Cybersecurity Weekly: LemonDuck malware, REvil decryptor, XCSSET MacOS malware

July 27, 2021 by Sam Fay

Microsoft warns of LemonDuck malware. Kaseya obtains a universal decryptor for REvil ransomware. The MacOS malware XCSSET now targets Google Chrome. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Microsoft warns of LemonDuck malware

An infamous cross-platform crypto-mining malware continued to refine and improve upon its techniques to strike both Windows and Linux operating systems. Setting its sights on older vulnerabilities, it simultaneously latches onto a variety of spreading mechanisms to maximize the effectiveness of its campaigns.
Read more »


2. Kaseya obtains universal decryptor for REvil ransomware

Kaseya obtained a master decryptor key for the REvil ransomware that locked up the systems of at least 60 of its customers in a series of worldwide cyberattacks on July 2. The attacks, which exploited now-patched zero-days in the Kaseya Virtual System/Server Administrator platform, affected Kaseya customers in 22 countries using the on-premises platform.
Read more »


3. MacOS malware XCSSET now targets Google Chrome

A malware known for targeting the macOS operating system was updated once again to add more features to its toolset. It can now amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further refinements in its tactics.
Read more »


4. Microsoft shares mitigations for PetitPotam NTLM relay attack

Microsoft released mitigations for the new PetitPotam NTLM relay attack that allows attackers to take over a domain controller or other Windows servers. The new attack uses the Microsoft Encrypting File System Remote Protocol to force a device, including domain controllers, to authenticate to a remote NTLM relay controlled by a threat actor.
Read more »


5. Six things you must do right now to secure your company’s data

According to Verizon’s 2020 Data Breach Investigations Report, 28% of the breaches in 2019 involved small businesses. Data security was a huge issue before COVID. And now it’s an even bigger problem because so many employees have been working from home. So what can you do? Here are six things you need to do immediately.
Read more »


6. Hackers abuse single bit change in Intel CPU register to evade detection

Security researchers discovered a trap flag in the Intel CPU register that malware can abuse to evade sandbox detection. Malware can detect whether it is executing in a physical or virtual machine by monitoring the response of the CPU after setting this single bit. Researchers have since been able to fix the problem of malware evading automatic detection.
Read more »


7. Threat actor selling database containing 3.8 billion phone numbers

A threat actor is selling on hacking forums the secret database Clubhouse containing 3.8 billion phone numbers. According to the threat actor, the company steals the phonebook of each user in a secret database that it is offering for sale. The threat actor also published a link to a sample of data contained in the database, which included 83.5 million phone numbers.
Read more »


8. Crooks target Kubernetes installs via Argo Workflows to deploy miners

Researchers uncovered new attacks on Kubernetes installs via misconfigured Argo Workflows aimed at deploying cryptocurrency miners. The unprotected instances are operated by organizations in multiple sectors, including technology, finance, and logistics sectors.
Read more »


9. Japanese computers hit by a wiper malware ahead of 2021 Tokyo Olympics

Months ago, the FBI warned companies of cyberattacks that might attempt to disrupt the 2021 Tokyo Olympics. Researchers from the Japanese security firm Mitsui Bussan Secure Directions discovered an Olympics-themed malware that implements wiping capabilities. The malicious code was detected ahead of the opening ceremony of the 2021 Tokyo Olympics.
Read more »


10. Law firm for Ford, Pfizer, Exxon discloses ransomware attack

Campbell Conroy & O’Neill, a law firm that represents hundreds of major organizations, confirmed a data privacy incident related to a ransomware attack detected earlier this year. An investigation revealed its network was hit with ransomware and prompted Campbell to hire third-party forensics investigators to determine the information affected.
Read more »

Posted: July 27, 2021
Sam Fay
View Profile