TrickBot has survived the takedown attempt! It has been found that the trojan operators have replaced the seized C2 servers and domains with new infrastructure. Researchers anticipate that the operators will attempt to revive their operations soon.
In other news, Microsoft has issued patches for 87 security vulnerabilities as part of October 202 Patch Tuesday. The affected product includes Windows, Office, Web Apps, Azure Functions, Open Source Software, Exchange Server, Visual Studio, .NET Framework, Microsoft Dynamics, and the Windows Codecs Library.
Top Breaches Reported in the Last 24 Hours
teamDigital exposes data
teamDigital had exposed a trove of clients’ data due to misconfigured environment files. The leaked data included MastercardNexus Twitter API keys, MySQL database username, and plaintext password, and other data related to Mastercard.
Top Malware Reported in the Last 24 Hours
Days after the takedown of its backend infrastructure, TrickBot trojan is back in the picture by replacing the seized C2 servers and domains with new ones. The takedown attempt was carried out in a collaborative action from researchers of Microsoft, Symantec, ESET, and others.
New malware framework
Top Vulnerabilities Reported in the Last 24 Hours
Microsoft fixes 87 flaws
Microsoft has rolled out patches for 87 security vulnerabilities, out of which 11 are critical. The patches are for flaws affecting Microsoft Windows, Office and Office Services and Web Apps, Azure Functions, Open Source Software, Exchange Server, Visual Studio, .NET Framework, Microsoft Dynamics, and the Windows Codecs Library.
Adobe patches a flaw
Adobe has patched a critical arbitrary code execution vulnerability in its Flash Player. Tracked as CVE-2020-9746, the vulnerability can lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user.
Google publishes details of a flaw
Google has published details about a high-severity flaw affecting the Bluetooth stack in the Linux kernel versions below Linux 5.9 that support BlueZ. Tracked as CVE-2020-12351, the flaw can allow an unauthenticated user to potentially enable the escalation of privileges.
Cisco Talos releases advisories
Cisco Talos has released the details of several remotely exploitable DoS vulnerabilities in the Allen-Bradley adapter manufactured by Rockwell Automation. A remote, unauthenticated attacker can exploit these flaws by sending specially crafted packets.
Foxit issues patches
Foxit has released patches to address several high-risk vulnerabilities affecting both Windows and macOS versions of its PhantomPDF application. One of these flaws could result in code injection or information disclosure. Two of these vulnerabilities are considered medium risk.
Top Scams Reported in the Last 24 Hours
Canva abused for phishing
Canva design platform is being actively abused by threat actors to redirect users to fake login forms. The spam email pretends to be a SharePoint eFax delivery notification and includes a phishing link hosted on canva.com. Clicking on the link brings a victim to the final phishing landing page, where they are prompted to log in to see the document.