Protecting Your Cyber World With Real World Solutions

New “ThreadKit” Office Exploit Builder Emerges

This entry was posted in SecurityNews on March 27, 2018 by

A newly discovered Microsoft Office document exploit builder kit has been used for the distribution of a variety of malicious payloads, including banking Trojans and backdoors, Proofpoint reports.

The exploit builder kit was initially discovered in October 2017, but Proofpoint’s researchers have linked it to activity dating back to June 2017. The builder kit shows similarities to Microsoft Word Intruder (MWI), but is a new tool called ThreadKit.

<p style="line-height: …read more

Via:: Security Week

Trending
Current
CSO
Did you Know?

S3 Ep127: When you chop someone out of a photo, but there they are anyway…

Listen now - latest episode. Full transcript inside. [...]

Windows 11 also vulnerable to “aCropalypse” image data leakage

Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem... [...]

Google Pixel phones had a serious data leakage bug – here’s what to do!

What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway? [...]

Bitcoin ATM customers hacked by video upload that was actually an app

As the misquote goes, "Once is misfortune..." This is the second time, and you know what Lady Bracknell had to say about that... [...]

Dangerous Android phone 0-day bugs revealed – patch or work around them now!

Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation. [...]

S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]

Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet! [...]

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line. [...]

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. [...]

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. [...]

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. [...]

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. [...]

Twitter Whistleblower Complaint: The TL;DR Version

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. [...]

Android-based banking Trojan Nexus now available as malware-as-a-service

Italian cybersecurity firm Cleafy has found “Nexus”, a new Android Trojan capable of hijacking online accounts and siphoning funds from them, to be targeting customers from 450 banks and cryptocurrency services worldwide.First observed in June 2022 as a variant of SOVA, another Android banking Trojan, Nexus has since improved targeting capabilities and is available via a malware-as-a-service (MaaS) program for $3000 a month, and allows other attackers to rent or subscribe to the malware for personal attacks.To read this article in full, please click here [...]

Critical flaw in AI testing framework MLflow can lead to server and data compromise

MLflow, an open-source framework that's used by many organizations to manage their machine-learning tests and record results, received a patch for a critical vulnerability that could allow attackers to extract sensitive information from servers such as SSH keys and AWS credentials. The attacks can be executed remotely without authentication because MLflow doesn't implement authentication by default and an increasing number of MLflow deployments are directly exposed to the internet."Basically, every organization that uses this tool is at risk of losing their AI models, having an internal server compromised, and having their AWS account compromised," Dan McInerney, a senior security engineer… [...]

UK parliament follows government by banning TikTok over cybersecurity concerns

The commissions of the House of Commons and House of Lords have followed the UK government by banning social media app TikTok over cybersecurity concerns. A parliament spokesman said that TikTok “will be blocked from all parliamentary devices and the wider parliamentary network,” a move that TikTok has described as “misguided” and “based on fundamental misconceptions” about the company.The latest ban came as TikTok’s chief executive, Shou Zi Chew, faced hours of tough questioning by deputies in the US House of Representatives over whether the popular app is a “tool” of the Chinese Communist Party amid widespread concerns that user… [...]

The CSO guide to top security conferences

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.Fortunately, plenty of great conferences are coming up in the months ahead.If keeping abreast of security trends and evolving threats is critical to your job — and we know it is — then attending some top-notch security conferences is on your must-do list for 2023.From major events to those that are more narrowly focused, this list from the… [...]

Russian hacktivists deploy new AresLoader malware via decoy installers

Security researchers have started seeing attack campaigns that use a relatively new malware-as-a-service (MaaS) tool called AresLoader. The malicious program appears to be developed and used by several members of a pro-Russia hacktivist group and is typically distributed inside decoy installers for legitimate software.Security researchers from threat intelligence firm Intel 471 first spotted AresLoader in November when it was advertised by a user with the monikers AiD Lock and DarkBLUP on Telegram and two well-known underground forums. AiD Lock is not a newcomer to malware development and was previously associated with the AiD Locker ransomware-as-a-service (RaaS) program as well as… [...]

BrandPost: The latest intel on wipers

The mass distribution of wiper malware continues to showcase the destructive evolution of cyberattacks. Does the evidence corroborate the theory that the ongoing conflict in Europe is to blame for the rise in wipers? Indeed. Furthermore, given that Russia is the main source of wiper activity, one can anticipate an increase in the use of wipers against countries and organizations that provide aid, weapons or other logistical support to Ukraine.While both ransomware and wipers increased in the second half of 2022, FortiGuard Labs research found it was wipers that really took off. And this trend shows no sign of slowing, which means… [...]

Fears of wider hacking theft as Latitude stays offline

Fears of wider hacking theft as Latitude stays offline l33tdawg Mon, 03/20/2023 - 08:20 [...]

Microsoft is testing a built-in cryptocurrency wallet for the Edge browser

Microsoft is testing a built-in cryptocurrency wallet for the Edge browser l33tdawg Mon, 03/20/2023 - 08:20 [...]

Anthropic introduces Claude, a “more steerable” AI competitor to ChatGPT

Anthropic introduces Claude, a “more steerable” AI competitor to ChatGPT l33tdawg Mon, 03/20/2023 - 08:20 [...]

Should You Wait for Wi-Fi 7 Before Upgrading Your Router?

Should You Wait for Wi-Fi 7 Before Upgrading Your Router? l33tdawg Fri, 03/17/2023 - 12:39 [...]

Where did FTX customer money go? Firm says Bankman-Fried took $2.2 billion

Where did FTX customer money go? Firm says Bankman-Fried took $2.2 billion l33tdawg Fri, 03/17/2023 - 12:39 [...]

Federal agency hacked by 2 groups thanks to flaw that went unpatched for 4 years

Federal agency hacked by 2 groups thanks to flaw that went unpatched for 4 years l33tdawg Fri, 03/17/2023 - 12:39 [...]