The Sonicwall Capture Labs Threat Research team has analyzed a malware purporting to be an installer of a popular VPN software. This is not the first time that malware has pretended to be a VPN installer as we have previously reported here. This time, it mimicked the website of ProtonVPN. Downloaded software from the fake […]
Hackers are actively trying to exploit vulnerable Microsoft Exchange Servers
Malware writers have already started misusing the recent Coronavirus scare as a means to propagate their malicious creations as highlighted in one of our earlier blogs. SonicWall Capture Labs Threats Research team recently observed this tactic being used in the Android ecosystem as well in the form of a Remote Access Trojan (RAT).An Android apk […]
Hackers are actively trying to exploit vulnerable Microsoft Exchange Servers
SonicWall Capture Labs Threat Research team observes attackers actively probing for vulnerable Microsoft Exchange servers.Vulnerability | CVE-2020-0688:A remote code execution vulnerability has been reported in Microsoft Exchange Server. The weakness is due to the server failing to properly create unique keys at the time of installation. Microsoft Exchange Server does not randomly generate a key […]
Ako ransomware demands $3000. Operators hide behind tOr.
The SonicWall Capture Labs Threat Research Team have recently come across a new variant of Ako ransomware. The malware spreads via spam email and shares similarities to MedusaLocker. This has lead many to believe that the malware is a variant of MedusaReborn. However, the operators have reportedly denied this claim and state that Ako is […]
Fake windows update serves a fake Windows Media Player with a side of cryptominer
This week, the SonicWall Capture Labs Threat Research Team came across another cryptominer that pretends to be a media player and even loads a wav file to hide its real intent.Infection Cycle:This Trojan comes in an archive file that purports to be a Windows Update component. Within the archive file are the following files:mstcss.execonfig.jsonsong.wavThe executable […]
Citrix NetScaler ADC/Gateway Directory Traversal Vulnerability
A Directory Traversal vulnerability exists in Citrix Application Delivery Controller (ADC), formerly known as NetScaler ADC, and Citrix Gateway,formerly known as NetScaler Gateway (CVE-2019-19781). This vulnerability is being exploited in the wild.A remote attacker could exploit this vulnerability to perform arbitrary code execution. Authentication is not necessary to perform exploitation and access sensitive files.What is […]
Windows CryptoAPI Spoofing Vulnerability CVE-2020-0601
NSA has discovered a critical vulnerability affecting Microsoft Windows cryptographic functionality. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality.Microsoft released a patch today for Windows CryptoAPI Spoofing […]
Microsoft Security Bulletin Coverage for Jan 2020
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of January 2020. A list of issues reported, along with SonicWall coverage information are as follows:CVE-2020-0601 Windows CryptoAPI Spoofing VulnerabilityIPS 14728: Windows CryptoAPI Spoofing Vulnerability (JAN 20) 1IPS 14729: Windows CryptoAPI Spoofing Vulnerability (JAN 20) 2IPS 14730: Windows CryptoAPI […]
MZP Ransomware actively spreading in the wild
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of MZP ransomware [MZP.RSM] actively spreading in the wild.The MZP ransomware encrypts the victim’s files with a strong encryption algorithm until the victim pays a fee to get them back.Infection Cycle:The ransomware adds the following files to the system:Malware.exe% App.path% HOW […]
Debug build of Jigsaw Ransomware contains SMTP email credentials
The SonicWall Capture Labs Threat Research Team observed reports of a new version of the Jigsaw ransomware. The version analysed here appears to be an early debug build and sports a new interface, a significant departure from interfaces using clown images in previous versions. As this is a test version of the malware, no encryption […]