Netskope warns that the Adwind RAT, a remote access Trojan that’s hitherto been seen operated mostly against retail and hospitality targets, is being actively used in a campaign against the US oil industry.
FireEye is tracking a renewed FakeUpdates criminal campaign (“financially motivated,” as FireEye primly describes it). The victim is told they’re running an obsolete version of their browser and given a bogus update link, which in the current campaign installs Bitpaymer or Doppelpaymer ransomware.
Ransomware is clearly more than a nuisance, as FireEye observes. Computing reports that hospitals in both the US and Australia have been forced to delay elective surgery and otherwise turn patients away because of infestations in their systems.
Cisco's Talos group finds that criminals are looking into the possibility of using maliciously crafted ODT files in an attempt to bypass detection by commonly used security programs. The current campaign is still small, but it's used ODT files to distribute RevengeRAT and njRAT payloads.
Researchers at Confiant warn that the eGobbler malvertising gang has used obscure browser exploits to infect more than a billion ads.
The Checkm8 iOS “forever day” exploit seems of interest mostly to security researchers, but probably won’t have much effect on users. MobileIron offers perspective on Checkm8, and WIRED sums up the state of opinion.
Comparitech reports finding personal information on some twenty-million Russian taxpayers exposed online in an unprotected Elasticsearch cluster hosted on an Amazon cloud. The exposed data include basically the whole shebang: names, addresses, passport numbers, tax IDs....