Security News

Let's start with Microsoft, which put out a summary of its security updates here. Microsoft Defender for IoT: A critical remote-code execution flaw in this security product, prior to version 10.5.2, can be exploited over a network by a non-authenticated miscreant.

It's the final Patch Tuesday of 2021 and Microsoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability actively exploited to deliver Emotet/Trickbot/Bazaloader malware family.Of the 67 CVE-numbered flaws, CVE-2021-43890 - a Windows AppX Installer spoofing vulnerability - will, understandably, be a patching priority.

The bug, a Windows AppX Installer spoofing security flaw tracked as CVE-2021-43890, can be exploited remotely by threat actors with low user privileges in high complexity attacks requiring user interaction. "We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader," Microsoft explains.

The operators of TrickBot malware have infected an estimated 140,000 victims across 149 countries a little over a year after attempts were to dismantle its infrastructure, even as the malware is fast becoming an entry point for Emotet, another botnet that was taken down at the start of 2021. "Emotet is a strong indicator of future ransomware attacks, as the malware provides ransomware gangs a backdoor into compromised machines," said the researchers, who detected 223 different Trickbot campaigns over the course of the last six months.

The rapid spread of Emotet via TrickBot and its behavior since the malware resurfaced last month could signal that a spate of ransomware attacks are on the way, spurring researchers to warn organizations to buckle up and get ready. On Wednesday, Check Point Research also published a report that warned of imminent ransomware attacks now that TrickBot is dropping Emotet samples, especially given that TrickBot has amassed 140,000 victims across 149 countries in only 10 months.

In a concerning development, the notorious Emotet malware now installs Cobalt Strike beacons directly, giving immediate network access to threat actors and making ransomware attacks imminent.Cobalt Strike is very popular among threat actors who use cracked versions as part of their network breaches and is commonly used in ransomware attacks.

The Emotet malware is now distributed through malicious Windows App Installer packages that pretend to be Adobe PDF software.The threat actors behind Emotet are now infecting systems by installing malicious packages using a built-in feature of Windows 10 and Windows 11 called App Installer.

The Emotet malware was considered the most widely spread malware in the past, using spam campaigns and malicious attachments to distribute the malware.Emotet would then use infected devices to perform other spam campaigns and install other payloads, such as the QakBot and Trickbot malware.