This Week in Technology

This Week in Technology

By Eric Corcoran
Posted in Technology Week in Review
On April 12, 2019

Monday 4/8

This prolific phishing gang is back with new tactics to target executives

A prolific cyber-criminal phishing operation which built a list of 50,000 executives, CFOs and other top financial personnel has expanded its operations with a new database of additional targets. The Business Email Compromise (BEC) group dubbed London Blue distributes phishing emails in an effort to trick organisations into transferring large sums of money into their accounts, often while posing as executives and other senior staff.

How to avoid document-based malware attacks

Document-based malware typically comes in the form of an email attachment that, when opened, automatically runs software hidden in the file or runs a script that pulls it from a remote website, the latter making it much harder to detect since there's no malware code included in the document when it's downloaded.

Cybercriminals Spoof Major Accounting and Payroll Firms in Tax Season Malware Campaigns

These campaigns attempted to deceive recipients into believing they were emailed by large accounting, tax and payroll services firms and carried malicious Microsoft Excel attachments with a payload familiar to us as one of the most common and effective banking Trojans: TrickBot.

Tuesday 4/9

Pharmaceutical giant Bayer targeted by cyberattack, threat ‘contained’

Bayer says that there "is no evidence of data theft," but has not provided any further details on the purpose or scope of the malware. The drug maker did say, however, that the software is the work of a hacking group known as Winnti.

Cybercrime group FIN6 evovles from POS malware to ransomware

A cybercrime group known primarily for hacking retailers and stealing payment card details from point-of-sale (POS) systems has changed tactics and is now also deploying ransomware on infected networks. The group – named FIN6 – has a reputation in the cyber-security field for being one of the most advanced cyber-criminal groups around.

How Citrix Cloud Connector integrates with Cisco infrastructure

Cisco HyperFlex for Citrix Cloud, which Citrix and Cisco made available in December 2018, enables organizations to transition from exclusively on-premises virtual desktop hosting to a hybrid hosting model that lets Citrix handle the management as a cloud service.

Wednesday 4/10

A Peek Into the Toolkit of the Dangerous ‘Triton’ Hackers

FireEye says it's identified a collection of custom malicious software that the Triton hackers used, tools that allowed the hackers to patiently advance their intrusion as they worked to gain access to the victims' industrial control systems.

Malware Debugs Itself to Prevent Analysis

When the malware relaunches itself as a child process it does so with the DEBUG_ONLY_THIS_PROCESS flag specified. This causes the parent to act as a debugger to the child, which prevents analysts from attaching their own debugger to get a closer look at what it’s doing. Then, the parent walks through the child’s execution using the WaitForDebugEvent and ContinueDebugEvent API calls for creating a co-dependent relationship between the parent and the child with no room for an additional debugger.

Two out of three hotels accidentally leak guests’ personal data: Symantec

The research showed compromises usually occur when a hotel site sends confirmation emails with a link that has direct booking information. The reference code attached to the link could be shared with more than 30 different service providers, including social networks, search engines and advertising and analytics services.

Thursday 4/11

Largest Leak in History: Email Data Breach Exposes Over Two Billion Personal Records

Though it technically set a record in terms of data point count, this email data breach is relatively benign compared to other recent data leaks of a similar size. It is worrying that this information was sitting out in the open available to anyone with an internet connection, but it may well have been for a limited time and it is possible that it was not obtained by any potential threat actors.

McAfee MVISION Cloud Integrates with Google Cloud Platform to Offer Enhanced Security Tool

Generally available today, Cloud SCC is a comprehensive security management and data risk platform for GCP, designed to help security teams prevent, detect and respond to threats from a single-pane-of-glass. It provides visibility in what assets are running in Google Cloud as well as risky misconfigurations, so enterprises can reduce their exposure to threats.

This new malware is scanning the internet for systems info on valuable targets

Unlike MongoLock and Xbash, Xwo doesn't have any ransomware, cryptocurrency mining or any other similar money-making capabilities: it's main focus is scanning for credentials and exposed services and sending information back to its command and control server.

Friday 4/12

Internet Explorer zero-day lets hackers steal files from Windows PCs

The vulnerability resides in the way Internet Explorer processes MHT files. MHT stands for MHTML Web Archive and is the default standard in which all IE browsers save web pages when a user hits the CTRL+S (Save web page) command.

Emotet hijacks email conversation threads to insert links to malware

Users involved in the previous email exchanges would receive an email spoofed to appear from one of their previous correspondents, but actually coming from Emotet servers. The email conversation thread would be left intact, but the Emotet gang would insert an URL at the top of the email that would link to an Emotet-infected file, or attach a malicious document to the existing email thread.