Read some of the most interesting and useful infosec articles from the last two weeks, in particular a couple about the newcomer Nemty ransomware. The NCSC published a reminder / warning about the upcoming end of life for Python2 (January 2020).
For more articles, check out our #onpatrol4malware blog.
Recent Phishing Attack on ProtonMail Accounts of Bellingcat Journalists Linked to Russia
Source: CPO Magazine
ProtonMail is a unique web-based email service that offers strong standard end-to-end encryption and has a basic tier that is free. Read more.
Firefox 69: Third‑Party Tracking Cookies and Cryptomining Now Blocked by Default
Firefox new Enhanced Tracking Protection (ETP) feature launched to all users of the browser to offer better privacy and protection from cryptojacking. Read more.
Ransomware hits hundreds of dentist offices in the US
Hundreds of dental practice offices in the US have had their computers infected with ransomware this week, ZDNet has learned from a source. Read more.
Phishing Campaign Delivers Quasar RAT Payloads via Fake Resumes
A new phishing campaign uses fake resume attachments designed to deliver Quasar Remote Administration Tool (RAT) malicious payloads. Read more.
Definitive Dossier of Devilish Debug Details
Welcome to part one of a multi-part, tweet-inspired series about PDB paths, their relation to malware, and how they may be useful. Read more.
New Nemty Ransomware May Spread via Compromised RDP Connections
A new ransomware has been spotted over the weekend, carrying references to the Russian president and antivirus software. Read more.
Time to shed Python 2
The end of life (EOL) date for Python 2 has been a long time coming, but it’s finally in sight. As of the 1st of January 2020, Python 2 will no longer be supported. Read more.
Fully equipped Spying Android RAT from Brazil: BRATA
“BRATA” is a new Android remote access tool malware family. We used this code name based on its description – “Brazilian RAT Android”. Read more.
Nemty Ransomware Gets Distribution from RIG Exploit Kit
The operators of Nemty ransomware appear to have struck a distribution deal to target systems with outdated technology that can still be infected by exploit kits. Read more.
Threat Actor behind Astaroth is using Cloudflare Workers
The group behind the Astaroth attack campaign changed tactics and they ran a campaign in August using Cloudflare Workers. Read more.
JSWorm: The 4th Version of the Infamous Ransomware
Ransomware is continuously supported with the purpose of creating revenues for cyber criminals. One of them is JSWorm, which has been updated to version 4. Read more.
Warning Issued After Malware Is Found To Have Hijacked Bitcoin Blockchain
Bitcoin’s blockchain has been hijacked by a new strain of the Glupteba malware that uses the network to resist attacks. Read more.
Thousands of servers infected with new Lilocked (Lilu) ransomware
Thousands of web servers have been infected and had their files encrypted by a new strain of ransomware named Lilocked (or Lilu). Read more.