Martijn Lammerts
My own digital place with a little of everything

Trickbot Watch: Arrival via Redirection URL in Spam

We discovered a variant of the Trickbot banking trojan (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.THDEAI) using a redirection URL in a spam email. The redirection URL is a way to sidestep spam filters that may block Trickbot at the onset.

The post Trickbot Watch: Arrival via Redirection URL in Spam appeared first on .

Continue reading...

May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability

Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this release, six are rated Critical, 73 are rated Important or Low, and one separately posted as a mitigating update addressing an imminent "wormable" threat.

The post May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability appeared first on .

Continue reading...

CVE-2019-3396 Redux: Confluence Vulnerability Exploited to Deliver Cryptocurrency Miner With Rootkit

We discovered the Confluence vulnerability CVE-2019-3396 being used to deliver a cryptocurrency-mining malware containing a rootkit that was designed to hide its activities.

The post CVE-2019-3396 Redux: Confluence Vulnerability Exploited to Deliver Cryptocurrency Miner With Rootkit appeared first on .

Continue reading...

Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada

We uncovered a recent activity involving the notorious online credit card skimming attack known as Magecart. The attack, facilitated by a new cybercrime group, impacted 201 online campus stores in the United States and Canada.

The post Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada appeared first on .

Continue reading...

Tech Support Scam Employs New Trick by Using Iframe to Freeze Browsers

We discovered a new technical support scam (TSS) campaign that makes use of iframe in combination with basic pop-up authentication to freeze a user’s browser. Since this technique is new and unfamiliar, it can potentially evade detection.

The post Tech Support Scam Employs New Trick by Using Iframe to Freeze Browsers appeared first on .

Continue reading...

AESDDoS Botnet Malware Exploits CVE-2019-3396 to Perform Remote Code Execution, DDoS Attacks, and Cryptocurrency Mining

Our honeypot sensors recently detected an AESDDoS botnet malware variant (detected by Trend Micro as Backdoor.Linux.AESDDOS.J) exploiting a server-side template injection vulnerability (CVE-2019-3396) in the Widget Connector macro in Atlassian Confluence Server, a collaboration software program used by DevOps professionals.

The post AESDDoS Botnet Malware Exploits CVE-2019-3396 to Perform Remote Code Execution, DDoS Attacks, and Cryptocurrency Mining appeared first on .

Continue reading...

Emotet Adds New Evasion Technique and Uses Connected Devices as Proxy C&C Servers

Recently, an analysis of Emotet traffic has revealed that new samples use a different POST-infection traffic than previous versions. It is also attempting to use compromised connected devices as proxy command and control (C&C) servers that redirect to the real Emotet C&Cs.

The post Emotet Adds New Evasion Technique and Uses Connected Devices as Proxy C&C Servers appeared first on .

Continue reading...