The last couple of weeks provided the security community with a wide variety of topics, from an AV Comparatives study on antimalware security apps in the Google Play Store to new features and capabilities for TrickBot, AZORult, and Mirai. And related to the ASUS breach, there is a useful resource for verifying the targeted MAC addresses, something all owners of the brand’s computers should check out. Learn more about email security protocols DMARC, SPF and DKIM from CSO and DNS basics from the Internet Society.
For more articles, check out our #onpatrol4malware blog.
Security Primer – TrickBot
Source: CIS
TrickBot is a modular banking trojan that targets user financial information and acts as a dropper for other malware. Read more.
DNS Privacy Frequently Asked Questions (FAQ)
Source: Internet Society
This document is organized as a list of frequently asked questions about DNS privacy, providing answers and highlighting the most important aspects of DNS privacy. Read more.
IPv6 unmasking via UPnP
Source: Cisco
In the following post, we’ll present a technique that uses the properties of the Universal Plug and Play (UPnP) protocol to get specific IPv4 hosts to divulge their IPv6 address. Read more.
Dissecting a NETWIRE Phishing Campaign’s Usage of Process Hollowing
Source: FireEye
Malware authors attempt to evade detection by executing their payload without having to write the executable file on the disk. Read more.
Anubis II – malware and afterlife
Source: Security Affairs
Besides being the Egyptian God associated with mummification and afterlife, Anubis is also an Android banking malware that has caused quite some trouble for over 300 financial institutions worldwide since 2017. Read more.
Global law enforcement action against vendors and buyers on the dark web
Source: Europol
Law enforcement from Europe, Canada and the United States joined forces early 2019 to target vendors and buyers of illegal goods on dark web marketplaces. Read more.
Making it Rain – Cryptocurrency Mining Attacks in the Cloud
Source: AT&T Cybersecurity
One of the most widely observed objectives of attacking an organization’s cloud infrastructure has been for cryptocurrency mining. Read more.
Android Test 2019 – 250 Apps
Source: AV Comparatives
For this test, we searched for and downloaded 250 antimalware security apps by various different developers from the Google Play Store. Read more.
Mirai Variant Adds Dozen New Exploits to Target Enterprise IoT Devices
Source: The Hacker News
The Mirai variant adds 11 new exploits to its “multi-exploit battery,” making it a total of 27 exploits, as well as a new set of “unusual default credentials” to use in brute force attacks against Internet-connected devices. Read more.
Unleash the Hash
Source: Skylight
Get the [almost] full list of MAC addresses that were targeted in the ASUS breach, and share our pain in the short story of extracting them. Read more.
Bots and botnets in 2018
Source: BleepingComputer
Due to the wide media coverage of incidents involving Mirai and other specialized botnets, their activities have become largely associated with DDoS attacks. Read more.
Main threat source to industrial computers? Mass-distributed malware
Source: Help Net Security
Malicious cyber activities on Industrial Control System (ICS) computers are considered an extremely dangerous threat as they could potentially cause material losses and production downtime in the operation of industrial facilities. Read more.
What are DMARC, SPF and DKIM?
Source: CSO
The three main email security protocols complement one another, so implementing them all provides the best protection. That’s easier said than done, but these tips can help. Read more.
AZORult++: Rewriting history
Source: SecurityList
In early March 2019, a number of malicious files detected by our products caught the eye. Although similar to AZORult already known to us, unlike the original malware, they were written not in Delphi, but in C++. Read more.
Abuse of hidden “well-known” directory in HTTPS sites
Source: Zscaler
In this blog, we are focusing on the Shade/Troldesh ransomware and phishing pages that we detected last month from several hundred compromised CMS sites. Read more.