EternalBlue Exploit Used in Retefe Banking Trojan Campaign
Banking Trojan Retefe is adopting new WannaCry tricks, adding an EternalBlue module to propagate the malware. Source: www.threatpost.com
Hacks
2016 SEC Hack May Have Benefited Insider Trading
The U.S. Securities and Exchange Commission said this week that hackers managed to infiltrate one of its systems last year, something that likely facilitated insider trading. Source: www.threatpost.com
Iranian APT33 Targets US Firms with Destructive Malware
APT33 targets petrochemical, aerospace and energy sector firms based in U.S., Saudi Arabia and South Korea with destructive malware linked to StoneDrill. Source: www.threatpost.com
Malware Steals Data From Air-Gapped Network via Security Cameras
Proof-of-concept malware called aIR-Jumper can be used to bypass air-gapped network protections and send data in and out of network. Source: www.threatpost.com
Attackers Use Undocumented MS Office Feature to Leak System Profile Data
An undocumented Microsoft Office feature allows for spying via specially crafted Word documents—no macros, exploits or any other active content needed. Source: www.threatpost.com
200K WordPress Sites Exposed to Rogue Version of ‘Display Widgets’
A rogue version of the WordPress plugin called “Display Widget” allowed third-parties to injecting spam advertising content into victims’ sites. Source: https://threatpost.com
Popular D-Link Router Riddled with Vulnerabilities
D-Link router model 850L has 10 vulnerabilities that could allow a hacker to gain remote access and control of device, according to researcher. Source: www.threatpost.com
New Dridex Phishing Campaign Delivers Fake Accounting Invoices
A new variant of the banking trojan Dridex is part of a sophisticated phishing attack targeting users of the cloud-based accounting firm Xero. Source: www.threatpost.com
Microsoft Programming Error is Behind Dangerous Kernel Bug, Researchers Claim
Researchers say a 18-year-old programming error by Microsoft is creating a kernel bug that can be abused by an attacker. Source: www.threatpost.com
Patch Released for Critical Apache Struts Bug
The Apache Software Foundation released a patch on Tuesday for a critical vulnerability impacting all versions of Struts since 2008. Source: www.threatpost.com