Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On August 29, 2016

August 26, Softpedia – (International) New Locky ransomware version delivered as DLL file. Cyren security researchers discovered that a variant of the Locky ransomware, Zepto received updates and is now installed on infected devices as dynamic-link library (DLL) files, instead of executable (EXE) files. Researchers also found that the DLL file uses a custom packer in order to prevent detection from anti-malware scanners. Source

August 26, SecurityWeek – (International) Apple issues emergency fix for iOS zero-days: What you need to know. Apple released an emergency security update for its iOS devices after discovering its iPhone 4s and later, iPad 2 and later, and iPod touch fifth generation and later versions were plagued with three zero-day vulnerabilities, dubbed Trident, including an information leak in the Kernel, a memory corruption bug that could allow an attacker to jailbreak the device and install surveillance software without user knowledge, and a memory corruption bug in the Safari WebKit, which could allow an attacker to execute arbitrary code and compromise the device when a user clicks a link on a specially crafted Website. Researchers found the vulnerabilities were exploited by Pegasus, a high-end surveillance software, and were leveraged in attacks against human rights activists and journalists via a text message phishing campaign. Source

August 25, Softpedia – (International) PowerShell script steals credentials from IIS config files. SecureWorks researchers discovered attackers were exploiting already compromised devices to upload and execute a malicious PowerShell script that searchers for Microsoft Internet Information Server (IIS) configuration files on the infected machine, which store credentials for other connection services as connectionStrings in order to steal the access credentials and copy the content to the local /TEMP folder. Source

August 25, Softpedia – (International) Security firm releases decrypter for Alma Locker ransomware. PhishLabs malware analysts released a decrypter for the Alma Locker ransomware family that allows victims to recover their files without paying the ransom after finding the malware’s decrypter was susceptible to a Man-in-the-Middle attack, which allowed the researchers to spoof communications from the attackers’ command and control (C&C) server in order to gain insight into how the ransomware’s decrypter operates. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.