Cyberthreats | SC Media

Cyberthreats

77 updates in Microsoft patch Tuesday

By

Microsoft released 77 updates, 20 of which were classified as critical, in this months patch Tuesday announcement. The updates included fixes for Microsoft Windows, Office, IE, Edge resolving a total of 74 unique CVEs this month including one actively exploited zero day flaw in Internet Explorer, according to its February Patch Tuesday release. The zero…

Layering EMV chip, tokenization, encryption bolsters card payment security

Chip and PIN protections may fall short as future threats materialize

By

The protections that chip and PIN payment card solutions offer may fall short as cybercriminals begin installing command-and-control malware on infected EMV device readers, a new report warns. Cybercriminals could begin repurposing ATM EMV malware to attack retail environments by infecting point-of-sale (POS) machines (possibly via malicious USB drives) and then introducing an altered EMV…

Golang stealer malware gives debuggers a new look

By

A new cryptocurrency stealer written in Golang (Go) programming language has been detected as part of a new trend in cybercriminals writing malware in Go. Last year Sofacy created a new variant of Zebrocy malware that was written in Go to create a functionally similar Trojan to use in spear-phishing emails with a LNK shortcut…

Calendar spam seeks to annoy even after message is ignored

By

GMX is warning users of a new type of spam using fake calendar appointments known as “calendar spam” looking to give attackers multiple opportunities to infect victims. The threat comes from the threat actor sending the fake appointment invitation via email but unlike traditional spam which comes in the form of unwanted messages, calendar spam…

AppleMalware2

Attorney claims Apple FaceTime eavesdropping glitch “allowed” recording of deposition

By

Houston attorney Larry Williams is suing Apple over the recently disclosed FaceTime bug which allows callers to listen to the audio of the recipient before they answer the phone, claiming it allowed the recording of a private deposition. Williams argued Apple was negligent when it allowed the microphone to be used in this way and…

Experts share new insight on Sandworm APT exploits, BlackEnergy malware

GreyEnergy threat group linked to Zebrocy

By

Kaspersky researchers have discovered overlap between the GreyEnergy threat group, considered the successor to  BlackEnergy, and the Sofacy subset Zebrocy. Researchers described GreyEnergy and BlackEnergy as an advanced threat group that possesses extensive knowledge on penetrating their victim´s networks and exploiting any available vulnerabilities. The threat actor is also known for updating its tools and…

DarkHydrus RogueRobin uses Google Drive as C2 channel

By

A custom malware dubbed RogueRobin is using Google Drive as an alternative command and control channel. Palo Alto’s Unit 42 researchers have been monitoring the malware used by the DarkHydrus APT group and which is hidden in a series of Arabic language spear phishing emails laced with macro-enabled Excel documents with the .xlsm file extensions,…

GandCrab returns with trojans and redundency

By

The GandCrab ransomware has returned with a new set of trojans in addition to its initial infection. The addition of new tools comes just over a week after at least one threat actor began using a combination the info stealer Vidar with the ransomware to increase their odds of taking something of value away from…

TEMP.MixMaster group infects with Trickbot and delayed Ryuk ransomware combo

By

Financially motivated threat actors,referred to as TEMP.MixMaster, are infecting victims with Trickbot malware before deploying the infamous Ryuk ransomware and so far have managed to make off with a reported $3.7 million worth of Bitcoin. The attacks are also unique as the threat actors often wait for extended periods after gaining access, often profiting from…

ICEPick-3PC malware compromises third-party tools to steal Android IPs

By

A new malware dubbed ICEPick-3PC is stealing device IP addresses en masse since at least spring 2018. The malware executes after its authors hijack a website’s third‐party tools which are often pre-loaded onto client platforms by self-service agencies and are designed to incorporate interactive web content, such as animation via HTML5, The Media Trust said…

Next post in Security News