The second half of February 2019 continued to highlight server vulnerabilities with a Linux ransomware named B0r0nt0K making headlines. There’s a useful privacy resource about the pros and cons – along with how-tos – for deleting oneself from social media amid the slew of related privacy concerns that surface regularly, if not daily.
For more articles, check out our #onpatrol4malware blog.
A Peek into BRONZE UNION’s Toolbox
In 2018, CTU researchers identified evidence of BRONZE UNION leveraging tools that have been publicly available for years. However, the variants used in 2018 included updated code. Read more.
Magecart Group 4: Never Gone, Always Advancing
After our researchers surface more Magecart instances in RiskIQ’s automated detection, attribution is usually the final step in our analysis. Read more.
New detection method indentifies cryptomining and other fileless malware attacks
A joint press release touts the new memory-based attack detection method as “a 10x improvement in scanning time with no increase in CPU usage,” as well as a significant increase to detection rates. Read more.
New browser attack lets hackers run bad code even after users leave a web page
Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users’ browsers even after users have closed or navigated away from the web page on which they got infected. Read more.
Monero Miner-Malware Uses RADMIN, MIMiKATZ to Infect, Propogate via Vulnerability
Source: Trend Micro
Between the last week of January to February, we noticed an increase in hack tool installation attempts that dropped seemingly random files into the Windows directory. Read more.
Understanding the Darknet and Its Impact on Cybersecurity
The darknet is a very real concern for today’s businesses. In recent years, it has redefined the art of hacking and, in the process, dramatically expanded the threat landscape that organizations now face. Read more.
The Muncy Malware is on the Rise
Source: Security Affairs
Muncy is the name dubbed by SI-LAB that analyzed this threat. Now, the malware is targeting user’s worldwide and has been spread via phishing campaigns. Read more.
Should You Delete Yourself from Social Media?
You’re feeling like you’ve had enough. All the recent news—from Facebook’s Cambridge Analytica snafu to various abuses of Twitter vulnerabilities—has you wondering: Should I delete myself from social media? Read more.
B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers
Source: Bleeping Computer
A new Linux ransomware called B0r0nt0K is encrypting victim’s web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. Read more.
Identifying Cobalt Strike team servers in the wild
Source: Fox IT
Cobalt Strike is a framework designed for adversary simulation. It is commonly used by penetration testers and red teamers to test an organization’s resilience against targeted attacks, but has been adopted by an ever increasing number of malicious threat actors. Read more.