Over the last couple of weeks we’ve seen point-of-sale malware making its way to the top of the threats list, at least in terms of headlines and focus. A rather shocking discovery was a PDF flaw that dates back 20 years and allows these legally binding documents to be modified post-signature. And, thankfully, a win for the security industry via a Cobalt Strike vulnerability that exposed thousands of C&C servers.

For more articles, check out our #onpatrol4malware blog.

Linux ransomware

‘DMSniff’ POS Malware Actively Leveraged to Target Small-, Medium-Sized Businesses

Source: Flashpoint

Point-of-sale malware previously only privately sold has been used in breaches of small- and medium-sized businesses in the restaurant and entertainment industries. Read more.

Linux malware

40% of malicious URLs were found on good domains

Source: Helpnet Security

To protect users, cybersecurity solutions need URL-level visibility or, when unavailable, domain-level metrics, that accurately represent the dangers. Read more.

Linux ransomware

GlitchPOS: New PoS malware for sale

Source: Talos

Point-of-sale malware is popular among attackers, as it usually leads to them obtaining credit card numbers and immediately use that information for financial gain. Read more.

Linux ransomware

Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data

Source: Cybereason

This Trojan and information stealer was recognized in Europe and chiefly affected Brazil through the abuse of native OS processes and the exploitation of security-related products. Read more.

Linux ransomware

New Ursnif Variant Comes with Enhanced Information Stealing Features

Source: Cybereason

This new variant of the Ursnif Trojan attempts to steal cryptocurrency directly from the users’ digital wallet, possibly due to the hardening of banking website security. Read more.

Linux ransomware

For many crooks, malware is out and PowerShell attacks are in, IBM says

Source: Cyberscoop

Digital thieves are ditching traditional forms of cybercrime in favor of more subtle techniques that apparently help them avoid detection. Read more.

Linux ransomware

Necurs Botnet adopts a new strategy to evade detection

Source: Security Affairs

Now Necurs has been spotted using a new evasion technique and that is allowing its operators to recruit more bots to the botnet. Read more.

point-of-sale malware

Vulnerability exposes location of thousands of malware C&C servers

Source: ZDNet

The vulnerability –now patched since the start of the year– affected Cobalt Strike, a legitimate penetration testing tool used by security researchers to emulate cyber-attacks. Read more.

Linux ransomware

Researchers break e-signatures in 22 common PDF viewers

Source: Sophos

The researchers published a paper revealing a flaw that PDF document viewers have presumably contained for the last 20 years. Read more.

Linux ransomware

Vulnerable Docker Hosts Actively Abused in Cryptojacking Campaigns

Source: BleepingComputer

Docker hosts are being abused after being compromised with the help of exploits designed to take advantage of the CVE-2019-5736 runc vulnerability discovered last month. Read more.