Cyber Security headlines of the week

Windows malware opens RDP ports on PCs for future remote access

Security researchers say they’ve spotted a new version of the Sarwent malware that opens RDP (Remote Desktop Protocol) ports on infected computers so hackers could gain hands-on access to infected hosts.

Researchers from SentinelOne, who spotted this new version, believe the Sarwent operators are most likely preparing to sell access to these systems on the cybercrime underworld, a common method of monetizing RDP-capable hosts.

THE SARWENT MALWARE

The Sarwent malware is a lesser-known backdoor trojan that has been around since 2018. In its previous versions, the malware contained a limited set of functionality, such as having the ability to download and install other malware on compromised computers. Read more in

Easyjet Hacks: it wasn’t just a few credit cards: Entire travel itineraries were stolen by hackers

Victims of the Easyjet hack are now being told their entire travel itineraries were accessed by hackers who helped themselves to nine million people’s personal details stored by the budget airline.

As reported earlier this week, the data was stolen from the airline between October 2019 and January this year. Easyjet kept quiet about the hack until mid-May, though around 2,200 people whose credit card details were stolen during the cyber-raid were told of this in early April, months after the attack.

Read more in: https://www.theregister.co.uk/2020/05/22/easyjet_hack_victim_notification/

Ransomware tries to evade antivirus by hiding in a virtual machine on infected systems

With antivirus tools increasingly wise to common infection tricks, one group of extortionists has taken the unusual step of stashing their ransomware inside its own virtual machine.

According to Vikas Singh, Gabor Szappanos, and Mark Loman at Sophos, criminals have slotted the file-scrambling Ragnar Locker nasty into a virtual machine running a variant of Windows XP, called MicroXP. Then, once the crooks have infiltrated a victim’s network and gained administrative access – typically via a weak RDP box or through a compromised managed services provider – they download the VM, along with Oracle’s VirtualBox hypervisor to run it, on each machine they can get into.

Read more in https://www.theregister.co.uk/2020/05/22/byovm_ransomware_in_virtualbox/

Twitter Bots: Roughly half the Twitter accounts pushing to ‘reopen America’ are bots.

As parts of the US have lifted shutdown orders during the COVID-19 pandemic, there’s been a fierce argument online about the risks and benefits of reopening. New research suggests that bots have been dominating that debate.

Read more in https://www.businessinsider.com/nearly-half-of-reopen-america-twitter-accounts-are-bots-report-2020-5?r=US&IR=T



Categories: cyber attack, cyber hackers, Cyber news, Cyber Security

Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.