Exchange Servers Targeted by Epsilon Red’ Malware
threatpost.com/exchange-servers-epsilon-red-ransomware/166640/ Threat actors have deployed new ransomware on the back of a set of PowerShell scripts developed for making encryption, exploiting flaws in unpatched Exchange Servers to attack the corporate network, according to recent research. Researchers from security firm Sophos detected the new ransomware, called Epsilon Red, in an investigation of an attack on a U.S.-based company in the hospitality sector, Sophos Principal Researcher Andrew Brandt wrote in a report published online.
Necro Python bot revamped with new VMWare, server exploits
www.zdnet.com/article/necro-python-bot-revamped-with-new-vmware-smb-exploits/ A recent Necro Python bot campaign has shown that the developer behind the malware is hard at work ramping up its capabilities. The developer behind the Necro Python bot has made a number of changes to increase the power and versatility of the bot, including exploits for over 10 different web applications and the SMB protocol that are being weaponized in the bot’s recent campaigns. Exploits are included for vulnerabilities in software such as VMWare vSphere, SCO OpenServer, and the Vesta Control Panel.
New SkinnyBoy malware used by Russian hackers to breach sensitive orgs
www.bleepingcomputer.com/news/security/new-skinnyboy-malware-used-by-russian-hackers-to-breach-sensitive-orgs/ Security researchers have discovered a new piece of malware called SkinnyBoy that was used in spear-phishing campaigns attributed to Russian-speaking hacking group APT28. SkinnyBoy is intended for an intermediary stage of the attack, to collect information about the victim and to retrieve the next payload from the command and control (C2) server. SkinnyBoy is delivered through a Microsoft Word document laced with a macro that extracts a DLL file acting as a malware downloader. The lure is a message with a spoofed invitation to an international scientific event held in Spain at the end of July.
FireEye sells FireEye Products unit to STG for $1.2 billion
www.zdnet.com/article/fireeye-sells-fireeye-products-unit-to-stg-for-1-2-billion/#ftag=RSSbaffb68 FireEye said it is selling its FireEye Products business for $1.2 billion to a consortium led by Symphony Technology Group (STG). FireEye said that the transaction separates the company’s network, email, endpoint and cloud security products from Mandiant’s software and services. FireEye Products and Mandiant Solutions will continue to be one entity until the transaction closes.
Norton antivirus adds Ethereum cryptocurrency mining
www.bbc.com/news/technology-57345632 In a surprise move, one of the world’s best-known anti-virus software makers is adding cryptocurrency mining to its products. “Our customers can mine for cryptocurrency with just a few clicks, avoiding many barriers to entry in the cryptocurrency ecosystem.”
White House urges businesses to “take ransomware crime seriously”
www.bleepingcomputer.com/news/security/white-house-urges-businesses-to-take-ransomware-crime-seriously/ The White House has urged business leaders and corporate executives to take ransomware attacks seriously in a letter issued by Anne Neuberger, the National Security Council’s chief cybersecurity adviser.
WordPress force installs Jetpack security update on 5 million sites
www.bleepingcomputer.com/news/security/wordpress-force-installs-jetpack-security-update-on-5-million-sites/ Automattic, the company behind the WordPress content management system, force deploys a security update on over five million websites running the Jetpack WordPress plug-in. The vulnerability was found in the Carousel feature and its option to display comments for each image, with nguyenhg_vcs being the one credited for responsibly disclosing the security bug. The Jetpack development team added that it found no evidence that the vulnerability has been exploited in the wild.