January 19th, 2020 by hankshelp
“Microsoft has confirmed to TechCrunch that it will fix an Internet Explorer security exploit already being used for “limited targeted attacks.” The vulnerability lets attackers corrupt memory used for the scripting engine in IE9, IE10 and IE11 in a way that would let the intruder run arbitrary code with the same permissions as the user, letting them hijack a PC. It’s believed to be similar to the Firefox issue disclosed a week earlier.”
Posted in Malware | No Comments »
January 8th, 2020 by hankshelp
“Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim’s email, files and contacts — even after the victim has changed their password.”
Posted in Malware, Phishing | No Comments »
January 4th, 2020 by hankshelp
“An Arkansas-based telemarketing firm sent home more than 300 employees and told them to find new jobs after IT recovery efforts didn’t go according to plan following a ransomware incident that took place at the start of October 2019.”
Posted in Malware, Ransomware | No Comments »
November 19th, 2019 by hankshelp
“The department store Macy’s is warning that web skimmer malware was discovered on Macys.com collecting customers’ payment card information. The attack has been linked to Magecart, a notorious umbrella group made up of various cybercriminal affiliates that is known for injecting payment card skimmers into ecommerce websites.”
Posted in Malware, Security Breeches | No Comments »
November 3rd, 2019 by hankshelp
“Hackers have infected thousands of network-attached storage (NAS) devices from Taiwanese vendor QNAP with a new strain of malware named QSnatch
An analysis of the malware’s code revealed the following capabilities:
Modify OS timed jobs and scripts (cronjob, init scripts)
Prevent future firmware updates by overwriting update source URLs
Prevents the native QNAP MalwareRemover App from running
Extracts and steals usernames and passwords for all NAS users“
Posted in Malware, Network | No Comments »
November 1st, 2019 by hankshelp
“This artifact is a malicious 32-bit Windows executable. When executed the malware will collect system information about the victim machine including OS Version, Volume Information, and System Time, as well as enumerate the system drives and partitions.
The malware is capable of the following functions:
—Begin Malware Capability—
Read, Write, and Move Files
Enumerate System Drives
Create and Terminate Processes
Inject into Running Processes
Create, Start and Stop Services
Modify Registry Settings
Connect to a Remote Host
Upload and Download Files”
Posted in Identity Theft, Malware | No Comments »
August 4th, 2019 by hankshelp
- Cisco security advisorie
- Linux update
- Microsoft advisory update
- General Security review of last week
- iOS 0-day exploits released
Posted in Malware, Newsletters, Updates | No Comments »
August 4th, 2019 by hankshelp
“A new malware strain targeting Windows systems is rearing its ugly head. Named SystemBC, this malware installs a proxy on infected computers.
The bad news is that SystemBC never comes alone, and usually, the presence of this malware indicates that a computer was also infected by a second threat.“
Posted in Malware | No Comments »
July 26th, 2019 by hankshelp
“Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. But according to a report quietly issued by a California grand jury this week, more attention needs to be paid to securing social media and email accounts used by election officials at the state and local level.”
Posted in Malware, Newsletters, Security Breeches | No Comments »
July 22nd, 2019 by hankshelp
The keylogger, packaged with the Conexant HD Audio Driver Package in version 1.0.0.46 and earlier, has been discovered by researchers. With this audio driver comes a file, MicTray64.exe (or MicTray.exe for non-64-bit users), which has a Scheduled Task to run each time the user logs-on to their machine. Essentially, each time a key on the keyboard is pressed, it records it. The keystrokes are then stored in a plaintext file – definitely not a secure way of storing every key pressed on a machine.
The keystroke log is stored at C:\users\public\MicTray.log.
Posted in Malware, Security Breeches | No Comments »