Daily NCSC-FI news followup 2021-06-03

Exchange Servers Targeted by Epsilon Red’ Malware

threatpost.com/exchange-servers-epsilon-red-ransomware/166640/ Threat actors have deployed new ransomware on the back of a set of PowerShell scripts developed for making encryption, exploiting flaws in unpatched Exchange Servers to attack the corporate network, according to recent research. Researchers from security firm Sophos detected the new ransomware, called Epsilon Red, in an investigation of an attack on a U.S.-based company in the hospitality sector, Sophos Principal Researcher Andrew Brandt wrote in a report published online.

Necro Python bot revamped with new VMWare, server exploits

www.zdnet.com/article/necro-python-bot-revamped-with-new-vmware-smb-exploits/ A recent Necro Python bot campaign has shown that the developer behind the malware is hard at work ramping up its capabilities. The developer behind the Necro Python bot has made a number of changes to increase the power and versatility of the bot, including exploits for over 10 different web applications and the SMB protocol that are being weaponized in the bot’s recent campaigns. Exploits are included for vulnerabilities in software such as VMWare vSphere, SCO OpenServer, and the Vesta Control Panel.

New SkinnyBoy malware used by Russian hackers to breach sensitive orgs

www.bleepingcomputer.com/news/security/new-skinnyboy-malware-used-by-russian-hackers-to-breach-sensitive-orgs/ Security researchers have discovered a new piece of malware called SkinnyBoy that was used in spear-phishing campaigns attributed to Russian-speaking hacking group APT28. SkinnyBoy is intended for an intermediary stage of the attack, to collect information about the victim and to retrieve the next payload from the command and control (C2) server. SkinnyBoy is delivered through a Microsoft Word document laced with a macro that extracts a DLL file acting as a malware downloader. The lure is a message with a spoofed invitation to an international scientific event held in Spain at the end of July.

FireEye sells FireEye Products unit to STG for $1.2 billion

www.zdnet.com/article/fireeye-sells-fireeye-products-unit-to-stg-for-1-2-billion/#ftag=RSSbaffb68 FireEye said it is selling its FireEye Products business for $1.2 billion to a consortium led by Symphony Technology Group (STG). FireEye said that the transaction separates the company’s network, email, endpoint and cloud security products from Mandiant’s software and services. FireEye Products and Mandiant Solutions will continue to be one entity until the transaction closes.

Norton antivirus adds Ethereum cryptocurrency mining

www.bbc.com/news/technology-57345632 In a surprise move, one of the world’s best-known anti-virus software makers is adding cryptocurrency mining to its products. “Our customers can mine for cryptocurrency with just a few clicks, avoiding many barriers to entry in the cryptocurrency ecosystem.”

White House urges businesses to “take ransomware crime seriously”

www.bleepingcomputer.com/news/security/white-house-urges-businesses-to-take-ransomware-crime-seriously/ The White House has urged business leaders and corporate executives to take ransomware attacks seriously in a letter issued by Anne Neuberger, the National Security Council’s chief cybersecurity adviser.

WordPress force installs Jetpack security update on 5 million sites

www.bleepingcomputer.com/news/security/wordpress-force-installs-jetpack-security-update-on-5-million-sites/ Automattic, the company behind the WordPress content management system, force deploys a security update on over five million websites running the Jetpack WordPress plug-in. The vulnerability was found in the Carousel feature and its option to display comments for each image, with nguyenhg_vcs being the one credited for responsibly disclosing the security bug. The Jetpack development team added that it found no evidence that the vulnerability has been exploited in the wild.

You might be interested in …

Daily NCSC-FI news followup 2020-07-31

Tutorial of ARM Stack Overflow Exploit against SETUID Root Program www.fortinet.com/blog/threat-research/tutorial-arm-stack-overflow-exploit-against-setuid-root-program In part I of this blog series, Tutorial of ARM Stack Overflow Exploit Defeating ASLR with ret2plt, I presented how to exploit a classic buffer overflow vulnerability when ASLR is enabled. That target program calls the function gets() to read a line from stdin. […]

Read More

Daily NCSC-FI news followup 2019-08-05

– From State-Sponsored Attackers to Common Cybercriminals: Destructive Attacks on the Rise securityintelligence.com/posts/from-state-sponsored-attackers-to-common-cybercriminals-destructive-attacks-on-the-rise/ Destructive attacks have left their mark over the past few years, wiping data and rendering millions of enterprise devices inoperable at companies around the world. A new report today from IBM X-Force Incident Response and Intelligence Services (IRIS) shows that these attacks […]

Read More

Daily NCSC-FI news followup 2019-11-09

Titanium: the Platinum group strikes again securelist.com/titanium-the-platinum-group-strikes-again/94961/ Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium (named after a password to one of the self-executable archives). Titanium is the final result of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.