Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On August 24, 2016

August 23, Softpedia – (International) Intruders use virtual machines on infected PCs to hide their actions. SecureWorks discovered malicious actors were attempting to install and launch a new virtual machine (VM) on an infected host in order to connect to the compromised device’s VM and withdraw sensitive data or execute other malicious actions without being detected by security software after finding that the attacker was using the Microsoft Management Console (MMC) to launch the Hyper-V Manager to manage Microsoft’s VM infrastructure. Source

August 23, SecurityWeek – (International) DetoxCrypto ransomware sends screenshots to operators. Bleeping Computer researchers discovered a new ransomware, dubbed DetoxCrypto was being distributed under two different variants, one of which, named Calipso.exe takes screenshots of a victim’s device and sends them to the malicious actor’s servers, and the other, dubbed Pokemon.exe poses as a PokemonGo app. Researchers found both variants can stop MySQL and Microsoft structured query language (MSSQL) services on an infected device, and use a single distributed executable to extract a MicrosoftHost.exe file, among other files, which encrypts the user’s files, displays a lock screen, and in the case of the Calipso variant, instructs a victim to contact the malware operator to receive payment instructions. Source

August 22, Softpedia – (International) WordPress plugin fixes SQL injection flaw that let attackers dump site passwords. Ninja Forms released version after Sucuri researchers discovered a structured query language (SQL) injection vulnerability affecting the Ninja Forms WordPress plugin installed on over 600,000 sites where an attacker with a registered account on a targeted Website can exploit the flaw to send a custom Hypertext Transfer Protocol (HTTP) POST request to an attacked site and trigger an SQL injection attack, which could allow an attacker to dump sensitive details including the site’s usernames and hashed passwords, as well as WordPress secret keys. Source


Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.