The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to report vulnerable and malicious packages to repository maintainers. Earlier this year we disclosed several malicious packages targeting developers’ private data that were downloaded approximately 30K times.
Protect your organization from the Trojan Source exploit with fast and trusted vulnerability detection from Rapid Scan Static. As everyone in the industry knows, all software vulnerabilities are not equal—some are trivial, some are irrelevant, and some are severe. Obviously, you should focus your attention on those that are characterized as severe. The recently published Trojan Source (CVE 2021-42574) vulnerability falls into the severe category—meaning you should give it full attention.
Malware is continuously mutating, targeting new services and platforms. The Sysdig Security Research team has identified the famous Muhstik Botnet with new behavior, attacking a Kubernetes Pod with the plan to control the Pod and mine cryptocurrency. A WordPress Kubernetes Pod was compromised by the Muhstik worm and added to the botnet. On the Pod has been deployed and executed various types of crypto miners, like xmra64andxmrig64.
When organizations are attacked by ransomware, only a little more than half are able to recover their data using a backup. This begs the question, “What about the rest? Why might they be unable to recover?” One reason may be that their backup data has been compromised. Backups are a hot target for hackers. If they can get to an organization’s backup data, they have far more leverage.
We decided to try to run a well-known Remote Access Trojan (RAT) called Remcos used by FIN7. This tool has been around for some time and has a reputation for being stealthy and effective in controlling compromised hosts. Sold as a remote computer monitoring tool, this tool has plenty of features that can allow an operator behind the control to do multiple operations against a compromised system.
A recently published report from the US Government Accountability Office (GAO) has warned that official security guidance from the Department of Education is out-of-date, and needs to be refreshed to address the increasing reports of ransomware and other cyber threats.
On 3rd November, Bleeping Computer reported that the BlackMatter Ransomware-as-a-Service group had posted a message alerting users that its operations were ceasing within 48 hours. The message advised affiliates to obtain their decryption keys so that they could continue to extort current victims.
AT&T Alien Labs™ has found new malware written in the open source programming language Golang. Deployed with more than 30 exploits, it has the potential of targeting millions of routers and IoT devices.
The number of ransomware attacks continues to grow, and that trend will likely continue in 2022. Organizations will be attacked, files will be encrypted, and victims will need to decide whether to pay ransom or try to implement expensive and painful recovery techniques on their own. That much, unfortunately, should come as no surprise, but what will be different is how those attacks are carried out.
