Welcome to another week of security news! There were plenty of security updates and vulnerabilities to discuss, but here are some of the top stories on my feed -
Payment processing giant TSYS suffers ransomware attack
After the ransomware attack on TSYS, the third-largest third-party payment processor for financial institutions in North America, reams of data have been stolen from the company and posted online, with the attackers promising to publish more in the coming days. But the company says the malware did not jeopardize card data, and that the incident was limited to administrative areas of its business. On December 8th, the cyber criminal gang responsible for deploying the Conti ransomware strain published more than 10 gigabytes of data that it claimed to have removed from TSYS’ networks.
Microsoft Office 365 credentials under attack by fax “alert” emails
Researchers are warning of a coordinated phishing attack that targeted “numerous” enterprise organizations last week. The attackers leveraged hundreds of compromise, legitimate email accounts in order to target organizations with emails, which pretended to be document delivery notifications. In reality, the phishing attack stole victims’ Office 365 credentials. Sample emails use legitimate eFax branding and a tag at the bottom marketing eFax’s plans.
Microsoft warns of powerful new adware
Microsoft has issued a warning about Adrozek, a new strain of browser modifier that, according to the company, “adds browser extensions, modifies a specific DLL per target browser, and changes browser settings to insert additional, unauthorized ads into web pages.” According to Microsoft, the malware is being distributed by large, well-funded, and organized groups. From May to September, Microsoft researchers found 159 unique domains used in attacks, with those domains hosting tens of thousands URLs.
New Windows trojan steals browser credentials and Outlook files
To wrap it all up, Microsoft is taking another place in our list, with a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities - from collecting browser credentials to targeting Outlook files. The trojan, called PyMicropsia (due to it being built with Python) has been developed by threat group AridViper, known for targeting organizations in the Middle East. In a nutshell, the trojan has been made into a Windows executable by PyInstaller, a Python package allowing applications into stand-alone executables. Once downloaded, the malware “implements its main functionality by running a loop, where it initializes different threads and calls several tasks periodically with the intent of collecting information and interacting with the C2 operator,” according to researchers.
Any security updates you want to share?
SolarWinds has been made aware of a cyberattack to their systems that inserted a vulnerability within their SolarWinds Orion Platform. https://www.solarwinds.com/securityadvisory/