Daily Perk 4/9/2021

Happy Weekend to All

IcedID – The new Emotet? per Threatpost

Don’t worry – Emotet isn’t really gone. It just stepped back a bit, and as we’ve seen happen, a new contender has stepped up. In this case, modular malware banking trojan IcedID aka BokBot has made its presence known in 2021, serving as a dropper for other malware via Email campaigns using MS Excel attachments. Sounds familiar right? Evasion techniques include:

Hiding macro formulas in three different sheets; masking the macro formula using a white font on white background; and shrinking the cell contents and making the original content invisible

Microsoft’s blog today delved further into a “unique form of email delivery for IcedID malware, looking at the abuse of website contact forms and emails with malicious links sent to enterprises. Contents download – you guessed it – IcedID. This is a good heads up for organizations because the abuse of website contact forms can bypass protections by piggybacking on legitimate infrastructure.

Pwn2Own finds critical Zoom vulnerability for RCE per ZDNet

Zoom really stepped up efforts last year to secure a platform that was never intended for the volume of use it received during the pandemic. It’s become a mainstay for personal and business purposes. With so many users, that’s a big target. The annual Pwn2Own hacking competition is a great way to test what we think is secure and patch potential holes, or open our minds to all kinds of attacker thinking. This year, researchers from Computest showed a how a chain built from three vulnerabilities could lead to RCE on a target device with NO user interaction required, as per the animated attack here. Currently, the attack has been shown to work against Zoom on Windows and Mac. It’s not tested yet on iOS or Android. The browser version is SAFE. Zoom has been notified and has 90 days to develop a security solution for something nobody was looking for – except an attack. This is effective collaboration!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s