Tuesday 3/5
Attack Campaign Targets Organizations Worldwide with New Qbot Banking Malware Variant
The campaign consists of phishing emails that come with an attached ZIP file using a .doc.vbs extension. Upon execution, the VBS script extracts information about the target machine’s operating system and attempts to check for strings associated with well-known antivirus software. It then uses the BITSAdmin tool to run a malware loader.
https://ibm.co/2XEb6xF
Ivanti Brings Together Leading Patch Management and Application Control Solutions with Release of Ivanti Security Controls
Ivanti has announced Ivanti Security Controls. Offering comprehensive patch management for operating systems and third-party applications on physical and virtual servers and desktops, the new solution also enables dynamic whitelisting and granular privilege management from a single management console.
https://prn.to/2NKEL3A
Fake Browser Updates Push Ransomware and Bank Malware
Users see a message box that says it’s an “Update Center” for your browser type (in my case it’s Firefox, but they also have such messages for Chrome, Internet Explorer and Edge browsers). The message reads: “A critical error has occurred due to the outdated version of the browser. Update your browser as soon as possible.” To support the “critical error” claim, the malware shows some garbled text on the background.
http://bit.ly/2HdanxA
Wednesday 3/6
Be better with Citrix Endpoint Management
Your security perimeter is no longer your firewall. In today’s hybrid, multi-cloud environment, it’s the internet. With Citrix Endpoint Management, a unified endpoint management solution, you can enable a new approach to security that allows you to secure an expanded attack area and address the full spectrum of security concerns — from data loss and availability to identity.
http://bit.ly/2VDY959
Malware Goes ‘Polymorphic’
The tactic allows code to appear as a single instance of malware—for example, names, encryption keys or signatures—"so it can be delivered to a large number of people while still evading detection,” the vendor said. Hence, polymorphic malware and applications present different identifiers, defeating pattern-matching security tools that can no longer detect variations.
http://bit.ly/2EF3sKV
Ivanti Enables the Effective Management of SAP Licenses and Investments with Release of Ivanti Optimizer for SAP
Part of Ivanti's suite of Asset Management solutions, Ivanti Optimizer for SAP controls license management through intelligent insight, which ensures organizations leverage the right SAP licenses based on actual usage. This provides valuable analysis during both contract negotiations and on-going license management to minimize license compliance risk, lower license costs and ensure audit readiness.
https://prn.to/2HhRLfV
Rush health system reports data breach affecting 45,000
The health system said in a recent financial filing that the exposed data may include names, addresses, birthdays, Social Security numbers and health insurance information. Rush said that to its knowledge none of the data had been misused and didn't include medical information.
http://bit.ly/2NPgcmo
Thursday 3/7
Google Confirms Serious Chrome Security Problem – Here’s How To Fix It
The 'use-after-free' vulnerability is a memory corruption flaw that carries the risk of escalated privileges on a machine where a threat actor has modified data in memory through exploiting it. That's why Google has issued the urgent update warning, as the potential is there for exploits to be crafted that could enable an attacker to remotely run arbitrary code (a remote code execution attack) whilst escaping the browser's built-in sandbox protection.
http://bit.ly/2Tlx7Tr
Releasing the NSA’s Previously Classified Tool ‘Ghidra’ For Free Is a ‘Game Changer’
The National Security Agency released a previously classified reverse-engineering app for free—and so far people in the information security community love it. Rob Joyce, the NSA’s senior cybersecurity adviser, presented Ghidra, a tool to decompile, reverse engineer, and analyze malware, at the RSA conference in San Francisco on Tuesday evening.
http://bit.ly/2tUZOr6
Cisco tells Nexus switch owners to disable POAP feature for security reasons
The company says that the POAP feature on Nexus devices will accept the first DHCP response it receives. An attacker present on the local network can send malformed DHCP responses to Nexus switches to hijack their POAP settings and trick switches into downloading and executing configuration scripts from an attacker's servers.
https://zd.net/2EL73ap
Friday 3/8
Phishing alert: One in 61 emails in your inbox now contains a malicious link
The purpose of the malicious URL could be to deploy malware onto the PC or it could encourage the victim to enter sensitive information into a fake version of a real service — like a retailer, a bank or an email provider — in order to trick the user into giving up passwords and other data.
https://zd.net/2VJQsdR
Citrix Leans In on Automation to Secure Its SD-WAN
Citrix Systems enhanced its SD-WAN in order to increase automation and security. This includes new security features that enable companies to extend user-centric policies to the branch and connect employees to cloud applications and software-as-a-service (SaaS) platforms.
http://bit.ly/2SQY24r
Ransomware warning: the gang behind this virulent malware just changed tactics again
But now researchers have observed adverts for GandCrab being posted on underground forums, specifically targeted at crooks with skills around operating remote desktop protocols, virtual network computing and experience of infiltrating corporate networks. "Spammers, working with landing pages and corporate networking specialists — do not miss your ticket to a better life. We are waiting for you," reads a translation of the advert.
https://zd.net/2XKXn8j