Security News

Emotet starts dropping Cobalt Strike again for faster attacks
2021-12-15 21:59

Right in time for the holidays, the notorious Emotet malware is once again directly installing Cobalt Strike beacons for rapid cyberattacks. Earlier this month, Emotet began to test installing Cobalt Strike beacons on infected devices instead of their regular payloads.

Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware
2021-12-15 20:32

Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that's being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads. It's worth noting that this is in addition to the 21 flaws resolved in the Chromium-based Microsoft Edge browser.

Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild
2021-12-15 03:29

Let's start with Microsoft, which put out a summary of its security updates here. Microsoft Defender for IoT: A critical remote-code execution flaw in this security product, prior to version 10.5.2, can be exploited over a network by a non-authenticated miscreant.

Microsoft patches spoofing vulnerability exploited by Emotet (CVE-2021-43890)
2021-12-14 20:21

It's the final Patch Tuesday of 2021 and Microsoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability actively exploited to deliver Emotet/Trickbot/Bazaloader malware family.Of the 67 CVE-numbered flaws, CVE-2021-43890 - a Windows AppX Installer spoofing vulnerability - will, understandably, be a patching priority.

Microsoft fixes Windows AppX Installer zero-day used by Emotet
2021-12-14 19:09

The bug, a Windows AppX Installer spoofing security flaw tracked as CVE-2021-43890, can be exploited remotely by threat actors with low user privileges in high complexity attacks requiring user interaction. "We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader," Microsoft explains.

140,000 Reasons Why Emotet is Piggybacking on TrickBot in its Return from the Dead
2021-12-10 01:03

The operators of TrickBot malware have infected an estimated 140,000 victims across 149 countries a little over a year after attempts were to dismantle its infrastructure, even as the malware is fast becoming an entry point for Emotet, another botnet that was taken down at the start of 2021. "Emotet is a strong indicator of future ransomware attacks, as the malware provides ransomware gangs a backdoor into compromised machines," said the researchers, who detected 223 different Trickbot campaigns over the course of the last six months.

Emotet’s Behavior & Spread Are Omens of Ransomware Attacks
2021-12-08 14:47

The rapid spread of Emotet via TrickBot and its behavior since the malware resurfaced last month could signal that a spate of ransomware attacks are on the way, spurring researchers to warn organizations to buckle up and get ready. On Wednesday, Check Point Research also published a report that warned of imminent ransomware attacks now that TrickBot is dropping Emotet samples, especially given that TrickBot has amassed 140,000 victims across 149 countries in only 10 months.

Emotet now drops Cobalt Strike, fast forwards ransomware attacks
2021-12-07 23:21

In a concerning development, the notorious Emotet malware now installs Cobalt Strike beacons directly, giving immediate network access to threat actors and making ransomware attacks imminent.Cobalt Strike is very popular among threat actors who use cracked versions as part of their network breaches and is commonly used in ransomware attacks.

Emotet now spreads via fake Adobe Windows App Installer packages
2021-12-01 23:43

The Emotet malware is now distributed through malicious Windows App Installer packages that pretend to be Adobe PDF software.The threat actors behind Emotet are now infecting systems by installing malicious packages using a built-in feature of Windows 10 and Windows 11 called App Installer.

Emotet malware is back and rebuilding its botnet via TrickBot
2021-11-15 20:04

The Emotet malware was considered the most widely spread malware in the past, using spam campaigns and malicious attachments to distribute the malware.Emotet would then use infected devices to perform other spam campaigns and install other payloads, such as the QakBot and Trickbot malware.