Directly preceding GoldenSpy, another malware family was used to covertly access the networks of companies doing business in China. This is the story of GoldenHelper.
July's Patch Tuesday is here with another large list of CVEs. It includes 20 CVEs rated "Critical" while the other 103 are rated as "Important". The list of Critical CVEs includes a Remote Code Execution vulnerability in the Windows DNS Server (CVE-2020-1350).
At the beginning of June 2020, we were contacted about a Magento website breach that caused a leak of credit card numbers. A thorough analysis of the website identified the webpage’s footer had malicious code added to it.
New detection for Trustwave SWG (which is also part of Blended Threat Module for select Trustwave SEG customers). The detection was specifically crafted to target this kit using Trustwave’s SWG dynamic analysis feature.
The traditional approach to a vulnerability scan or penetration test is to find the IP addresses that you want tested, throw them in and kick things off. But doing a test based purely on IP addresses is a bad idea and can often miss things.
This blog shows our analysis of a new binary, now being distributed by Intelligent Tax software, that is identical in operations to the original GoldenSpy Uninstallers, but specifically designed to evade detection by the YARA rule provided in our blog.
Employing a popular type of file as an attachment to malicious emails is a common trick by cybercriminals to boost the success rate of their cyber-attacks. As iCalendars files are not included in the list of automatically blocked attachments by email clients like Outlook, the possibility of the maliciously crafted iCalendar falling to the targets’ mailbox is increased.
On June 28, 2020, our Threat Fusion team identified a new file being downloaded by the Aisino Intelligent Tax product. But this time it had nothing to do with remote command and control of the victim. Rather, this new sample’s sole mission is to delete GoldenSpy and remove any trace it existed.
Previously, I had some experience with PoS (Point of Sale) devices and entertained myself with kiosks at hacking conferences, but never had touched an ATM before. My companion on this saga had already some fun hacking with these devices and had some precious insights to guide us during our engagement.
Trustwave SpiderLabs has discovered a new malware family, dubbed GoldenSpy, embedded in tax payment software that a Chinese bank requires corporations to install to conduct business operations in China.
In this blog, we take an in-depth technical look at Pillowmint malware samples received from our incident response investigations. Pillowmint is point-of-sale malware capable of capturing Track 1 and Track 2 credit card data. We came across Pillowmint a couple of times in the last year and there is not much information around on it. The malware has been attributed to the FIN7 group that has been actively attacking the hospitality and restaurant industry for the past three years. This is a notorious financially-motivated cybercriminal group also referred to as the Carbanak group, after the Carbanak malware which it has used in the past.
Australian Prime Minister Scott Morrison announced today that multiple Australian public and private organisations are being urged to safeguard their technology networks, as the country comes under a major cyber-attack. He further stated that all levels of government and the private sectors are being targeted in a "Sophisticated State-based" cyber-attack.
Due to the global pandemic of COVID-19, there’s been an explosion of video conferencing and messaging software usage to help people transition their work-life to a work from home environment. Vulnerabilities in this type of software now present an even greater risk to its users.
Cybercriminals are continuously exploiting the Coronavirus (COVID-19) pandemic. In our quest to monitor the COVID-19 related spams, we recently spotted one interesting campaign which uses an unusual email attachment to deliver TrickBot malware.
As a mobile app tester, I have encountered numerous varied vulnerabilities. During one of my mobile engagements, I was able to achieve an Authentication Bypass by simply invoking each exposed Activity component of the Android application.
June's Patch Tuesday has crept upon us and while our minds may be elsewhere, the need to keep our systems up to date never goes away. Microsoft is releasing patches for 129 CVEs today. A dozen of those are rated as "Critical", 115 rated "Important", one rated "Moderate", and one oddly rated as "Not a Vulnerability".
Organizations often store their most critical data in databases, which, in turn, are often necessarily exposed in untrusted or publicly exposed environments. This makes vulnerabilities like these essential to address and test quickly since they not only threaten the data in the database but potentially the full host that it is running on.
The SSH service is critical, ensuring its security is key. This blog will describe how best to secure the SSH service from threat actors.
Credential phishing is a real threat that's targeting organizations globally. Threat actors are finding smart and innovative ways to lure victims to covertly harvest their corporate credentials. Threat actors then use these credentials to get a foothold into an organization to further their malicious agendas.
This blog post will cover some of the more interesting reactions to COVID-19 we’ve encountered on the underground, both good and bad. Read on to learn more (spoiler alert: The coronavirus vaccine is a scam!)
Sign up to receive the latest security news and trends from Trustwave.