Security Roundup - 2018-05-25

VPNFilter. Talos Intel has decided preliminary research on VPNFilter, due to active exploit in the Ukraine. This malware strain appears to be installed on networking devices across the globe, and has device destructive capabilities. It is also installed on half a million devices, which would have a large impact if triggered.

More IoT Failure. In related news, vulnerabilities have been found in some D-Link routers. Additionally, Comcast just fixed a bug in some routers that may accidentally leak wifi passwords.

Vigilant Observation. An ESET researcher discovered two zero days in the making after reverse engineering samples that attackers had uploaded to virus scanning engines to test their detectability.

Living in a post-Drupalgeddon world. Two major Drupal vulnerabilities dropped last week, and now MalwareBytes serves up a look at how Drupal in the wild now looks. Expect unpatched instances, and those instances having been exploited.

Business model for botnets. After all, the goal if to make money. But how much?.

More Spectre Like Flaws. Another processor side channel attack was announced on Monday and, with increased scrutiny, researchers expect to announce more in the future.

New way to abuse cryotominers. Cryptominers have been abusing client’s resources for months, and now a new abuse has been found - URL Shorteners. Specifically, Coinhive has been experimenting with a URL shortener that forwards users after they have solved a number of hashes, which some are abusing by embedding in iFrames in other sites to have the cryptominer run as long as the page is loaded.

Botnet Persistence. According to some recent research, 58% of botnet infections only last a day.

Written on May 25, 2018