Malwarebytes LabsMALWAREBYTES:026284ECC22DB2D1F343F9B66686DEF9Week in security (February 26 – March 4)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
Last week on Malwarebytes Labs, we explained how to protect your computer from malicious cryptomining, we gave an encryption 101 lesson using ShiOne ransomware as a case study, and we offered an explanation about SQL injection. We also released a report on the state of malicious cryptomining from its first resurgence in the fall until now.
In active malware, we discussed how the RIG malvertising campaign uses cryptocurrency themes as a decoy, how an old virus made its way onto a Chinese DDoS bot, and how a massive DDoS attack washed over GitHub.
We also drew your attention to our own Chris Boyd appearing in Jenny Radcliffe’s Human Factor Podcast.
Other news
- Does your endpoint solution stop fileless attacks? They are gaining traction, says a Ponemon Institute study. (Source: Bricata)
- Feedless is an iOS content blocker that takes the media out of social media. (Source: The Verge)
- A serious remote code execution vulnerability in both the 'μTorrent desktop app for Windows and the newly launched ‘μTorrent Web’ was reported. (Source: The Hacker News)
- But apparently, the Torrent vulnerabilities have already been fixed. (Source: The BitTorrent Engineering Blog)
- An ad network used an advanced malware technique to conceal CPU-draining mining ads. (Source: Ars Technica)
- US Supreme Court wrestles with Microsoft data privacy fight. (Source: Reuters)
- Loapi cryptocurrency mining malware is so powerful it can melt your phone. (Source: Newsweek)
- German government Intranet under ongoing attack. (Source: TheGuardian)
- Trustico states they stored private keys for customers’ SSL certificates. (Source: Bleeping Computer)
- Flash exploit CVE-2018-4878 was spotted in the wild as part of massive malspam campaign. (Source: Morphisec)
- Equifax says hackers stole more than previously reported. (Source: CBS Philly)
- Virus downs hundreds of Tim Hortons cash registers; furious owners threaten lawsuit. (Source: CTV News)
- SgxSpectre attack can extract data from Intel SGX enclaves. (Source: Bleeping Computer)
Stay safe, everyone!
The post Week in security (February 26 – March 4) appeared first on Malwarebytes Labs.
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%