Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a new Internet of Things malware that’s bricked thousands of devices. Also, read about a ransomware family that’s using malvertising to direct victims to a… Continue reading This Week in Security News: Malvertising and Internet of Things Malware
Month: June 2019
Golang-based Spreader Used in a Cryptocurrency-Mining Malware Campaign
by Augusto Remillano II and Mark Vicente We found a Golang-based spreader being used in a campaign that drops a cryptocurrency miner payload. Golang, or Go, is an open source programming language that has been recently associated with malware activity. Trend Micro has been detecting the use of the spreader since May and saw it… Continue reading Golang-based Spreader Used in a Cryptocurrency-Mining Malware Campaign
AWS re:Inforce 2019 re:Cap
The inaugural AWS Cloud security conference—AWS re:Inforce—was held in Boston this week. Well over 8,000 attendees descended on the Boston Convention and Exhibition Center for two days jammed packed with security education and cloud content. This was a very interesting conference because the dynamics of the attendees felt very different from typical AWS events. Usually… Continue reading AWS re:Inforce 2019 re:Cap
ShadowGate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit
After almost two years of sporadic restricted activity, the ShadowGate campaign has started delivering cryptocurrency miners with a newly upgraded version of the Greenflash Sundown exploit kit. The campaign has been spotted targeting global victims, after operating mainly in Asia. Background of the Greenflash Sundown exploit kit The ShadowGate (also called WordsJS) campaign was identified… Continue reading ShadowGate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit
Three Network Security Questions with CEITEC’s CIO
Ireneo Demanarig is the Chief Information Officer at CEITEC S.A. located in Porto Alegre, Rio Grande do Sul, Brazil. CEITEC is a microelectronics manufacturer that specializes in solutions such as automatic identification (RFID and smartcards), application-specific integrated circuits (ASICs) aimed at identifying animals, and much more. Recently, I jumped on the phone with Ireneo and… Continue reading Three Network Security Questions with CEITEC’s CIO
Using Whitelisting to Remediate an RCE Vulnerability (CVE-2019-2729) in Oracle WebLogic
By: Sivathmican Sivakumaran (Vulnerability Researcher) Oracle WebLogic has recently disclosed and patched remote-code-execution (RCE) vulnerabilities in its software, many of which were due to insecure deserialization. Oracle addressed the most recent vulnerability, CVE-2019-2729, in an out-of-band security patch on June 18, 2019. CVE-2019-2729 was assigned a CVSS score of 9.8, making it a critical vulnerability.… Continue reading Using Whitelisting to Remediate an RCE Vulnerability (CVE-2019-2729) in Oracle WebLogic
This Week in Security News: Cyberespionage Campaigns and Botnet Malware
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a cyberespionage campaign targeting Middle Eastern countries anda botnet malware that infiltrates containers via exposed Docker APIs. Read on: Hackers Are After Your Personal Data… Continue reading This Week in Security News: Cyberespionage Campaigns and Botnet Malware
CVE-2019-8635: Double Free Vulnerability in Apple macOS Lets Attackers Escalate System Privileges and Execute Arbitrary Code
by Moony Li and Lilang Wu (Threats Analysts) We discovered a double free vulnerability (assigned as CVE-2019-8635) in macOS. The vulnerability is caused by a memory corruption flaw in the AMD component. If successfully exploited, an attacker can implement privilege escalation and execute malicious code on the system with root privileges. We disclosed our findings… Continue reading CVE-2019-8635: Double Free Vulnerability in Apple macOS Lets Attackers Escalate System Privileges and Execute Arbitrary Code
Cryptocurrency Mining Botnet Arrives Through ADB and Spreads Through SSH
by Jindrich Karasek We observed a new cryptocurrency mining botnet that arrives via open ADB (Android Debug Bridge) ports and can spread via SSH. This attack takes advantage of the way open ADB ports don’t have authentication by default, similar to the Satori botnet variant we previously reported. This botnet’s design allows it to spread… Continue reading Cryptocurrency Mining Botnet Arrives Through ADB and Spreads Through SSH
Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East
By: Ecular Xu and Grey Guo (Mobile Threats Analysts) We uncovered a cyberespionage campaign targeting Middle Eastern countries. We named this campaign “Bouncing Golf” based on the malware’s code in the package named “golf.” The malware involved, which Trend Micro detects as AndroidOS_GolfSpy.HRX, is notable for its wide range of cyberespionage capabilities. Malicious codes are… Continue reading Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East