A week in security (February 27 - March 5)

Last week on Malwarebytes Labs: Fighting online censorship, or, encryption's latest surprise use-case, with Mallory Knodel: Lock and Code S04E05 How to work from home securely, the NSA way TikTok probed over child privacy practices iPhone users targeted in phone AND data theft campaign US Marshal...

Internet Explorer users still targeted by RIG exploit kit

Despite a very slim browser market share, Internet Explorer IE is still being exploited by exploit kits like the RIG exploit kit EK. One major advantage for the malware distributors behind the exploit kit is that the outdated browser has reached end-of-life EOL, which means it no longer receives...

Researchers Share New Insights Into RIG Exploit Kit Malware's Operations

The RIG exploit kit EK touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. "RIG EK is a financially-motivated program that has been active since 2014," Swiss cybersecurity company PRODAFT said in an exhaustive report shared with The Hacker News...

Researchers Share New Insights Into RIG Exploit Kit Malware's Operations

The RIG exploit kit EK touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. "RIG EK is a financially-motivated program that has been active since 2014," Swiss cybersecurity company PRODAFT said in an exhaustive report shared with The Hacker News...

CISA issues alert with South Korean government about DPRK's ransomware antics

CISA and other federal agencies were joined by the National Intelligence Service NIS and the Defense Security Agency of the Republic of Korea ROK in releasing the latest cybersecurity advisory in the US government's ongoing StopRansomware effort. This alert highlights continuous state-sponsored...

Ghost unauthorized newsletter modification vulnerability

Talos Vulnerability Report TALOS-2022-1624 Ghost unauthorized newsletter modification vulnerability December 21, 2022 CVE Number CVE-2022-41654 SUMMARY An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted...

RIG Exploit Kit Now Infects Victims' PCs With Dridex Instead of Raccoon Stealer

The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022. The switch in modus operandi, spotted by Romanian company Bitdefender, comes in the wake of Raccoon Stealer temporarily...

Security vulnerabilities: 5 times that organizations got hacked

Businesses and governments these days are relying on dozens of different Software-as-a-Service SaaS applications to run their operations — and it’s no secret that hackers are always looking for security vulnerabilities in them to exploit. According to research by BetterCloud, the average company...

MakeMoney malvertising campaign adds fake update template

Malware authors and distributors are following the ebbs and flow of the threat landscape. One campaign we have tracked for a numbers of years recently introduced a new scheme to possibly completely move away from drive-by downloads via exploit kit. In this quick blog post, we will look at this ne...

New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer

A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan. "When executed, RedLine Stealer performs recon against the target system including username, hardware, browsers installed, anti-virus...

Chrome Zero-Day from North Korea

North Korean hackers have been exploiting a zero-day in Chrome. The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for...

North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability CVE-2022-0609 in Google Chromes web browser. The attack mainly targe...

Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch

North Korean threat actors exploited a remote code execution RCE zero-day vulnerability in Google’s Chrome web browser weeks before the bug was discovered and patched, according to researchers. Google Threat Analysis Group TAG discovered the flaw, tracked as CVE-2022-0609, on Feb. 10, reporting a...

North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms

Google's Threat Analysis Group TAG on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser. The campaigns, once again "reflective of th...

Chrome targeted by Magnitude exploit kit

Exploit kits EK are not as widespread as they used to be. One of the reasons is likely that most exploit kits targeted software that is hardly ever used anymore. Internet Explorer, Silverlight, and Flash Player to name a few, have been deprecated, replaced, and quickly lost their user-base. So,...

The Ransomware Killchain: How It Works, and How to Protect Your Systems

Much ado has been made by this very author on this very blog! about the incentives for attackers and defenders around ransomware. There is also a wealth of information on the internet about how to protect yourself from ransomware. One thing we want to avoid losing sight of, however, is just how w...

PurpleFox Using WPAD to Target Indonesian Users

The PurpleFox Exploit Kit is now being distributed via WPAD attacks targeting Indonesian users...

Evolution of JSWorm ransomware

Introduction Over the past few years, the ransomware threat landscape has been gradually changing. We have been witness to a paradigm shift. From the massive outbreaks of 2017, such as WannaCry, NotPetya, and Bad Rabbit, a lot of ransomware actors have moved to the covert but highly profitable...

CVE-2021-26411

Internet Explorer Memory Corruption Vulnerability Recent assessments: ccondon-r7 at April 05, 2021 1:20pm UTC reported: There is now public threat intelligence that the Purple Fox exploit kit has incorporated this vulnerability and is exploiting it. gwillcox-r7 at March 11, 2021 5:57pm UTC...

Exploit for CVE-2020-1472

PoC exploit for CVE-2020-1472, a Windows Kerberos authentication...