fbpx
+1.813.321.0987

Read some of the most interesting and useful infosec articles from the last two weeks, in particular a couple about the newcomer Nemty ransomware. The NCSC published a reminder / warning about the upcoming end of life for Python2 (January 2020).

For more articles, check out our #onpatrol4malware blog.

Nemty ransomware

Recent Phishing Attack on ProtonMail Accounts of Bellingcat Journalists Linked to Russia

Source: CPO Magazine

ProtonMail is a unique web-based email service that offers strong standard end-to-end encryption and has a basic tier that is free. Read more.

Nemty ransomware

Firefox 69: Third‑Party Tracking Cookies and Cryptomining Now Blocked by Default

Source: ESET

Firefox new Enhanced Tracking Protection (ETP) feature launched to all users of the browser to offer better privacy and protection from cryptojacking. Read more.

install ransomware

Ransomware hits hundreds of dentist offices in the US

Source: ESET

Hundreds of dental practice offices in the US have had their computers infected with ransomware this week, ZDNet has learned from a source. Read more.

microsoft

China Chopper still active 9 years later

Source: Talos

China Chopper has found a way to stay relevant, active and effective nine years after its initial discovery. Read more.

Nemty ransomware

Phishing Campaign Delivers Quasar RAT Payloads via Fake Resumes

Source: BleepingComputer

A new phishing campaign uses fake resume attachments designed to deliver Quasar Remote Administration Tool (RAT) malicious payloads. Read more.

Nemty ransomware

Definitive Dossier of Devilish Debug Details

Source: FireEye

Welcome to part one of a multi-part, tweet-inspired series about PDB paths, their relation to malware, and how they may be useful. Read more.

Nemty ransomware

New Nemty Ransomware May Spread via Compromised RDP Connections

Source: BleepingComputer

A new ransomware has been spotted over the weekend, carrying references to the Russian president and antivirus software. Read more.

vulnerabilities

Time to shed Python 2

Source: NCSC

The end of life (EOL) date for Python 2 has been a long time coming, but it’s finally in sight. As of the 1st of January 2020, Python 2 will no longer be supported. Read more.

Microsoft

Fully equipped Spying Android RAT from Brazil: BRATA

Source: Kaspersky

“BRATA” is a new Android remote access tool malware family. We used this code name based on its description – “Brazilian RAT Android”. Read more.

Nemty ransomware

Nemty Ransomware Gets Distribution from RIG Exploit Kit

Source: BleepingComputer

The operators of Nemty ransomware appear to have struck a distribution deal to target systems with outdated technology that can still be infected by exploit kits. Read more.

Microsoft

Threat Actor behind Astaroth is using Cloudflare Workers

Source: Medium

The group behind the Astaroth attack campaign changed tactics and they ran a campaign in August using Cloudflare Workers. Read more.

Nemty ransomware

JSWorm: The 4th Version of the Infamous Ransomware

Source: Yoroi

Ransomware is continuously supported with the purpose of creating revenues for cyber criminals. One of them is JSWorm, which has been updated to version 4. Read more.

Nemty ransomware

Warning Issued After Malware Is Found To Have Hijacked Bitcoin Blockchain

Source: Forbes

Bitcoin’s blockchain has been hijacked by a new strain of the Glupteba malware that uses the network to resist attacks. Read more.

Nemty ransomware

Crimeware in the Modern Era: A Cost We Cannot Ignore

Source: Medium

Chronicle researchers conducted an investigation into the evolution of crimeware from 2013 through 2018. Read more.

Nemty ransomware

Thousands of servers infected with new Lilocked (Lilu) ransomware

Source: ZDNet

Thousands of web servers have been infected and had their files encrypted by a new strain of ransomware named Lilocked (or Lilu). Read more.