Cryptominers and fileless PowerShell techniques make for a dangerous combo
Along with ransomware, cryptocurrency mining malware is one of the most common threats to enterprise systems. Just like with ransomware, the sophistication of cryptominers has grown over the years, incorporating attack vectors and techniques such as fileless execution, run-time compilation and reflective code injection that were once associated with advanced persistent threats (APTs).
Hundreds of counterfeit online shoe stores injected with credit card skimmer
There’s a well-worn saying in security: “If it’s too good to be true, then it probably isn’t.” This can easily be applied to the myriad of online stores that sell counterfeit goods—and now attract secondary fraud in the form of a credit card skimmer. Allured by great deals on brand names, many people end up buying products on dubious websites only to find out that what they paid for isn’t what they’re getting.
Lazarus APT Collaborates with Trickbot’s Anchor Project
Researchers have found evidence of a link between global crimeware organization Trickbot and North Korean APT group Lazarus, observing direct collaboration via an all-in-one attack framework developed by Trickbot called Anchor Project. The move appears to be the first time an APT group has aligned itself with a major force in crimeware, which has significant national security implications in the United States and spells trouble for Lazarus targets, which already have included some top multinationals, researchers said.
Snatch Team Steals Data and Hammers Orgs with Ransomware
A fresh ransomware variant known as “Snatch” has been spotted in campaigns, forcing Windows machines to reboot into Safe Mode before beginning the encryption process. It’s one of multiple components of a malware constellation being used in carefully orchestrated attacks that also feature rampant data collection. According to researchers with SophosLabs, Snatch runs itself in an elevated permissions mode, and sets registry keys that instruct Windows to run it following a Safe Mode reboot.
Intel’s SGX coughs up crypto keys when scientists tweak CPU voltage
To counter the growing sophistication of computer attacks, Intel and other chipmakers have built digital vaults into CPUs to segregate sensitive computations and secrets from the main engine computers use. Now, scientists have devised an attack that causes the Software Guard Extensions—Intel's implementation of this secure CPU environment—to divulge cryptographic keys and induce potentially dangerous memory errors.
Another Amazon-owned camera has a multitude of flaws
Researchers have found no less than seven vulnerabilities in a popular Amazon-owned security camera that, if exploited, would turn the device into a playground for malicious hackers. An attacker who took advantage of one or more of the flaws found by cybersecurity company Tenable could obtain audio or video from the camera or conscript the device into a botnet to conduct denial-of-service attacks, Tenable said.
Unpatchable KeyWe smart lock can be easily picked
A design flaw in the KeyWe smart lock (GKW-2000D), which is mostly used for remote-controlled entry to private residences, can be exploited by attackers to gain access to the dwellings, F-Secure researchers have found. To add insult to injury, in this present incarnation the lock can’t receive firmware updates, meaning that the security hole can’t be easily plugged.
Krebs on Security: Patch Tuesday, December 2019 Edition
Microsoft today released updates to plug three dozen security holes in its Windows operating system and other software. The patches include fixes for seven critical bugs — those that can be exploited by malware or miscreants to take control over a Windows system with no help from users — as well as another flaw in most versions of Windows that is already being exploited in active attacks.
