Advisory Alert

Email Us - 877.583.2841 - Request A Demo

Use This Form To Have A TruShield Team Member Contact You With More Information.

  • This field is for validation purposes and should be left unchanged.

Use This Form To Contact TruShield Inc Directly. Or you can call us at: 877.583.2841. We will respond back as quickly as possible!

Microsoft Office DDE Exploit

“Fancy Bear” Hackers Using Microsoft Dynamic Data Exchange Exploit

Overview

Microsoft’s DDE feature is designed to allow Office files to include links to other remote files, like hyperlinks between documents. But it can also be used to pull malware onto a victim’s computer when they merely open a document, and then click through an innocuous prompt asking them if they “want to update this document with data from the linked files?”

The apt28 hackers appear to be using that technique to infect anyone who clicks on attachments with names like SabreGuard2017.docx and IsisAttackInNewYork.docx. In combination with the scripting tool PowerShell, they install a piece of reconnaissance malware called Seduploader on victims’ machines. They then use that initial malware to scope out their victim before deciding whether to install a more fully featured piece of spyware—one of two tools known as X-Agent and Sedreco.

According to McAfee, the malware samples, the domains of the command-and control servers that malware connects to, and the targets of the campaign all point to APT28, a group believed to be working in the service of Russia’s military intelligence agency GRU. As APT28 exploits the latest Microsoft Office hacking technique in a new campaign, Microsoft itself has said that it has no plans to alter or patch its DDE function; it considers DDE(Dynamic Data Exchange) a feature that’s working as intended. Microsoft noted that the DDE attack only works when Windows’ Protected Mode setting is disabled, and only if the user clicks through the prompts that the attack requires. “As always, we encourage customers to use caution when opening suspicious email attachments”.

Continue Reading

Update to Shade Ransomware

This is a security alert for all TruShield clients and the community as a whole. We have learned of a new update to Shade Ransomware. The update allows for the ransomware to search for the precise file extension and execute upon finding it, and it also downloads additional malware to the system. About Shade Ransomware… Continue Reading

Chthonic Banking Trojan

This is a security alert for all TruShield clients, the financial services industry, and the community as a whole. We have learned of a new variant of the Zeus Trojan called Chthonic Banking. This Trojan uses PayPal as a technique to spread.   About Chthonic Banking Trojan Chthonic was discovered by Proofpoint analysts. This Trojan… Continue Reading

New Trojan – Panda Banker

This is a security alert for all TruShield clients, the financial services industry, and the community as a whole. We have learned about a new banking Trojan that utilizes some Zeus code to do its damage. This new Trojan is called Panda Banker. About Panda Panda Banker is a banking Trojan discovered in February by… Continue Reading

Satana Ransomware

This is a security alert for all TruShield clients, the financial services industry, and the community as a whole. We have learned of a new ransomware named Satana. This ransomware goes on the boot record and prevents the computer from starting. About Satana Ransomware Satana is a new ransomware that is a mix between Petya… Continue Reading

BART Ransomware

This is a security alert for all TruShield clients, the financial services industry, and the community as a whole. We have learned about a new ransomware called Bart that is from the same developers behind Dridex and Locky. About Bart Ransomware Security researchers from Proofpoint discovered a new ransomware called Bart. For a user to… Continue Reading

PunkeyPOS Malware

This is a security alert for all TruShield clients, the financial services industry, and the community as a whole. We have learned of a new variant of a point of sale malware (POS) that has been affecting around 200 terminals throughout the United States. This malware is known as PunkeyPOS and can steal credit card data. Continue Reading

New Ransomware – RAA

This is a security alert for all TruShield clients, the financial services industry, and the community as a whole. We have learned of a new ransomware known as RAA. This ransomware infects computers and encrypts files using Javascript. About RAA RAA ransomware is written entirely in Javascript. The ransomware is delivered using a standard JS… Continue Reading

Point-of-Sale Malware Threats Continue to Surface

This is a security alert for all TruShield clients, the restaurant industry, the retail industry, and the community at large. TruShield has learned of new details in point-of-sale data breaches. Overview As we reach mid 2016 breaches have steadily continued across a wide variety of industries. Recent weeks have revealed several leaks of credentials from… Continue Reading

New and Improved Dridex

This is a security alert for all TruShield clients, the financial services industry, and the community as a whole. We have learned of a recent wave of threats targeting the financial services sector. The threat is the banking Trojan Dridex, which has returned with an improved technique that avoids detection by security software. About The Trojan Dridex is… Continue Reading

Copyright © 2017