Get Permission
Supermicro and Pulse Secure have each issued advisories this past week warning users that some of their products are vulnerable to the updated version of Trickbot malware that features a bootkit module, nicknamed Trickboot, which can search for UEFI/BIOS firmware vulnerabilities.
Server maker Supermicro confirmed that its X10UP Denlow series of motherboards has vulnerabilities that can be detected by Trickboot. Secure access gateway manufacturer PulseSecure notes that two of its Pulse Secure Appliance models can be exploited. Supermicro is aware of the Trickboot issue which is observed only with a subset of the X10 UP motherboards, the company says, adding it will be providing a patch. It did not, however, offer a time frame for when the patch would be issued.
Supermicro and PulseSecure Issue Advisories on Trickboot govinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from govinfosecurity.com Daily Mail and Mail on Sunday newspapers.
BankInfoSecurity
Compliance
March 29, 2021
Compliance Twitter
Part of the malicious domain used in recent Trickbot campaign (Source: Menlo Security)
The Trickbot botnet appears to be making a comeback this month with a fresh campaign that is targeting insurance companies and legal firms in North America, according to an analysis published Friday by Menlo Security.
While the phishing campaign that started Jan. 12 contains some of the hallmarks of a Trickbot campaign, Vinay Pidathala, director of security research at Menlo Security, says more analysis is needed to fully confirm that that botnet is active again and able to target new victims. We are pretty confident that this is Trickbot, Pidathala says. We haven t yet completed the full analysis on the dropped binary and the obfuscated JavaScript, which would increase our confidence, but we are pretty certain that it is Trickbot based on open source intelligence and the command-and-control infrastructure.
A message within a phishing email associated with a new Emotet campaign (Source: Proofpoint)
After a nearly two-month hiatus, the Emotet botnet sprung back to life this week with a fresh spamming and phishing campaign designed to spread other malware as secondary payloads.
In an alert sent Tuesday, security firm Cofense notes that the new Emotet campaign, which uses many of the same techniques as in previous campaigns, is delivering Trickbot malware.
In October, Microsoft and other security firms worked on dismantling Trickbot s infrastructure, but security researchers warned it was likely to return after a short period (see: The Emotet botnet is one of the most prolific senders of malicious emails when it is active, but it regularly goes dormant for weeks or months at a time,” the Cofense researchers note. “This year, one such hiatus lasted from February through to mid-July, the longest break we ve seen in the last few years. Since then, we observed regular Emotet activity