Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the new wormable malware that’s dropping a Monero miner in web servers, networks and removable drivers. Also, read about the best ways for businesses to react to gray alerts.
BlackSquid Slithers Into Servers and Drives With 8 Notorious Exploits to Drop XMRig Miner
Trend Micro found a new wormable malware named BlackSquid targeting web servers, network and removable drives using evasion, anti-virtualization, anti-debugging, and anti-sandboxing techniques to drop a Monero miner.
Quest Diagnostics Says 12 Million Patients May Have Had Their Personal Information Exposed
Quest Diagnostics said the personal information of 11.9 million customers has potentially been compromised after an unauthorized user gained access to patient information including Social Security numbers and medical information, but not test results.
HiddenWasp Malware Targets Linux Systems, Borrows Code from Mirai, Winnti
Security researchers uncovered a new malware targeting Linux systems called HiddenWasp and believe that it’s being used as a second-stage targeted attack on systems that have already been compromised.
SandboxEscaper Releases Exploit for Zero-Day Vulnerability in Task Scheduler
Security researcher SandboxEscaper published an exploit code for a zero-day vulnerability in Windows 10’s Task Scheduler among a string of other proofs of concept and exploit codes for vulnerabilities in Windows 10.
Improper App Check Revives the Synthetic Clicks Issue in macOS Mojave
An unpatched flaw in the app verification process on macOS Mojave allows legacy apps considered trusted to load and execute unverified code on the machine. The bug is easy to exploit and allows generating synthetic clicks for malicious actions.
Breaking Down Gray Alerts: What Do These Mean for Businesses?
An organization’s security team should analyze a gray alert, which is created by a cybersecurity detection tool when it comes across a file or an incident with an undisclosed behavior, to ascertain its true nature and determine what steps to take.
A Push to Protect Political Campaigns from Hackers Hits a Snag
The United States Federal Election Commission may apply laws to block a cybersecurity firm from offering free or low-cost defense services to campaigns, at a time when those protections are badly needed.
Monero-Mining Malware PCASTLE Zeroes Back In on China, Now Uses Multilayered Fileless Arrival Techniques
Feedback from Trend Micro’s Smart Protection Network revealed that a recent wave of attacks were mostly targeting China-based systems and may be a part of a campaign with a modus similar to a previous one that used an obfuscated PowerShell script (named PCASTLE) to deliver a Monero-mining malware.
Narrowed Sights, Bigger Payoffs: Ransomware in 2019
Data from 2019 shows that ransomware continues to evolve with changes in volume of threats, a shift in targets and new evasion techniques and distribution methods being deployed by malware creators.
Another 7.7 Million Affected by American Medical Collection Agency Breach
Roughly 7.7 million LabCorp customers may have been affected by an American Medical Collection Agency data breach that also affected Quest Diagnostics.
What do you think of the new BlackSquid wormable malware that’s targeting web servers? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.