A new method to deliver the TrickBot Trojan has been discovered on Windows 10 systems. TrickBot has been a reliable workhorse for cybercriminals since at least 2016 and is thought to have compromised at least 250 million email accounts globally. TrickBot may be responsible for hundreds of millions of dollars in fraud losses. The recent twist takes advantage of the remote desktop ActiveX control class to automatically execute the OSTAP malware JavaScript downloader on victim machines.
Recent News Articles
The Internal Revenue Service (IRS) has issued warning of an ongoing IRS-impersonation scam targeting educational institutes, primarily students/staff who have a “.edu” email address. The phishing email appears to target individuals affiliated with education in all formats including public and private, profit and non-profit institutions.
Whether you still use and enjoy the Windows 7 operating system or not, the end-of-life date for that operating system arrives next week. Official support for Windows 7 from Microsoft ends on January 14, 2020.
Recently a significant number of UCLA hosts running MacOSX participated in a DDoS amplification attack that leveraged the Apple Remote Desktop (ARD) or Apple Remote Management Service (ARMS) services, which provides Remote Desktop and management services on MacOSX devices using UDP Port 3283.
Recommended steps to harden MacOSX against these attacks:
The FBI identified a new trend of banking trojan infections and PowerShell Empire activity preceding BitPaymer ransomware attacks. The FBI normally issues Flash Reports like this when there is a marked increase in attack activity and exploit reports from victims. H-ISAC urges all members to take this Flash Report seriously and follow the recommended actions and mitigation techniques.
MITRE has released version 4.0 of the community-developed Common Weakness Enumeration (CWE) list. Previous CWE list versions describe common software security weaknesses. With version 4.0, the CWE list expands to include hardware security weaknesses. Additionally, version 4.0 simplifies the presentation of weaknesses into various views and adds a search function to enable easier navigation of the information. Visit https://cwe.mitre.org to learn how to get involved.
Cisco has released updates to address three vulnerabilities in its software-defined networking for wide-area network (SD-WAN) Solutions software. All three flaws have been rated high severity. The issues affect a range of Cisco products that are running SD-WAN software that is older than the current version: Release 19.2.2.
Microsoft today released the latest batch of software security updates for all supported versions of its Windows operating systems and other products that patch a total of 113 new security vulnerabilities, 17 of which are critical and 96 rated important in severity.
On Friday, January 10, 2020, honeypots have detected internet-wide opportunistic scanning activity targeting vulnerable Citrix endpoints. This critical vulnerability allows unauthenticated remote attackers to execute commands on the targeted server after chaining an arbitrary file read/write (directory traversal) flaw.