Windows malware opens RDP ports on PCs for future remote access
Security researchers say they’ve spotted a new version of the Sarwent malware that opens RDP (Remote Desktop Protocol) ports on infected computers so hackers could gain hands-on access to infected hosts.
Researchers from SentinelOne, who spotted this new version, believe the Sarwent operators are most likely preparing to sell access to these systems on the cybercrime underworld, a common method of monetizing RDP-capable hosts.
THE SARWENT MALWARE
The Sarwent malware is a lesser-known backdoor trojan that has been around since 2018. In its previous versions, the malware contained a limited set of functionality, such as having the ability to download and install other malware on compromised computers. Read more in
Easyjet Hacks: it wasn’t just a few credit cards: Entire travel itineraries were stolen by hackers
Victims of the Easyjet hack are now being told their entire travel itineraries were accessed by hackers who helped themselves to nine million people’s personal details stored by the budget airline.
As reported earlier this week, the data was stolen from the airline between October 2019 and January this year. Easyjet kept quiet about the hack until mid-May, though around 2,200 people whose credit card details were stolen during the cyber-raid were told of this in early April, months after the attack.
Read more in: https://www.theregister.co.uk/2020/05/22/easyjet_hack_victim_notification/
Ransomware tries to evade antivirus by hiding in a virtual machine on infected systems
With antivirus tools increasingly wise to common infection tricks, one group of extortionists has taken the unusual step of stashing their ransomware inside its own virtual machine.
According to Vikas Singh, Gabor Szappanos, and Mark Loman at Sophos, criminals have slotted the file-scrambling Ragnar Locker nasty into a virtual machine running a variant of Windows XP, called MicroXP. Then, once the crooks have infiltrated a victim’s network and gained administrative access – typically via a weak RDP box or through a compromised managed services provider – they download the VM, along with Oracle’s VirtualBox hypervisor to run it, on each machine they can get into.
Read more in https://www.theregister.co.uk/2020/05/22/byovm_ransomware_in_virtualbox/
Twitter Bots: Roughly half the Twitter accounts pushing to ‘reopen America’ are bots.
As parts of the US have lifted shutdown orders during the COVID-19 pandemic, there’s been a fierce argument online about the risks and benefits of reopening. New research suggests that bots have been dominating that debate.
Read more in https://www.businessinsider.com/nearly-half-of-reopen-america-twitter-accounts-are-bots-report-2020-5?r=US&IR=T