Over the last couple of weeks we’ve seen point-of-sale malware making its way to the top of the threats list, at least in terms of headlines and focus. A rather shocking discovery was a PDF flaw that dates back 20 years and allows these legally binding documents to be modified post-signature. And, thankfully, a win for the security industry via a Cobalt Strike vulnerability that exposed thousands of C&C servers.
For more articles, check out our #onpatrol4malware blog.
‘DMSniff’ POS Malware Actively Leveraged to Target Small-, Medium-Sized Businesses
Point-of-sale malware previously only privately sold has been used in breaches of small- and medium-sized businesses in the restaurant and entertainment industries. Read more.
40% of malicious URLs were found on good domains
Source: Helpnet Security
To protect users, cybersecurity solutions need URL-level visibility or, when unavailable, domain-level metrics, that accurately represent the dangers. Read more.
GlitchPOS: New PoS malware for sale
Point-of-sale malware is popular among attackers, as it usually leads to them obtaining credit card numbers and immediately use that information for financial gain. Read more.
For many crooks, malware is out and PowerShell attacks are in, IBM says
Digital thieves are ditching traditional forms of cybercrime in favor of more subtle techniques that apparently help them avoid detection. Read more.
Necurs Botnet adopts a new strategy to evade detection
Source: Security Affairs
Now Necurs has been spotted using a new evasion technique and that is allowing its operators to recruit more bots to the botnet. Read more.
Vulnerability exposes location of thousands of malware C&C servers
The vulnerability –now patched since the start of the year– affected Cobalt Strike, a legitimate penetration testing tool used by security researchers to emulate cyber-attacks. Read more.
Researchers break e-signatures in 22 common PDF viewers
The researchers published a paper revealing a flaw that PDF document viewers have presumably contained for the last 20 years. Read more.
Vulnerable Docker Hosts Actively Abused in Cryptojacking Campaigns
Docker hosts are being abused after being compromised with the help of exploits designed to take advantage of the CVE-2019-5736 runc vulnerability discovered last month. Read more.