A Linux trojan detected under the generic name of Linux.MulDrop.14 is infecting Raspberry Pi devices with the purpose of mining cryptocurrency.
According to Russian antivirus maker Dr.Web, the malware was first spotted online in the second half of May in the form of a script that contains a compressed and encrypted application.
Experts say the initial infection takes place when Raspberry Pi operators leave their devices’ SSH ports open to external connections.
Once a Raspberry Pi device is infected, the malware changes the password for the “pi” account to:
Read the full article here
Mouseover’ technique relies on users hovering over hyperlinked text and images in Microsoft PowerPoint files to drop Trojan.
Researchers have found a new form of attack that abuses the action of hovering over hyperlinked text and images in a Microsoft PowerPoint presentation.
Trend Micro researchers discovered the “mouseover” technique, used by a Trojan downloader also found in a spam campaign hitting EMEA businesses in the manufacturing, education, pyrotechnics, logistics, and device fabrication industries. The downloader they analyzed delivers a version of the OTLARD banking Trojan, also known as GootKit.
“This is the first occurrence of malware using the ‘hover’ method to initiate a download that we know of,” says Mark Nunnikhoven, Trend Micro’s VP of cloud security.
“While GootKit is known malware, businesses should be more concerned about this latest technique as it shows none of the usual indicators of an infected document,” he explains. This is novel because it abuses the previously safe user practice of hovering over a link before clicking.
Continue reading New Attack Method Delivers Malware Via Mouse Hover
Netgear noted that several of their routers have a command injection Vulnerability issue where an attacker can use a phishing method to gain control of your router.
To find the model/version number, check the bottom or back panel of your NETGEAR device.
From the vulnerability Notes Database:
R6200, R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, and D6400 contain an unauthenticated command injection vulnerability that may be executed directly or via cross-domain requests. Known affected firmware versions include Netgear R7000 version 188.8.131.52_1.1.93, R6400 version 184.108.40.206_1.0.11, and R8000 version 220.127.116.11_1.1.2. Earlier versions may also be affected. The command injection vulnerability has been assigned CVE-2016-6277.
By convincing a user to visit a specially crafted web site, a remote, unauthenticated attacker may execute arbitrary commands with root privileges on affected routers. An unauthenticated, LAN-based attacker may do the same by issuing a direct request, e.g. by visiting: http:///cgi-bin/;COMMAND
Continue reading Netgear Router Security Update