Martijn Lammerts
My own digital place with a little of everything

February Patch Tuesday: Batch Includes 77 Updates That Cover Flaws in Internet Explorer, Exchange Server, and DHCP Server

Microsoft released 77 updates, along with three new advisories, in this month’s Patch Tuesday. The bulletin patches four publicly known bugs, rated Important, and one that is under active attack. It includes fixes for ChakraCore, Edge, Exchange Server, Internet Explorer (IE), Microsoft Windows, Office and Microsoft Office Services and Web Apps, Azure, Team Foundation Services, and the .NET Framework.

The post February Patch Tuesday: Batch Includes 77 Updates That Cover Flaws in Internet Explorer, Exchange Server, and DHCP Server appeared first on .

Continue reading...

Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire

Trickbot's authors clearly aren't done updating it — we recently found a new variant that uses an updated version of the pwgrab module that lets it grab remote application credentials.

The post Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire appeared first on .

Continue reading...

Windows App Runs on Mac, Downloads Info Stealer and Adware

We found an EXE application that specifically runs on Mac to download an adware and info stealer, sidestepping built-in protection systems on the platform such as Gatekeeper. We suspect the cybercriminals developing this routine as an evasion technique for damaging infections and attacks in the future as our telemetry showed the highest numbers to be in the UK, Australia, Armenia, Luxembourg, South Africa and the US.

The post Windows App Runs on Mac, Downloads Info Stealer and Adware appeared first on .

Continue reading...

Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners

We noticed a Linux coin miner with scripts almost the same as KORKERDS, and with just one crontab removes other miners and malware installed in the system upon infection.

The post Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners appeared first on .

Continue reading...

Various Google Play “Beauty Camera” Apps Sends Users Pornographic Content, Redirects Them to Phishing Websites and Collects Their Pictures

We discovered several beauty camera apps (detected as AndroidOS_BadCamera.HRX) on Google Play that are capable of accessing remote ad configuration servers that can be used for malicious purposes. Some of these have already been downloaded millions of times, which is unsurprising given the popularity of these kinds of apps.

The post Various Google Play “Beauty Camera” Apps Sends Users Pornographic Content, Redirects Them to Phishing Websites and Collects Their Pictures appeared first on .

Continue reading...