Martijn Lammerts
My own digital place with a little of everything

Confucius Update: New Tools and Techniques, Further Connections with Patchwork

23 May 2018

We look into the latest tools and techniques used by Confucius, as the threat actor seems to have a new modus operandi, setting up two new websites and new payloads with which to compromise its targets.

The post Confucius Update: New Tools and Techniques, Further Connections with Patchwork appeared first on .

Continue reading...

GPON Vulnerabilities Exploited for Mexico-based Mirai-like Scanning Activities

21 May 2018

We recently found similar Mirai-like scanning activity from Mexico with some being done via the exploitation of CVE-2018-10561 and CVE-2018-10562, two vulnerabilities that are specific to Gigabit Passive Optical Network (GPON)-based home routers.

The post GPON Vulnerabilities Exploited for Mexico-based Mirai-like Scanning Activities appeared first on .

Continue reading...

Operators of Counter Antivirus Service Scan4You Sentenced

16 May 2018

In May 2017, one of the biggest facilitators of cybercrime, Scan4You, went offline after the two main suspects, Ruslans Bondars and Jurijs Martisevs, were arrested in Latvia and extradited to the U.S. by the Federal Bureau of Investigation (FBI). In May 2018, the case against the Scan4You’s operators concluded in a Virginia federal courtroom.

Trend Micro started to look into Scan4You's operations in 2012, and have been in close contact with FBI investigators assigned to the case since 2014. Our research on Scan4You spanned more than five years, passing some of our findings to the FBI until the service went offline.

The post Operators of Counter Antivirus Service Scan4You Sentenced appeared first on .

Continue reading...

Malicious Traffic in Port 7001 Surges as Cryptominers Target Patched 2017 Oracle WebLogic Vulnerability

11 May 2018

We observed a large spike in the number of devices scanning the internet for port 7001/TCP since April 27, 2018. Our analysis found that it's increased activity was caused by cybercriminals engaging in cryptomining via exploiting CVE-2017-10271. The flaw is a patched Oracle WebLogic WLS-WSAT vulnerability that can allow remote attackers to execute arbitrary code on unpatched servers. This marks the second time attackers abused CVE-2017-10271 for cryptomining purposes this year. In February, the vulnerability was exploited to deliver 64-bit and 32-bit variants of an XMRig Monero miner.

The post Malicious Traffic in Port 7001 Surges as Cryptominers Target Patched 2017 Oracle WebLogic Vulnerability appeared first on .

Continue reading...

New Phishing Scam uses AES Encryption and Goes After Apple IDs

10 May 2018

by Jindrich Karasek Recent data breaches and privacy scares, along with the upcoming General Data Protection Regulation (GDPR) from the European Union, have triggered a change in the way companies handle their users’ data. As a result, many of them have been sending emails asking their users to update their profiles or proactively strengthen security....

The post New Phishing Scam uses AES Encryption and Goes After Apple IDs appeared first on .

Continue reading...

Microsoft Patch Tuesday for May Includes Updates for Actively-Exploited Vulnerabilities

9 May 2018

For May 2018, Microsoft’s monthly release of security updates — also known as Patch Tuesday — addressed a number of vulnerabilities, most notably two vulnerabilities that were already actively exploited in attacks.

The post Microsoft Patch Tuesday for May Includes Updates for Actively-Exploited Vulnerabilities appeared first on .

Continue reading...

Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users

8 May 2018

We discovered a malware family called Maikspy — a multi-platform spyware that can steal users’ private data. The spyware targets Windows and Android users, and first posed as an adult game named after a popular U.S.-based adult film actress. Maikspy, which is an alias that combines the name of the adult film actress and spyware, has been around since 2016.

Multiple Twitter handles were found promoting the Maikspy-carrying adult games and sharing the malicious domain via short links.

The post Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users appeared first on .

Continue reading...

Cryptocurrency-Mining Malware Targeting IoT, Being Offered in the Underground

2 May 2018

Crime follows the money, as the saying goes, and once again, cybercriminals have acted accordingly. The underground is flooded with so many offerings of cryptocurrency malware that it must be hard for the criminals themselves to determine which is best. This kind of malware, also known as cryptomalware, has a clear goal, which is to make money out of cryptocurrency transactions. This can be achieved through two different methods: stealing cryptocurrency and mining cryptocurrency on victims’ devices surreptitiously (without the victims noticing), a process also known as cryptojacking. In this post, we discuss how these two methods work, and see whether devices connected to the internet of things (IoT), which are relatively underpowered, are being targeted.

The post Cryptocurrency-Mining Malware Targeting IoT, Being Offered in the Underground appeared first on .

Continue reading...