February has registered several kinds of sophisticated malware, with hackers specifically aiming at generating file-less malware and variants of already existing ransomware/Trojans. Most of the malware (including Eviral, XMRig, and Rig EK) has been specifically designed to mine for cryptocurrencies. Critical vulnerabilities have been abundant and organizations have been busy releasing mitigation for them. However, on a positive note, Intel and other companies have successfully managed to release patches--for Meltdown and Spectre flaws--that mitigate the rebooting issue in different software and firmware. Scammers are continuously churning new methods and techniques to steal data, install ransomware, and generate revenue through malicious ad campaigns. Unsecured databases and lack of stringent authentication principles resulted in several breaches.
But there is good news: multiple security patches have been released by companies for several vulnerabilities. Users are advised to update their software, as per the list below.
Google goes public with Microsoft Edge vulnerability that allows bypassing Arbitrary Code Guard (ACG)
Understanding the Attack Vectors of CVE-2018-0101 – Cisco ASA Remote Code Execution and Denial of Service Vulnerability
Hackers now exploiting Word documents to display 'innocent' videos that secretly mine cryptocurrency
Posted on: March 01, 2018
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.