Today, we published a special supplement to our annual State of Software Security report that focuses exclusively on the security posture of the open source libraries found in applications. Prominent in almost every application today, open source libraries allow developers to move faster by quickly adding basic functionality. In fact, it would be nearly impossible… Continue reading Announcing Our State of Software Security: Open Source Edition Report
Category: Uncategorized
Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902
Update as of 10:00 A.M. PST, July 30, 2020: Our continued analysis of the malware sample showed adjustments to the details involving the URI and Shodan scan parameters. We made the necessary changes in this post. We would like to thank F5 Networks for reaching out to us to clarify these details. With additional insights… Continue reading Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902
Ensiko: A Webshell With Ransomware Capabilities
By Aliakbar Zahravi Ensiko is a PHP web shell with ransomware capabilities that targets various platforms such as Linux, Windows, macOS, or any other platform that has PHP installed. The malware has the capability to remotely control the system and accept commands to perform malicious activities on the infected machine. It can also execute shell… Continue reading Ensiko: A Webshell With Ransomware Capabilities
Updates on ThiefQuest, the Quickly-Evolving macOS Malware
By Steven Du, Gabrielle Mabutas, and Luis Magisa Right as July of this year began, we noticed an emerging malware dubbed by most as ThiefQuest (also known as EvilQuest), a threat that targets macOS devices, encrypts files, and installs keyloggers in affected systems. It has been found in pirated versions of macOS shared on popular… Continue reading Updates on ThiefQuest, the Quickly-Evolving macOS Malware
Patch Tuesday: Fixes for ‘Wormable’ Windows DNS Server RCE, SharePoint Flaws
There has been a common vulnerabilities and exposures (CVE) fixing trend in 2020 Patch Tuesdays. For instance, Microsoft has patched roughly more than 100 vulnerabilities per month in recent bulletins. Similarly, the July update issues 123 patches, including fixes in RemoteFX vGPU, Microsoft Office, Microsoft Windows, OneDrive, and Jet Database Engine. The patches address 18… Continue reading Patch Tuesday: Fixes for ‘Wormable’ Windows DNS Server RCE, SharePoint Flaws
New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173
By Augusto Remillano II and Jemimah Molina We discovered a new Mirai variant (detected as IoT.Linux.MIRAI.VWISI) that exploits nine vulnerabilities, most notable of which is CVE-2020-10173 in Comtrend VR-3033 routers which we have not observed exploited by past Mirai variants. This discovery is a new addition to the Mirai variants that appeared in the past… Continue reading New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173
US Local Government Services Targeted by New Magecart Credit Card Skimming Attack
Eight cities across three states in the United States have fallen victim to a Magecart card skimming attack. In these attacks, their websites were compromised to host credit card skimmers which passed on the credit card information of residents to cybercriminals. These sites all appear to have been built using Click2Gov, a web-based platform meant… Continue reading US Local Government Services Targeted by New Magecart Credit Card Skimming Attack
XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
Insights and analysis by Augusto Remillano II With additional analysis by Patrick Noel Collado and Karen Ivy Titiwa We have recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware (detected by Trend Micro as Backdoor.Linux.XORDDOS.AE) and Kaiji DDoS malware (detected by Trend Micro as DDoS.Linux.KAIJI.A). Having… Continue reading XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa
By Ecular Xu and Joseph C. Chen While tracking Earth Empura, also known as POISON CARP/Evil Eye, we identified an undocumented Android spyware we have named ActionSpy (detected by Trend Micro as AndroidOS_ActionSpy.HRX). During the first quarter of 2020, we observed Earth Empusa’s activity targeting users in Tibet and Turkey before they extended their scope… Continue reading New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa
Patch Tuesday: Fixes for LNK, SMB, and SharePoint Bugs
This month’s Patch Tuesday had the highest number of entries so far in 2020 — a whopping 129, a continuation of the trend seen from the previous months. The update includes fixes for LNK, SMB, SharePoint, and Win32k vulnerabilities. While the update contained a significant number of patches, only 11 were rated Critical. One of… Continue reading Patch Tuesday: Fixes for LNK, SMB, and SharePoint Bugs