A new email campaign includes a Microsoft Office Publisher file with malicious URLs leading to the FlawedAmmyy RAT.
Link: https://threatpost.com/unique-malspam-campaign-uses-ms-publisher-to-drop-a-rat-on-banks/136656/
Tag: Web Security
ThreatList: Almost Half of the World’s Top Websites Deemed ‘Risky’
An analysis of the world’s most-visited websites shows that vulnerable software, too much active content and large amounts of code execution open visitors to a raft of potential dangers.
Link: https://threatpost.com/threatlist-almost-half-of-the-worlds-top-websites-deemed-risky/136636/
Highly Flexible Marap Malware Enters the Financial Scene
A new downloader, which has been spotted in an array of recent email campaigns, uses anti-analysis techniques and calls in a system fingerprinting module.
Link: https://threatpost.com/highly-flexible-marap-malware-enters-the-financial-scene/136623/
Google Expands Bug Bounty Program to Battle Abuse Methods
The program focuses on potential abuse methods across Google’s product-specific channels like Google+, Youtube, Gmail and Blogger.
Link: https://threatpost.com/google-expands-bug-bounty-program-to-battle-abuse-methods/136590/
Open MQTT Servers Raise Physical Threats in Smart Homes
Misconfigured DIY smart-home hubs for home automation could allow attackers to track owners’ movements, see if smart doors and windows are opened or closed, and even open garage doors.
Link: https://threatpost.com/open-mqtt-servers-raise-physical-threats-in-smart-homes/136586/
Google Chrome Bug Opens Access to Private Facebook Information
The method could be used to deduce the age, sex, likes or the location history of a user – essentially, the attacker can play “20 questions” to profile the victim.
Link: https://threatpost.com/google-chrome-bug-opens-access-to-private-facebook-information/136573/
Microsoft Cortana Flaw Allows Web Browsing on Locked PCs
The tricky Cortana flaw, CVE-2018-8253, was addressed by Microsoft during Patch Tuesday.
Link: https://threatpost.com/microsoft-cortana-flaw-allows-web-browsing-on-locked-pcs/136558/
Office 365 Phishing Campaign Hides Malicious URLs in SharePoint Files
Researchers say the “PhishPoint" tactic has already impacted 10 percent of Office 365 users globally.
Link: https://threatpost.com/office-365-phishing-campaign-hides-malicious-urls-in-sharepoint-files/136525/
ThreatList: Financial-Themed Phishing Hooks Targets in Q2
In addition to traditional phishing, fraudulent cryptocurrency offers pose a rising trend.
Victims Lose Access to Thousands of Photos as Instagram Hack Spreads
In a probable quest to build a botnet, someone is hacking Instagram accounts, deleting handles, avatars and personal details, and linking them to a new email address.
Link: https://threatpost.com/victims-lose-access-to-thousands-of-photos-as-instagram-hack-spreads/135112/