Welcome back to this week's Security bulletin!
We are suffering the World's biggest virus outbreak, and most places are in a locked-down state. Do you know who is taking a chance out of it? The answer is cybercriminals. Everybody is craving for the latest Coronavirus updates, and there are plenty of websites available on the Internet which provide either graphical representation or chart of virus spread.
The attackers take advantage of Internet user's interest in this outbreak, and they trick users into downloading Malwares from the websites that provide Coronavirus spread details. A cybersecurity specialist discovered that a file Corona-virus-Map.com.exe gets downloaded from a malicious site, and it shows Map of virus-infected areas similar to https://coronavirus.jhu.edu/map.html. This exe file is an information-stealing malicious software that collects information stored in web browsers, particularly cookies, browsing histories, user IDs, passwords, etc.
Please be careful while downloading files from the Internet, and better to install an Antivirus software in your machine. We don't want virus Infection to ourselves and our machines because of carelessness. Stay safe!
Adobe has released updates for six of its products, including Acrobat Reader, Photoshop, ColdFusion. There are 41 new security vulnerabilities found in the products, and all of them get mitigated by applying the latest patch. The updates are available for the following products:
- Adobe Genuine Integrity Service
- Adobe Acrobat and Reader
- Adobe Photoshop
- Adobe Experience Manager
- Adobe ColdFusion
- Adobe Bridge
While reviewing the severity of 41 vulnerabilities, 29 of them are critical, and 16 among them are in Adobe Photoshop software. Most of the critical flaws are related to memory corruption, which allows an attacker to execute malicious code, and the CVE-2020-3761 vulnerability in ColdFusion lets attackers read files from the install directory.
We would like to recommend all Adobe users to update the software to the latest version and protect your system from cyber attack!
The Remote Desktop Protocol (RDP) connection of the Windows operating system is an all-time favorite of attackers because once you got access to the RDP of a remote server, the system is in your control. TrickBot is a banking trojan that focuses on stealing banking information, and researchers have discovered a new module "rdpScanDll" for this trojan which generate brute force attack to Windows systems with RDP.
A folder gets created when TrickBot starts execution, and this folder contains encrypted malicious payloads with configuration files. It includes a list of command-and-control (C2) servers with whom the plugin needs to communicate to retrieve the commands to be executed. The list of targeted server IP addresses collected with the help of C2 servers.
Researchers said that "The new rdpScanDll module may be the latest in a long line of modules that have been used by the TrickBot Trojan, but it's one that stands out because of its use of a highly specific list of IP addresses."