Light Dark
July 15, 2019 By David Bisson 3 min read

The world learned of two software vulnerabilities last week. The first zero-day vulnerability was instrumental in a targeted attack against companies in Eastern Europe, while the other affected the Mac client of the Zoom videoconferencing service. Concurrently, remote access Trojans (RATs), backdoors and mobile threats made the week a busy one in terms of malware attacks.

Top Story of the Week: The Buhtrap Backdoor

In June 2019, researchers at ESET detected a highly targeted attack in Eastern Europe. The operation exploited a local privilege escalation zero-day vulnerability on Windows machines. In this particular attack, the exploit used popup object menus to infect entities in Eastern Europe and Central Asia with the Buhtrap backdoor.

After seeing it in action, ESET reported this vulnerability (CVE-2019-1132) to the Microsoft Security Response Center. The tech giant responded by issuing a patch for the bug on July 7.

Source: iStock

Also in the News

  • Phishing Campaign Delivers Dridex Via RMS RAT: Cofense spotted a phishing campaign masquerading as correspondence from eFax in an attempt to trick users into opening what appeared to be a Microsoft Word attachment. Once clicked, the attachment — in actuality, a ZIP archive — revealed a Microsoft Excel spreadsheet that downloaded Dridex and the Remote Manipulator System Remote Access Tool (RMS RAT).
  • Investigation Reveals Vulnerabilities on Commercial Ships: On July 8, the U.S. Coast Guard revealed a February 2019 incident in which a deep draft vessel reported a digital security incident affecting its shipboard network. A subsequent investigation concluded that the incident undermined the onboard computer’s system functionality but did not affect any essential vessel control systems.
  • Zoom Vulnerability Puts Webcams at Risk: Independent security researcher Jonathan Leitschuh disclosed a vulnerability in the Mac client for the remote videoconferencing service Zoom. Threat actors could abuse this weakness on a compromised website to force Mac users to join a Zoom call without their permission.
  • New Details Emerge on DNS Hijacking Campaign: Cisco Talos linked the Sea Turtle threat group to a network compromise involving the Institute of Computer Science of the Foundation for Research and Technology – Hellas (ICS-Forth), the country code top-level domain (ccTLD) for Greece. Additional analysis revealed that the threat actors retained access to ICS-Forth through at least April 24.
  • Magecart Exploits Misconfigured Amazon S3 Buckets: Also on April 24, RiskIQ began tracking an attack campaign in which Magecart actors automatically scanned for misconfigured Amazon Simple Storage Service (S3) buckets. The purpose of this “spray and pray” technique was to append their skimming code at the bottom of exposed JavaScript files and obtain unsuspecting users’ payment card information.
  • Astaroth Attack Uses LotL Techniques to Infect Windows Machines: After noticing an anomaly from an algorithm used for catching fileless campaigns, the Microsoft Defender ATP Research Team came upon an infection chain that relied strictly on living-off-the-land (LotL) techniques to distribute Astaroth. Once activated, the backdoor could have helped threat actors steal sensitive information and move laterally across the network.
  • Agent Smith Masquerades as Legitimate App, Infects 25 Million Android Devices: Check Point came across a new malware family known as Agent Smith that masqueraded as a Google-related app. With this disguise, the threat succeeded in infecting 25 million Android devices for the purpose of replacing installed apps with malicious versions.

Security Tip of the Week: How to Defend Against Fileless Threats

The Microsoft Defender ATP Research Team clarified that fileless malware like Astaroth doesn’t make threat actors invincible:

“Abusing fileless techniques does not put malware beyond the reach or visibility of security software. On the contrary, some of the fileless techniques may be so unusual and anomalous that they draw immediate attention to the malware, in the same way that a bag of money moving by itself would.”

Security professionals can therefore help defend their organizations against fileless malware by enabling application whitelisting and disabling macros. Companies should also consider investing in a robust vulnerability management program that prioritizes security bugs as a means of managing risk.

 |  |  |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

January 30, 2025

When ransomware kills: Attacks on healthcare facilities

4 min read - As ransomware attacks continue to escalate, their toll is often measured in data loss and financial strain. But what about the loss of human life? Nowhere is the ransomware threat more acute than in the healthcare sector, where patients’ lives are literally on the line.Since 2015, there has been a staggering increase in ransomware attacks on healthcare facilities. And the impacts are severe: Diverted emergency services, delayed critical treatments and even fatalities. Meanwhile, the pledge some ransomware groups made during…

January 29, 2025

AI and cloud vulnerabilities aren’t the only threats facing CISOs today

6 min read - With cloud infrastructure and, more recently, artificial intelligence (AI) systems becoming prime targets for attackers, security leaders are laser-focused on defending these high-profile areas. They’re right to do so, too, as cyber criminals turn to new and emerging technologies to launch and scale ever more sophisticated attacks.However, this heightened attention to emerging threats makes it easy to overlook traditional attack vectors, such as human-driven social engineering and vulnerabilities in physical security.As adversaries exploit an ever-wider range of potential entry points…

January 28, 2025

4 trends in software supply chain security

4 min read - Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised.Expect to see more software supply chain attacks moving forward. According to ReversingLabs' The State of Software Supply Chain Security 2024 study, attacks against the software…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature