World Microsoft warns against banking trojans

15:55  12 april  2021
15:55  12 april  2021 Source:   zdnet.de

'Silent revolution': Myanmar workers strike to force junta's hand

  'Silent revolution': Myanmar workers strike to force junta's hand Tens of thousands of Myanmar workers have gone on strike over the past two months, hoping that economic paralysis will force the hand of the wealthy generals who ousted civilian leader Aung San Suu Kyi on February 1. Bank employees, doctors, engineers, customs officers, dockers, railway staff and textile workers have all downed tools as part of a civil disobedience movement. Some striking workers are among the 550 people killed in the military'sBank employees, doctors, engineers, customs officers, dockers, railway staff and textile workers have all downed tools as part of a civil disobedience movement.

Banking trojans have for the most part been designed for stealth, helping operators steal credentials -- predominantly from consumers -- without setting off alarms that could lead to detection. But cybercriminals behind banking trojans are testing techniques used by their noisy extortionist cousins in the ransomware industry. In particular, Qakbot and Emotet have adopted the exploits that helped WannaCry and NotPetya ransomware rapidly spread inside networks using the file-sharing protocol Server Message Block (SMB). Microsoft has set out the Qakbot and Emotet attack kill chain.

Microsoft has officially issued a warning about a massive malware attack, targeting the victim's bank information. According to the software giant, both users and companies should be extremely wary of emails with file attachments. Tens of thousands of emails with hundreds of malicious attachments The Emotet banking Trojan was first discovered by security researchers in 2014. Initially, it was designed as a bank malware, attempting to penetrate a victim's computer to steal bank information. as well as other sensitive data. Later versions of Emotet added malware and spam distribution services

Malware (Bild: Shutterstock/Blue Island) © default_credit malware (Image: Shutterstock / Blue Iceland) A new Banking Trojan attack method worries Microsoft. ICEDID, also known as Bokbot, is a modular banking Trojan, who has on the user's financial data and can act as Dropper for other malware.

Microsoft warns companies in front of cyber criminals that use contact forms on corporate websites to send the ICEDID Bank Trojan in e-mail with Google -URLS to employees. Contact forms On company sites are an open goal on the Internet, and criminals have recently been able to achieve employees who receive contact requests from the public. A remarkable feature of the attack is that the rankers use the contact forms to send the employees legitimate Google URLs that call users to sign up with their Google username and password.

Microsoft share before all-time high: When the big buy signal comes

 Microsoft share before all-time high: When the big buy signal comes © Mike Blake / Reuters Starting Situation and Signal What a strong upward trend! The quotations of Microsoft have been convincing up for many years with a purposeful course course. This is evident on the monatter type - the upward trend line (green vertical) shows steeply upwards. The current consolidation does not change much: For the course of the week, the quotations are largely stable. In the short-term range, the almost horizontal 21-tag line testifies to $ 233.51 (green line in the TAGArt

Microsoft warns that DoppelPaymer threat actors have "caused havoc" in several attacks, with ransoms reaching into millions of dollars territory in some cases. Spread by human-operators, within compromised networks, and within an attack framework involving other malicious software such as banking Trojans (Dridex is Mitigating against the human-operated ransomware threat. So, what does Microsoft recommend you do to protect your systems, and your data, from these human-operated ransomware attackers? Apply the basics of good security, would be the simple yet obvious answer.

Protect against this threat, identify symptoms, and clean up or remove infections. Trojan :Win32/Priteshel.A. Detected by Microsoft Defender Antivirus. If run against a domain controller, the attack would allow a compromised non-administrator account to perform actions

Microsoft held the threat to Ernst enough to report the attacks on Google security teams and warn you to use Cyber-criminal legitimate Google URLs to deliver malware. Google URLs are useful for the attackers because they handle the e-mail security filters. The attackers also seem to have circumvented Captcha challenges, with which it is checked whether the contact of a person comes from.

"The attackers abuse legitimate infrastructures, such as: B. contact forms of websites to bypass protective measures, which makes this threat very evasive. In addition, the attackers use legitimate URLs, in this case Google URLs that ask the target individuals to log in with their Google credentials, "says Microsoft 365 Defender Threat Intelligence Team. Microsoft is concerned about the technology used and has currently found that the criminals use the URLs in e-mails to deliver the ICEDID malware. But it could be used just as well for the transmission of other malware.

China Looks to Challenge U.S. Dollar with New Digital Yuan

  China Looks to Challenge U.S. Dollar with New Digital Yuan China's new digital currency looks like its paper money. A mobile phone app developed for the People's Bank of China allows users to spend it like cash. The central bank digital currency (CBDC) could be used for international trade, and likely won't be linked to the global financial system. Vital commodities such as oil and copper are priced in dollars. The Bank for International Settlements says the greenback is now used to complete about 88% of international foreign exchange trades, compared with about 4% for the yuan.

“Fileless” malware that can steal your personal information uses legitimate system tools in an effort to go undetected, researchers from the Microsoft Defender Advanced Threat Protection team warned this week. German lawmakers have called it the greatest tax heist in history.Denmark, which is trying to recoup some 12.7 billion krone ( billion), or close to 1% of its gross domestic product, says the entire enterprise was a charade. Its lawyers are seeking to gain access to bank records that they maintain will prove that point.

Gozi Banking Trojan Discovered Trojan .Gozi.64,which is used the same source code of the previous version of this malware and also added some advanced future that can infect both 32- and 64-bit Windows versions. Gozi Banking Trojan used malicious plugins that have been discovered in Microsoft Internet Explorer, Microsoft Edge, Google Chrome, and Mozilla Firefox. It can perform following malicious activities on the infected computers. Check for any updates for the Trojan

ICEDID is a banking trojan and information thief and can be used as an entry point for subsequent attacks, such as: B. manually operated ransomware for high-ranking goals. Man-controlled ransomware attacks are increasingly becoming more common and require that the attacker sits on the keyboard and orchestrated the attack, in contrast to an automated attack. "We have already alerted the security groups on Google to draw attention to this threat because they exploit Google URLs," Microsoft.

"We have observed an influx of contact form e-mails aimed at companies by abusing the contact forms of companies. This suggests that the attackers may have used a tool that automates this process and processes the Captcha protection, "the company continues. For companies and authorities, it is difficult to recognize this attack as the e-mails are sent to employees by their own contact forms and e-mail marketing systems.

Microsoft should be interested in Nuance

 Microsoft should be interested in Nuance © Default_Credit Nuance Microsoft is expected to have occurred in advanced discussions for purchase to buy the speech recognition specialist Nuance Communications, a report of the news agency Bloomberg. Microsoft according to a report of the Bloomberg news agency, according to Nuance Communications , take over one of his partners in health and KI and could be ready to pay up to 16 billion dollars.

How Banking Trojans Began. Speaking the Language. Active and Notable Trojan Banking Malware Families. Indications of Compromise for Users and Enterprises. How Users Can Protect Against Banking Trojans . A banking trojan operates in much the same way—disguising itself as something good or beneficial to users, but having a far more sinister, hidden purpose. Even a mobile app that appears to serve a genuine purpose (for example, a game, flashlight, or messaging service) can secretly be a trojan looking to steal information.

Microsoft today warned that threat actors are continuing to actively exploit systems unpatched against the ZeroLogon privilege escalation vulnerability in the Netlogon Remote Protocol (MS-NRPC). " Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August 11, 2020," MSRC VP of Engineering Aanchal Gupta said.

"Because the e-mails come from their own contact form on the recipient's website, the e-mail templates correspond to what you would expect with an actual customer interaction or request," Microsoft. The attackers use a language that puts the employee under pressure to reply - for example, with the wrong assertion that the attacked website uses copyrighted images. The e-mail contains a link to a sites.google.com page on which the employee should view the allegedly infringing pictures.

When the employee makes his work and examines the statement by logging on to the page, the sites.google.com page automatically downloads a ZIP file with a JavaScript file, which in turn ICEDID malware as .dat File downloads. In addition, a component of the penetration test kit is downloaded Cobalt Strike, which allows the attacker to control the device over the Internet.

Display Collaboration Platform Slack: Efficient work - no matter where

before COVID-19 remote work was almost unthinkable for many companies. Today you realized that it can work very well if the framework conditions are correct. Find out in this webinar, as you can optimally react optimally to the changed working conditions with the collaboration solution Slack.

Register now and view recording.

Airwallex banks with ANZ, despite NAB and Citi rejection .
ANZ provides banking services for fintech Airwallex, despite it being rejected by two major lenders and it onboarding clients that violate an ANZ policy banning remitters.

usr: 1
This is interesting!