Network Computing Dark Reading

Advertise

Attacks/Breaches

3/9/2020
01:00 PM

Dark Reading Staff
Quick Hits

0 comments
Comment Now

50%

Malware Campaign Feeds on Coronavirus Fears

A new malware campaign that offers a "coronavirus map" delivers a well-known data-stealer.

Criminals are leveraging the Covid-19 epidemic to spread malware through a "Coronavirus Map" app that provides no useful information to victims but may provide the victims' user names, passwords, credit card numbers, and other sensitive information to the attacker.

The new campaign, described in a blog post by researchers at Reason Labs, uses a strain of malware called AZORult. AZORult is a data-stealer first recognized in 2016.

In addition to scraping data out of victims' Web browsers and applications, AZORult acts as a downloader, bringing additional malware onto an infected system. AZORult is commonly sold in online malware markets in Russia, and is one of the more commonly sold data-stealers in those forums.

For more, read here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Out at Sea, With No Way to Navigate: Admiral James Stavridis Talks Cybersecurity."

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Making Sense of Multi-Cloud: Everything Your Business Needs To Know

How to Effectively Analyze Security Data

More Webcasts

White Papers

Malicious Cryptominers are Eyeing Your Resources

The SIEM Buyers Guide for 2020

More White Papers

Reports

Cyber AI: An Immune System for Cloud Security

Annual Threat Intelligence Report: Perspectives and Predictions

More Reports

Comments

Newest First | Oldest First | Threaded View

[close this box]

Be the first to post a comment regarding this story.

Hot Topics

Editors' Choice

COVID-19: Latest Security News & Commentary

Dark Reading Staff 4/16/2020

Cybercrime May Be the World's Third-Largest Economy by 2021

Marc Wilczek, Digital Strategist & COO of Link11, 4/13/2020

Web Pioneers Launch Identity Startup That Ditches Passwords

Kelly Jackson Higgins, Executive Editor at Dark Reading, 4/14/2020

Webinars

Making Sense of Multi-Cloud: Everything Your Business Needs To Know

Fighting Cybercrime in a Pandemic Threat Landscape

How to Effectively Analyze Security Data

Webinar Archives

White Papers

Malicious Cryptominers are Eyeing Your Resources

The SIEM Buyers Guide for 2020

Cybersecurity Will Always Need the Human Element

The Insider's Guide to IP Geolocation Data

OT Security for IT Professionals: An Introduction to Industrial Cyber Controls

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

6 Emerging Cyber Threats That Enterprises Face in 2020

This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Developing and Maintaining Secure Applications

The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.

Download Now!

State of Cybersecurity Incident Response

0 comments

How Enterprises are Attacking the Cybersecurity Problem

0 comments

How Data Breaches affect the Enterprise

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-5569
PUBLISHED: 2020-04-20

An unquoted search path vulnerability exists HDD Password tool (for Windows) in version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD...

CVE-2020-11930
PUBLISHED: 2020-04-20

The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.

CVE-2020-11928
PUBLISHED: 2020-04-20

In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin.

CVE-2019-20786
PUBLISHED: 2020-04-19

handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion.

CVE-2020-11894
PUBLISHED: 2020-04-19

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() in decompile.c.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]