Security News
An additional piece of malware, dubbed Raindrop, has been unmasked in the sprawling SolarWinds supply-chain attacks. Researchers have identified Raindrop as one of the tools used for those follow-on attacks.
The threat group tracked as Evilnum was observed using updated tactics and tools in recent attacks, Cybereason's Nocturnus research team reported last week. Initially detailed in 2018, Evilnum appears to have been active for nearly a decade, offering 'mercenary' hack-for-hire services, a recent report from Kaspersky revealed.
Offensive Security has released Kali Linux 2020.3, the latest iteration of the popular open source penetration testing platform. Kali NetHunter - Kali's mobile pentesting platform/app - has been augmented with Bluetooth Arsenal, which combines a set of Bluetooth tools in the app with pre-configured workflows and use cases.
Since COVID-19 cast its pall in March, the Agent Tesla remote-access trojan has exploited the pandemic and added a raft of functionality that has helped it dominate the enterprise threat scene. Though Agent Tesla first made a splash six years ago, it hasn't lost any momentum - in fact, it is featured in more attacks in the first half of 2020 compared to the infamous TrickBot or Emotet malware, according to SentinelOne's SentinelLabs.
The Purple Fox exploit kit has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks - and researchers say they expect more attacks to be added in the future. The Purple Fox EK was previously analyzed in September, when researchers said that it appears to have been built to replace the Rig EK in the distribution chain of Purple Fox malware, which is a trojan/rootkit.
A new module for the infamous trojan known as TrickBot has been deployed: A stealthy backdoor that researchers call "BazarBackdoor." Panda Security describes BazarBackdoor as "Enterprise-grade malware," and they linked it back to TrickBot because both pieces of malware share parts of the same code, along with delivery and operation methods.
The TrickBot malware has added a new feature: A module called rdpScanDll, built for brute-forcing remote desktop protocol accounts. TrickBot is a malware strain that has been around since 2016, starting life as a banking trojan.
The Russia-linked threat group known as Turla was observed using two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019, ESET reports. Also known as Waterbug, KRYPTON, Snake, and Venomous Bear, and active for more than a decade, Turla is known for the targeting of various diplomatic and military organizations, with a focus on NATO and Commonwealth of Independent States nations.
Cybereason's Nocturnus researchers have discovered an ongoing campaign that takes this approach to the next level - multiple malwares stored on BitBucket and downloaded as a form of layered malware able to maximize each successful compromise. Part of the success is down to the lengths the attackers go to ensure the malware isn't discovered and removed from BitBucket.
The Russian-speaking cybercriminals behind the TrickBot malware have developed a stealthy backdoor dubbed "PowerTrick," in order to infiltrate high-value targets. The malware operators send the first command, which is to download the main PowerTrick backdoor.