A Review of the Best News of the Week on Cyber Threats & Defense

New MacOS Malware Discovered (Dark Reading, Jul 02 2019)
The newest attack code for the Mac includes three pieces of malware found in June — a zero-day exploit, a package that includes sophisticated anti-detection and obfuscation routines, and a family of malware that uses the Safari browser as an attack surface.

US Military Warns Companies to Look Out for Iranian Outlook Exploits (Dark Reading, Jul 03 2019)
Microsoft patched a serious vulnerability in the Microsoft Outlook client in 2017, but an Iranian group continues to exploit the flaw.

Magecart Blitz Stuns 962 E-commerce Sites in 24 Hours (Infosecurity Magazine, Jul 08 2019)
New automated campaign is claimed to be largest to date

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

New Warning on Ryuk Ransomware (Dark Reading, Jul 01 2019)
Campaign throws in Emotet and Trickbot for good measure, according to the UK’s National Cyber Security Centre.

TA505 Group Launches New Targeted Attacks (Dark Reading, Jul 03 2019)
Russian-speaking group has sent thousands of emails containing new malware to individuals working at financial institutions in the US, United Arab Emirates, and Singapore.

WannaLocker ransomware found combined with RAT and banking trojan (SC Magazine, Jul 02 2019)
Researchers are warning that a new version of WannaLocker – essentially a mobile derivative of WannaCry ransomware – has been enhanced with spyware, remote access trojan and banking trojan capabilities.

Cyber Command warns hackers exploiting Outlook vulnerability to attack gov’t agencies (SC Magazine, Jul 02 2019)
The U.S. Cyber Command warned that a threat group was exploiting a vulnerability in Outlook in an effort to attack government agencies and uploaded samples that one security researcher said are linked to APT33 and Shamoon2.

Magento Patches Flaws Leading to Site Takeover (SecurityWeek, Jul 04 2019)
Magento recently addressed vulnerabilities that could be exploited by unauthenticated attackers to hijack administrative sessions and then completely take over vulnerable web stores.

Multiple Chinese Groups Share the Same RTF Weaponizer (SecurityWeek, Jul 03 2019)
During an investigation into a possibly shared RTF weaponizer by Indian and Chinese APT groups, researchers have discovered that multiple Chinese groups have updated the weaponizer to exploit the Microsoft Equation Editor (EE) vulnerability CVE-2018-0798.

Researchers Analyze Vietnamese Hackers’ Suite of RATs (SecurityWeek, Jul 02 2019)
BlackBerry Cylance security researchers have analyzed a suite of remote access Trojans (RATs) that the Vietnam-linked threat actor OceanLotus has been using in attacks for the past three years.

TA505 cybergang debuts ‘AndroMut” downloader to deliver FlawedAmmyy RAT globally (SC Magazine, Jul 03 2019)
The cybercriminal group TA505 appears to have launched two malware campaigns last June, delivering the FlawedAmmyy RAT to victims in multiple countries using the newly created downloader program AndroMut. Both campaigns infected victims using phishing emails with links for downloading Microsoft Word and Excel files…

Experts weigh in on salient issues around emerging threats and security tech (Help Net Security, Jul 08 2019)
An executive advisor of a Fortune 100 company and member of the RSAC Program Committee shared similar sentiments. “We have seen security ‘silver bullets’ come and go over the years – it used to be biometrics and now, vendors are praising AI as the ultimate cyber defense weapon.

Golang Malware Targets Linux-Based Servers (Infosecurity Magazine, Jul 05 2019)
Cryptomining campaign propagates using seven different methods

Malicious Code Planted in ‘strong_password’ Ruby Gem (SecurityWeek, Jul 08 2019)
A developer discovered that an update released for the ‘strong_password’ Ruby gem contained malicious code that allowed an attacker to remotely execute arbitrary code.

Malicious campaign targets South Korean users with backdoor-laced torrents (WeLiveSecurity, Jul 08 2019)
ESET researchers have discovered a malicious campaign distributing a backdoor via torrents, with Korean TV content used as a lure