Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/amigura/public_html/news/ami-inc/db.php on line 12

Warning: mysql_connect(): The server requested authentication method unknown to the client [mysql_old_password] in /home/amigura/public_html/news/ami-inc/db.php on line 12

Warning: mysql_connect(): The server requested authentication method unknown to the client in /home/amigura/public_html/news/ami-inc/db.php on line 12

Warning: mysql_select_db() expects parameter 2 to be resource, boolean given in /home/amigura/public_html/news/ami-inc/db.php on line 14
ProMediads Malvertising and Sundown-Pirate Exploit Kit Combo Drops Ransomware and Info Stealer - Amigura.co.uk
Home PHP Scripts Contact News Articles RSS Readers Members Area

Anti-Malware

 
Main

Security

Anti-Malware
Malware
MSNBC Security
Security Fix
Security World News
Random Feeds

Archives

| Jul 2017 | Jun 2017 | May 2017 | Apr 2017 | Mar 2017 | Feb 2017 | Jan 2017 | Dec 2016 | Nov 2016 | Oct 2016 | Sep 2016 | Aug 2016 | Jul 2016 | Jun 2016 | May 2016 | Apr 2016 | Mar 2016 | Feb 2016 | Jan 2016 | Dec 2015 | Nov 2015 | Oct 2015 | Sep 2015 | Aug 2015 | Jul 2015 | Jun 2015 | May 2015 | Apr 2015 | Mar 2015 | Feb 2015 | Jan 2015 | Dec 2014 | Nov 2014 | Oct 2014 | Sep 2014 | Aug 2014 | Jul 2014 | Jun 2014 | May 2014 | Apr 2014 | Mar 2014 | Feb 2014 | Jan 2014 | Dec 2013 | Nov 2013 | Oct 2013 | Sep 2013 | Aug 2013 | Jul 2013 | Jun 2013 | May 2013 | Apr 2013 | Mar 2013 | Feb 2013 | Jan 2013 | Dec 2012 | Nov 2012 | Oct 2012 | Sep 2012 | Aug 2012 | Jul 2012 | Jun 2012 | May 2012 | Apr 2012 | Mar 2012 | Feb 2012 | Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 |

Thu, 20 Jul 17
ProMediads Malvertising and Sundown-Pirate Exploit Kit Combo Drops Ransomware and Info Stealer
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/f0lYq1CRgYc/
We’ve uncovered a new exploit kit in the wild through a malvertising campaign we’ve dubbed “ProMediads”. We call this new exploit kit Sundown-Pirate, as it’s indeed a bootleg of its precursors and actually named so by its back panel. ProMediads has been active as early as 2016, employing Rig and Sundown exploit kits to deliver malware. Its activities dropped off in mid-February this year, but suddenly welled on June 16 via Rig. However, we noticed that ProMediads eschewed Rig in favor of Sundown-Pirate on June 25. It’s worth noting that Sundown-Pirate is only employed by ProMediads so far. This could mean that it’s yet another private exploit kit, like the similarly styled GreenFlash Sundown exploit kit that was exclusively used by the ShadowGate campaign. Post from: Trendlabs Security Intelligence Blog - by Trend Micro ProMediads Malvertising and Sundown-Pirate Exploit Kit Combo Drops Ransomware and Info Stealer

Wed, 19 Jul 17
Linux Users Urged to Update as a New Threat Exploits SambaCry 
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/lri-dU9kM1o/
A seven-year old vulnerability in Samba—an open-source implementation of the SMB protocol used by Windows for file and printer sharing—was patched last May but continues to be exploited. According to a security advisory released by the company, the vulnerability allows a malicious actor to upload a shared library to a writable share, causing the server to load and execute it. If leveraged successfully, an attacker could open a command shell in a vulnerable device and take control of it. It affects all versions of Samba since 3.5.0. Post from: Trendlabs Security Intelligence Blog - by Trend Micro Linux Users Urged to Update as a New Threat Exploits SambaCry 

Tue, 18 Jul 17
Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/tAmrd5VaH-Y/
The information-stealing RETADUP worm that affected Israeli hospitals is actually just part of an attack that turned out to be bigger than we first thought—at least in terms of impact. It was accompanied by an even more dangerous threat: an Android malware that can take over the device. Detected by Trend Micro as ANDROIDOS_GHOSTCTRL.OPS / ANDROIDOS_GHOSTCTRL.OPSA, we’ve named this Android backdoor GhostCtrl as it can stealthily control many of the infected device’s functionalities. There are three versions of GhostCtrl. The first stole information and controlled some of the device’s functionalities without obfuscation, while the second added more device features to hijack. The third iteration combines the best of the earlier versions’ features—and then some. Based on the techniques each employed, we can only expect it to further evolve. Post from: Trendlabs Security Intelligence Blog - by Trend Micro Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More

Fri, 14 Jul 17
Are Your Online Mainframes Exposing You to Business Process Compromise?
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/_1C23-slk9c/
Legacy mainframes are still used by enterprises to handle big data transactions across a range of industries, from financial institutions, telecoms, and internet service providers (ISPs) to airlines and government agencies. Why are they still in use? As the saying goes: “if it ain’t broke, don’t fix it”. But what if they’re not necessarily “broken”—but unsecure? Exposing a mainframe online, even unintentionally, can be detrimental to the security not only of the company’s crown jewels, but also their customers. This is what we found using data from Shodan, a public search engine for internet-connected devices. Post from: Trendlabs Security Intelligence Blog - by Trend Micro Are Your Online Mainframes Exposing You to Business Process Compromise?

Fri, 14 Jul 17
Examining CVE-2017-9791: New Apache Struts Remote Code Execution Vulnerability
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/0i7uq_x99kg/
The Apache Struts framework is useful for building modern Java-based web applications, with two major versions, Apache Struts 1 and Apache Struts 2, released so far. Support for Apache Struts 1 ended in 2008 with the adoption of Apache Struts 2, which reached its first full release at the start of 2007. A Struts 1 plugin is available that allows developer to use existing Struts 1 Actions and ActionForms in Struts 2 web applications. A vulnerability has been found in this plugin that could allow remote code execution on the affected server, if used with Struts 2.3.x. (Versions 2.5.x are not affected.) Post from: Trendlabs Security Intelligence Blog - by Trend Micro Examining CVE-2017-9791: New Apache Struts Remote Code Execution Vulnerability

Thu, 13 Jul 17
July Patch Tuesday Addresses Critical Vulnerability in Microsoft HoloLens
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Yhtb5LxYeLs/
Last month’s Patch Tuesday highlighted updates for older Windows versions to address vulnerabilities responsible for the WannaCry outbreak. This July, Patch Tuesday shifts its focus to other technologies, with an update that addresses 54 vulnerabilities – including one in the augmented reality sphere.Post from: Trendlabs Security Intelligence Blog - by Trend MicroJuly Patch Tuesday Addresses Critical Vulnerability in Microsoft HoloLens

Wed, 12 Jul 17
Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/HRuqYq1me8g/
Cybercriminals are opportunists. As other operating systems (OS) are more widely used, they, too, would diversify their targets, tools, and techniques in order to cash in on more victims. That’s the value proposition of malware that can adapt and cross over different platforms. And when combined with a business model that can commercially peddle this malware to other bad guys, the impact becomes more pervasive. Case in point: Adwind/jRAT, which Trend Micro detects as JAVA_ADWIND. It’s a cross-platform remote access Trojan (RAT) that can be run on any machine installed with Java, including Windows, Mac OSX, Linux, and Android. Unsurprisingly we saw it resurface in another spam campaign. This time, however, it’s mainly targeting enterprises in the aerospace industry, with Switzerland, Ukraine, Austria, and the US the most affected countries. Post from: Trendlabs Security Intelligence Blog - by Trend Micro Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind

Tue, 11 Jul 17
OSX Malware Linked to Operation Emmental Hijacks User Network Traffic
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/zJQ4iI2DmfU/
The OSX_DOK malware showcases sophisticated features such as certificate abuse and security software evasion that affects machines using Apple’s OSX operating system. This malware, which specifically targets Swiss banking users, uses a phishing campaign to drop its payload, which eventually results in the hijacking of a user’s network traffic using a Man-in-the- Middle (MitM) attack. OSX_DOK seems to be another version of WERDLOD, which is a malware that was used during the Operation Emmental campaigns. Post from: Trendlabs Security Intelligence Blog - by Trend Micro OSX Malware Linked to Operation Emmental Hijacks User Network Traffic

Sat, 8 Jul 17
July’s Android Security Bulletin Addresses Continuing Mediaserver and Qualcomm Issues
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/4-4KcARh4bk/
Google has released their Android security bulletin for July in two security patch level strings: the first dated 2017-07-01 and the succeeding one dated 2017-07-05. As always, Google urges users to update and avoid any potential security issues. Owners of native Android devices should apply the latest over-the-air (OTA) updates, and non-native Android device users...Post from: Trendlabs Security Intelligence Blog - by Trend MicroJuly’s Android Security Bulletin Addresses Continuing Mediaserver and Qualcomm Issues

Thu, 6 Jul 17
SLocker Mobile Ransomware Starts Mimicking WannaCry
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/8ftx-Apjax4/
Early this month, a new variant of mobile ransomware SLocker (detected by Trend Micro as ANDROIDOS_SLOCKER.OPST) was detected, copying the GUI of the now-infamous WannaCry. The SLocker family is one of the oldest mobile lock screen and file-encrypting ransomware and used to impersonate law enforcement agencies to convince victims to pay their ransom. After laying low for a few years, it had a sudden resurgence last May. This particular SLocker variant is notable for being one of the first Android file-encrypting ransomware, and the first mobile ransomware to capitalize on the success of the previous WannaCry outbreak. Post from: Trendlabs Security Intelligence Blog - by Trend Micro SLocker Mobile Ransomware Starts Mimicking WannaCry

 

amigura.co.uk All Rights Reserved.