Martijn Lammerts
My own digital place with a little of everything

Vulnerabilities in Apache CouchDB Open the Door to Monero Miners

15 February 2018

. Based on data from our sensors that we deployed worldwide, we have observed a new attack that exploits two vulnerabilities in a popular database system to deliver miners (detected by Trend Micro as HKTL_COINMINE.GE, HKTL_COINMINE.GP, and HKTL_COINMINE.GQ) for the Monero cryptocurrency.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Vulnerabilities in Apache CouchDB Open the Door to Monero Miners

Continue reading...

February Patch Tuesday Is a Bouquet of Fixes for Privilege Escalation Vulnerabilities

14 February 2018

Microsoft’s Patch Tuesday for February has a bevy of fixes addressing 50 security issues in Windows, Office (including Office Services and Web Apps), SharePoint, Internet Explorer, Edge, and ChakraCore JavaScript engine, as well as additional patches for the notorious Meltdown and Spectre vulnerabilities. Of these, 14 were rated critical. Eight of these security flaws were disclosed through Trend Micro’s Zero Day Initiative.

Majority of the vulnerabilities are related to elevation of privileges. When exploited successfully, these can allow hackers to carry out normally restricted and system-level functions or hijack the affected systems. There are also 11 security issues affecting the Windows kernel that can lead to local privilege escalation and information disclosure when exploited.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

February Patch Tuesday Is a Bouquet of Fixes for Privilege Escalation Vulnerabilities

Continue reading...

Deciphering Confucius’ Cyberespionage Operations

13 February 2018

In today’s online chat and dating scene, romance scams are not uncommon, what with catfishers and West African cybercriminals potently toying with their victims’ emotions to cash in on their bank accounts. It’s quite odd (and probably underreported), however, to see it used as a vector for cyberespionage.

We stumbled upon the Confucius hacking group while delving into Patchwork’s cyberespionage operations, and found a number of similarities. Code in their custom malware bore similarities, for instance. And like Patchwork, Confucius targeted a particular set of individuals in South Asian countries, such as military personnel and businessmen, among others.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Deciphering Confucius’ Cyberespionage Operations

Continue reading...

New AndroRAT Exploits Dated Permanent Rooting Vulnerability, Allows Privilege Escalation

13 February 2018

Trend Micro detected a new variant of Android Remote Access Tool (AndroRAT) (identified as ANDROIDOS_ANDRORAT.HRXC) that has the ability to inject root exploits to perform malicious tasks such as silent installation, shell command execution, WiFi password collection, and screen capture. This AndroRAT targets CVE-2015-1805, a publicly disclosed vulnerability in 2016 that allows attackers to penetrate a number of older Android devices to perform its privilege escalation.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

New AndroRAT Exploits Dated Permanent Rooting Vulnerability, Allows Privilege Escalation

Continue reading...

Attack Using Windows Installer msiexec.exe leads to LokiBot

8 February 2018

Recently, we discovered CVE-2017-11882 being exploited again in an attack that uses an uncommon method of installation—via the Windows Installer service in Microsoft Windows operating systems.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Attack Using Windows Installer msiexec.exe leads to LokiBot

Continue reading...

Detecting New Threats via Contextual Information and Reputation

7 February 2018

Cybercriminals are constantly looking for new strategies to defeat security solutions and improve the success of their attacks.

The increase in adoption of polymorphism and packing has made traditional signature-based detection at the client side (endpoint) obsolete. Backend systems struggle in analyzing modern malware since both static and dynamic analysis are limited when heavily obfuscated code or anti-sandboxing techniques are employed. In addition, the number of newly discovered threats is increasing, and faster detection systems are required to protect users around the world.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Detecting New Threats via Contextual Information and Reputation

Continue reading...

Detecting New Threats via Contextual Information and Reputation

7 February 2018

Cybercriminals are constantly looking for new strategies to defeat security solutions and improve the success of their attacks.

The increase in adoption of polymorphism and packing has made traditional signature-based detection at the client side (endpoint) obsolete. Backend systems struggle in analyzing modern malware since both static and dynamic analysis are limited when heavily obfuscated code or anti-sandboxing techniques are employed. In addition, the number of newly discovered threats is increasing, and faster detection systems are required to protect users around the world.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Detecting New Threats via Contextual Information and Reputation

Continue reading...

Malicious Chrome Extensions Found in Chrome Web Store, Form Droidclub Botnet

1 February 2018

The Trend Micro Cyber Safety Solutions team has discovered a new botnet delivered via Chrome extensions that affects more than half a million users. (The malicious extension is detected as BREX_DCBOT.A.) This botnet was used to inject ads and cryptocurrency mining code into websites the victim would visit. We have dubbed this particular botnet Droidclub, after the name of one of the oldest command-and-control (C&C) domains used.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Malicious Chrome Extensions Found in Chrome Web Store, Form Droidclub Botnet

Continue reading...