Emotet Campaign Restarts After Seven-Week Hiatus
Multiple security researchers note the return of an email campaign attempting to spread the malware, which is often used to drop the Ryuk ransomware and Trickbot banking Trojan.
In October, three surges of spam laden with the Emotet downloader worked to spread the malware to vulnerable users systems, starting a sequence that often results in a Ryuk ransomware infection or attempts to steal bank account credentials via the Trickbot banking Trojan.
On Oct. 30, with the completion of the third campaign, the group s spamming died down and almost no subsequent traffic appeared. Until now.
Related Content:
Test | Dark Reading darkreading.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from darkreading.com Daily Mail and Mail on Sunday newspapers.
NSA, CISA Warn of Attacks on Federated Authentication
While incident responders focus on attacks using SolarWinds Orion, government cyber defenders highlight other methods likely being used as well.
An attacker-modified update to the SolarWinds Orion network management product that compromised thousands of companies and government agencies is likely not the only way Russian attackers infiltrated networks, according to the US Cybersecurity and Infrastructure Security Agency (CISA) in an update over the weekend.
In an updated alert about the recent cyber-espionage attacks against government agencies and private-sector companies, CISA noted on Dec. 18 that the attackers appear to have used other vectors of attacks outside of the SolarWinds Orion platform. On Dec. 21, the agency pointed to an advisory published the previous week by the National Security Agency, which warned that attackers were stealing private keys for single sign-on (SSO) infrastructure to bypass two-factor authenti
The company found no evidence of the extensions being used as a bridge into corporate networks, but attackers may have the ability to download and inject arbitrary JavaScript into any tab, says Jan Rubín, a malware researcher at Avast. This could be used to gather credentials and other sensitive corporate data from the websites visited by the victim, he says. We are preparing a technical blog post with more technical information and IoCs, but for now, we can share the . malicious domains.
The malicious extensions are the latest attempt by cybercriminals to hide code in add-ons for popular browsers. In February, independent researcher Jamila Kaya and Duo Security announced they had discovered more than 500 Chrome extensions that infected millions of users browsers to steal data. In June, Awake Security reported more than 70 extensions in the Google Chrome Web store were downloaded more than 32 million times and which collected browsing data and credentials for internal websit
Patching Still Poses Problems for Industrial Controllers, Networking Devices
More than 90% of devices that run popular embedded operating systems remain vulnerable to critical flaws disclosed more than a year ago.
Two families of critical vulnerabilities that impact operational technology (OT), embedded devices, and network hardware continue to undermine the security of the vast majority of originally affected devices because patching the issues has been glacially slow, according to a new research report by device-security firm Armis.
Using random sampling, the company checked the patch status of devices vulnerable to flaws affecting seven vulnerable embedded operating systems, including the widespread VxWorks, which it had disclosed in July and October 2019, finding that 97% of devices have not been updated to a patched version of the software. The company also scanned a subset of Cisco network, IP phone, and camera devices for a set of five vulnerabilities disclosed in Febr