Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about advanced targeted attack tools being used to distribute cryptocurrency miners as well as a spam campaign targeting European users.
Advanced Targeted Attack Tools Found Being Used to Distribute Cryptocurrency Miners
Regular cybercriminals appear to be taking a page from targeted attack actors’ playbooks — or rather, toolkits — to maximize their profits from illicit activities like cryptojacking.
Congress to Take Another Stab at ‘Hack Back’ Legislation
Rep. Tom Graves, R-Ga., is reintroducing a bill that would allow companies to go outside of their own networks to identify their attackers and possibly disrupt their activities.
Spam Campaign Targets European Users with Microsoft Office Vulnerability (CVE-2017-11882)
An active Microsoft Office and WordPad spam campaign is targeting European users, using languages such as Romanian and files that allow attackers to exploit the CVE-2017-11882 vulnerability.
License Plates, Photos, Passwords and More Stolen in Two Separate Breaches
Two major breaches, one at US Customs and Border Protection and another with a retro gaming site Emuparadise, highlight the need for effective data protection.
Major HSM Vulnerabilities Impact Banks, Cloud Providers, Governments
Two security researchers have recently revealed vulnerabilities that can be exploited remotely to retrieve sensitive data stored inside special computer components known as HSMs (Hardware Security Modules).
Data Breach Disclosed by Online Invitation Firm Evite
Online invitation and stationary company Evite notified customers of a data breach that stemmed from an inactive data storage file associated with user accounts.
June’s Patch Tuesday Fixes 88 Security Flaws, Including SandboxEscaper’s Zero Days, HoloLens
Microsoft’s June Patch Tuesday announced the release of 88 vulnerability patches in this month’s security bulletin, as well as four advisories and one servicing stack update.
Have I Been Pwned Is Looking for a New Owner
Owner Troy Hunt revealed he’s looking for an acquirer for the breach notification service he set up called “Have I Been Pwned”. Traffic to the site has exploded since January when he uploaded a 773 million record list of breached emails and passwords that could be used for automated unauthorized logins.
Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns
In their latest campaign, cybercriminal group TA505 used HTML attachments to deliver malicious .XLS files that lead to downloader and backdoor FlawedAmmyy, mostly to target users in South Korea.
MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
Analysis of new campaigns wearing the badge of MuddyWater revealed the use of new tools and payloads, which indicates that the well-known threat actor group is continuously developing their schemes.
U.S. Ramping Up Offensive Cyber Measures to Stop Economic Attacks, Bolton Says
The U.S. is beginning to use offensive cyber measures in response to commercial espionage, according to John Bolton, President Trump’s national security adviser.
CVE-2019-2725 Exploited and Certificate Files Used for Obfuscation to Deliver Monero Miner
Feedback from the Trend Micro Smart Protection Network security architecture revealed a cryptocurrency-mining activity involving the CVE-2019-2725 vulnerability, but with an interesting twist — the malware hides its malicious codes in certificate files as an obfuscation tactic.
Do you worry about being targeted by spam campaigns via work tools like Microsoft Office? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.