Martijn Lammerts
My own digital place with a little of everything

Are Your Online Mainframes Exposing You to Business Process Compromise?

13 July 2017

Legacy mainframes are still used by enterprises to handle big data transactions across a range of industries, from financial institutions, telecoms, and internet service providers (ISPs) to airlines and government agencies.

Why are they still in use? As the saying goes: “if it ain’t broke, don’t fix it”. But what if they’re not necessarily “broken”—but unsecure? Exposing a mainframe online, even unintentionally, can be detrimental to the security not only of the company’s crown jewels, but also their customers. This is what we found using data from Shodan, a public search engine for internet-connected devices.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Are Your Online Mainframes Exposing You to Business Process Compromise?

Continue reading...

Examining CVE-2017-9791: New Apache Struts Remote Code Execution Vulnerability

13 July 2017

The Apache Struts framework is useful for building modern Java-based web applications, with two major versions, Apache Struts 1 and Apache Struts 2, released so far. Support for Apache Struts 1 ended in 2008 with the adoption of Apache Struts 2, which reached its first full release at the start of 2007. A Struts 1 plugin is available that allows developer to use existing Struts 1 Actions and ActionForms in Struts 2 web applications. A vulnerability has been found in this plugin that could allow remote code execution on the affected server, if used with Struts 2.3.x. (Versions 2.5.x are not affected.)

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Examining CVE-2017-9791: New Apache Struts Remote Code Execution Vulnerability

Continue reading...

July Patch Tuesday Addresses Critical Vulnerability in Microsoft HoloLens

12 July 2017

Last month’s Patch Tuesday highlighted updates for older Windows versions to address vulnerabilities responsible for the WannaCry outbreak. This July, Patch Tuesday shifts its focus to other technologies, with an update that addresses 54 vulnerabilities – including one in the augmented reality sphere.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

July Patch Tuesday Addresses Critical Vulnerability in Microsoft HoloLens

Continue reading...

Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind

11 July 2017

Cybercriminals are opportunists. As other operating systems (OS) are more widely used, they, too, would diversify their targets, tools, and techniques in order to cash in on more victims. That’s the value proposition of malware that can adapt and cross over different platforms. And when combined with a business model that can commercially peddle this malware to other bad guys, the impact becomes more pervasive.

Case in point: Adwind/jRAT, which Trend Micro detects as JAVA_ADWIND. It’s a cross-platform remote access Trojan (RAT) that can be run on any machine installed with Java, including Windows, Mac OSX, Linux, and Android.

Unsurprisingly we saw it resurface in another spam campaign. This time, however, it’s mainly targeting enterprises in the aerospace industry, with Switzerland, Ukraine, Austria, and the US the most affected countries.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind

Continue reading...

OSX Malware Linked to Operation Emmental Hijacks User Network Traffic

10 July 2017

We recently discovered a new malware that showcases sophisticated features such as certificate abuse and security software evasion that affects machines using Apple’s OSX operating system. This malware, which specifically targets Swiss banking users, uses a phishing campaign to drop its payload, which eventually results in the hijacking of a user’s network traffic using a Man-in-the- Middle (MitM) attack. OSX_DOK.C seems to be another version of WERDLOD, which is a malware that was used during the Operation Emmental campaigns.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

OSX Malware Linked to Operation Emmental Hijacks User Network Traffic

Continue reading...

July’s Android Security Bulletin Addresses Continuing Mediaserver and Qualcomm Issues

7 July 2017

Google has released their Android security bulletin for July in two security patch level strings: the first dated 2017-07-01 and the succeeding one dated 2017-07-05. As always, Google urges users to update and avoid any potential security issues. Owners of native Android devices should apply the latest over-the-air (OTA) updates, and non-native Android device users...

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

July’s Android Security Bulletin Addresses Continuing Mediaserver and Qualcomm Issues

Continue reading...

SLocker Mobile Ransomware Starts Mimicking WannaCry

5 July 2017

Early this month, a new variant of mobile ransomware SLocker (detected by Trend Micro as ANDROIDOS_SLOCKER.OPST) was detected, copying the GUI of the now-infamous WannaCry. The SLocker family is one of the oldest mobile lock screen and file-encrypting ransomware and used to impersonate law enforcement agencies to convince victims to pay their ransom. After laying low for a few years, it had a sudden resurgence last May. This particular SLocker variant is notable for being one of the first Android file-encrypting ransomware, and the first mobile ransomware to capitalize on the success of the previous WannaCry outbreak.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

SLocker Mobile Ransomware Starts Mimicking WannaCry

Continue reading...

Information Stealer Found Hitting Israeli Hospitals

29 June 2017

The abuse of shortcut (LNK) files is steadily gaining traction among cybercriminals. We’ve seen a plethora of threats that leverage malicious LNK files: from well-known ransomware families, backdoors typically deployed in targeted attacks, and banking Trojans to spam emails, even an exploit to a LNK vulnerability itself. These threats are usually exacerbated by the further abuse of legitimate tools such as PowerShell, or script automation utility AutoIt.

It’s thus not surprising that we discovered an information stealer employing LNK files, this time in Israeli hospitals. We have observed its attempts to gain footholds in the systems and the local networks’ shared folders. Its notable aspect we’re seeing so far: the combination of worm propagation and stealth capabilities.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Information Stealer Found Hitting Israeli Hospitals

Continue reading...