Exploits & Vulnerabilities
Operation Overtrap Targets Japanese Online Banking
Learn about the number of ways Operation Overtrap can infect or trap victims with its payload. Also, read about how to protect your personal identity data and money during tax-filing season.
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the number of ways Operation Overtrap can infect or trap victims with its payload. Also, read about how to protect your personal identity data and money during tax-filing season.
Read on:
AWS Launches Bottlerocket, a Linux-based OS for Container Hosting
AWS has launched Bottlerocket, its own open-source operating system for running containers on both virtual machines and bare metal hosts. The new OS is a stripped-down Linux distribution that’s akin to projects like CoreOS’s now-defunct Container Linux and Google’s container-optimized OS. The project is launching in cooperation with several partners including Alcide, Armory, CrowdStrike, Datadog, New Relic, Sysdig, Tigera, Trend Micro and Waveworks.
Tax Scams – Everything You Need to Know to Keep Your Money and Data Safe
There are two things that cybercriminals are always on the hunt for: personal identity data and money. During the tax-filing season, both can be unwittingly exposed. Over the years, cybercriminals have adapted multiple tools and techniques to part taxpayers with their personal information and funds. This blog looks at the main threats out there and what you can do to stay safe.
March 2020 Patch Tuesday: Microsoft Fixes 115 Vulnerabilities, Adobe None
This week for March 2020 Patch Tuesday, Microsoft dropped fixes for 115 CVE-numbered flaws: 26 are critical, 88 important, and one of moderate severity. The good news is that none of them are under active attack. Adobe seems to have skipped this Patch Tuesday and there’s no indication whether the customary security updates are just delayed or if there won’t be any in the coming days.
Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan
Trend Micro recently discovered a new campaign dubbed “Operation Overtrap” for the number of ways it can infect or trap victims with its payload. The campaign targets online users of various Japanese banks by stealing their banking credentials using a three-pronged attack. Based on Trend Micro’s telemetry, Operation Overtrap has been active since April 2019.
Hackers Are Working Harder to Make Phishing and Malware Look Legitimate
Even though the overall volume of malware dropped in 2019, phishing and business email compromise (BEC) went up sharply, according to Trend Micro's 2019 Cloud App Security Roundup. The company blocked nearly 400,000 attempted BEC attacks in 2018, which is 271% more than the previous year and 35% more credential phishing attempts than in 2018.
Busting Ghostcat: An Analysis of the Apache Tomcat Vulnerability (CVE-2020-1938 and CNVD-2020-10487)
Discussions surrounding the Ghostcat vulnerability (CVE-2020-1938 and CNVD-2020-10487) found in Apache Tomcat puts it in the spotlight as researchers investigated its security impact-- specifically, its potential use for remote code execution (RCE). Learn more about the Ghostcat vulnerability in this blog analysis.
10 Key Female Cybersecurity Leaders to Know in 2020
In celebration of Women’s History Month, the editors of Solutions Review shared the accomplishments of ten key female cybersecurity leaders in 2020. Trend Micro’s CEO Eva Chen made the list based on her numerous accomplishments in the cybersecurity industry.
Coronavirus Used in Spam, Malware, and Malicious Domains
The coronavirus disease (COVID-19) is being used as bait in email spam attacks on targets across the globe. As the number of cases continues to grow, campaigns using the virus as a lure will likewise increase. This has been observed by multiple entities, and researchers from Trend Micro have also seen a significant spike in the detection of the subject in email spam attacks.
Cookiethief Android Malware Uses Proxies to Hijack Your Facebook Account
A combination of new modifications to Android malware code has given rise to Trojans able to steal browser and app cookies from compromised devices. Researchers from Kaspersky said the new malware families, dubbed Cookiethief, use a combination of exploits to acquire root rights to an Android device and then to steal Facebook cookie data.
Nemty Ransomware Spreads via Love Letter Emails
Threat actors have been found distributing Nemty ransomware through a spam campaign using emails that pose as messages from lovers, according to a report by Malwarebytes and X-Force Iris researchers. Researchers from Trend Micro have also encountered the emails.
WordPress GDPR Plugin Vulnerable to Cross-Site Scripting Attacks
GDPR Cookie Consent, a WordPress plugin, inadvertently exposed websites to cross-site scripting (XSS) attacks through a vulnerability that affects versions 1.8.2 and below of the plugin. As disclosed in a report by NinTechNet, the vulnerability allowed privilege escalation. The plugin had over 700,000 active installations at the time of the exploit.
Analysis: Abuse of .NET Features for Compiling Malicious Programs
While the .NET framework is originally intended to help software engineers, cybercriminals have found a way to abuse its features to compile and execute malware on the fly. Recently, Trend Micro discovered several kinds of malware, such as LokiBot, utilizing this technique.
OpenSMTPD Vulnerability (CVE-2020-8794) Can Lead to Root Privilege Escalation and Remote Code Execution
A root privilege escalation and remote execution vulnerability (designated as CVE-2020-8794) has been discovered in the free and open-source Unix Daemon, OpenSMTPD. The flaw originates from an out-of-bounds read, which attackers can take advantage of to execute arbitrary code on vulnerable systems.
Are you concerned about the security risks involved with filing your taxes online? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.