest incarnation of a backdoor trojan horse that has been used in the past to target Mac users. If you're a Mac user, I really hope you're running anti-virus…

TrickBot's new module aims to infect your UEFI firmware

TrickBot's new module aims to infect your UEFI firmware.
https://www.bleepingcomputer.com/news/security/trickbots-new-module-aims-to-infect-your-uefi-firmware/

bleepingcomputer.com TrickBot malware developers have created a new module that probes for UEFI vulnerabilities, demonstrating the actor's effort to take attacks at a level that would give them ultimate control over infected machines.

IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain

IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain.
https://securityintelligence.com/posts/ibm-uncovers-global-phishing-covid-19-vaccine-cold-chain/

securityintelligence.com IBM X-Force recently uncovered a global phishing campaign targeting organizations associated with the COVID-19 vaccine cold chain.

"Free" Symchanger Malware Tricks Users Into Installing Backdoor

“Free” Symchanger Malware Tricks Users Into Installing Backdoor.
https://blog.sucuri.net/2020/12/free-symchanger-malware-tricks-users-into-installing-backdoor.html

blog.sucuri.net Our researcher describes how attackers are distributing malware with backdoors to obtain unauthorized access to other bad actors hacked websites.

Using Speakeasy Emulation Framework Programmatically to Unpack Malware

Using Speakeasy Emulation Framework Programmatically to Unpack Malware.
https://www.fireeye.com/blog/threat-research/2020/12/using-speakeasy-emulation-framework-programmatically-to-unpack-malware.html

fireeye.com The Speakeasy framework provides an easy-to-use, flexible, and powerful programming interface that enables analysts to solve complex problems such as unpacking malware.

Signed Bandook Malware Attacks Against Multiple Industrial Sectors

Signed Bandook Malware Attacks Against Multiple Industrial Sectors.
https://gbhackers.com/signed-bandook-malware/

gbhackers.com Considering that a wide array of sectors and countries have been targeted, it is suspected that the malware is not developed by a single entity.

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement.
https://securityaffairs.co/wordpress/111761/malware/multi-vector-miner-tsunami-botnet.html?utm_source=feedly&utm_medium=rss&utm_campaign=multi-vector-miner-tsunami-botnet

securityaffairs.co Security researcher Tolijan Trajanovski () analyzed the multi-vector Miner+Tsunami Botnet that implements SSH lateral movement.

Malicious npm packages caught installing remote access trojans | ZDNet

Malicious npm packages caught installing remote access trojans.
https://www.zdnet.com/article/malicious-npm-packages-caught-installing-remote-access-trojans/

zdnet.com JavaScript and Node.js developers who installed the jdb.js and db-json.js packages were infected with the njRAT malware.

What is DataOps? Collaborative, cross-functional analytics

What is DataOps? Collaborative, cross-functional analytics.
https://www.cio.com/article/3237694/what-is-dataops-data-operations-analytics.html

cio.com DataOps (data operations) is an emerging discipline that brings together DevOps teams with data engineer and data scientist roles to provide the tools, processes and organizational structures to support the data-focused enterprise.

What to do in case of a Linux kernel panic

What to do in case of a Linux kernel panic.
https://www.redhat.com/sysadmin/linux-kernel-panic

redhat.com Here's how to avoid panicking when you see a Linux kernel panic.

What is XDR (and Why Do Enterprises Need It)? - SentinelOne | SentinelOne

What is XDR (and Why Do Enterprises Need It)?
https://www.sentinelone.com/blog/2020/11/30/what-is-xdr-and-why-do-enterprises-need-it/

sentinelone.com Protecting the organization across multiple layers requires an XDR platform, but what exactly is XDR? And what should you look for when choosing a solution?

MacOS users targeted with updated malware

MacOS users targeted with updated malware.
https://www.itsecurityguru.org/2020/12/01/macos-users-targeted-with-updated-malware/?utm_source=feedly&utm_medium=rss&utm_campaign=macos-users-targeted-with-updated-malware

itsecurityguru.org A new form of malware has been discovered to be targeting Apple MacOS user, with researches saying that it is tied to a state-backed hacking operation. The malw

Microsoft Defender for Identity now detects Zerologon attacks

Microsoft Defender for Identity now detects Zerologon attacks.
https://www.bleepingcomputer.com/news/security/microsoft-defender-for-identity-now-detects-zerologon-attacks/

bleepingcomputer.com Microsoft has added support for Zerologon exploitation detection to Microsoft Defender for Identity to allow Security Operations teams to detect on-premises attacks attempting to abuse this critical vulnerability.

OnionSearch - A Script That Scrapes Urls On Different .Onion Search Engines.
https://www.kitploit.com/2020/12/onionsearch-script-that-scrapes-urls-on.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29

German users targeted with Gootkit banker or REvil ransomware

German users targeted with Gootkit banker or REvil ransomware.
https://blog.malwarebytes.com/threat-analysis/2020/11/german-users-targeted-with-gootkit-banker-or-revil-ransomware/

blog.malwarebytes.com After a noted absence, the Gootkit banking Trojan returns en masse to hit Germany. In an interesting twist, some of the victims may receive ransomware instead.

Preventing the Unknown with Static Analysis - Check Point Software

Preventing the Unknown with Static Analysis.
https://blog.checkpoint.com/2020/11/30/preventing-the-unknown-with-static-analysis/

blog.checkpoint.com This blog provides insights into zero-day unknown threats – what are they, and why is it a challenge to protect against them. Also, it covers Check Point

DNS data mining case study - skidmap.
https://blog.netlab.360.com/security-with-dns-data_en/

Chip maker Advantech hit by Conti ransomware gang.
https://securityaffairs.co/wordpress/111606/security/advantech-conti-ransomware.html?utm_source=feedly&utm_medium=rss&utm_campaign=advantech-conti-ransomware

Week in review: Drupal-based sites open to attack, cPanel 2FA bypass vulnerability - Help Net Security

Week in review: Drupal-based sites open to attack, cPanel 2FA bypass vulnerability.
https://www.helpnetsecurity.com/2020/11/29/week-in-review-drupal-based-sites-open-to-attack-cpanel-2fa-bypass-vulnerability/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

helpnetsecurity.com Here's an overview of some of last week's most interesting news and articles: Challenges organizations face in combating third-party cyber risk A CyberGRX

Europol and partners thwart massive credit card fraud scheme | WeLiveSecurity

Europol and partners thwart massive credit card fraud scheme.
https://www.welivesecurity.com/2020/11/27/europol-partners-thwart-credit-card-fraud-scheme/

welivesecurity.com Europol and partners have teamed up to disrupt trade in stolen credit card data on the dark web, preventing around €40 million in losses for both consumers and organizations.

Top 5 business sectors targeted by ransomware

Top 5 business sectors targeted by ransomware.
https://www.techrepublic.com/article/top-5-business-sectors-targeted-by-ransomware/

techrepublic.com Any business is subject to ransomware attacks, but some are more hit more than others. Tom Merritt lists five business sectors that are targeted by ransomware.

Digitally Signed Bandook Malware Once Again Targets Multiple Sectors.
https://thehackernews.com/2020/11/digitally-signed-bandook-malware-once.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29

WAPDropper – Android Malware Subscribing Victims To Premium Services By Telecom Companies - GBHackers On Security

WAPDropper – Android Malware Subscribing Victims To Premium Services By Telecom Companies.
https://gbhackers.com/wapdropper-android-malware/

gbhackers.com Security analysts have found a new malware that infects mobile devices and subscribes the victims to premium subscription provided by telecom companies, and the victim remains oblivious to this. The CAPTCHA verification that is usually required to subscribe to these services is bypassed via Machine....

Canon publicly confirms August ransomware attack, data theft

Canon publicly confirms August ransomware attack, data theft.
https://www.bleepingcomputer.com/news/security/canon-publicly-confirms-august-ransomware-attack-data-theft/

bleepingcomputer.com Canon has finally confirmed publicly that the cyberattack suffered in early August was caused by ransomware and that the hackers stole data from company servers.

Hackers Love Expired Domains

Hackers Love Expired Domains.
https://blog.sucuri.net/2020/11/hackers-love-expired-domains.html

blog.sucuri.net Our researcher explains how attackers leverage expired domains to replace legitimate resources with their own malware, impacting anyone who continues to use the deprecated domain.

vSphere Backup Best Practices.
https://www.solarwindsmsp.com/blog/vsphere-backup-best-practices