Attackers Target Bank of Mexico’s Real-Time Transfer System
Authorities in Mexico say that hackers attempted to compromise the country’s real-time transfer system in attacks against a trio of banks in recent weeks, ultimately in an effort to divert the funds from legitimate wire transfers into accounts controlled by criminals. Bank of Mexico says that no money was lost in the attempted attacks, which targeted its domestic interbank electronic payments system known as SPEI. Bank Info Security is covering the story.
Oracle WebLogic Server Vulnerability Under Attack
Attackers are scanning the Internet for Oracle WebLogic Servers that remain susceptible to a highly critical vulnerability (CVE-2018-2628) fixed in the company’s April security update, according to BleepingComputer. Problematically, the patch that was supposed to fix the vulnerability was incomplete, meaning that attackers can bypass the mitigations on fully updated systems and continue to exploit supposedly fixed Oracle WebLogic Servers. The Chinese researchers who discovered and disclosed the bug to Oracle published a a technical write-up on it earlier this month. Almost immediately after that, a working proof-of-concept emerged in Github. Following the publication of the PoC, researchers from the security firm GreyNoise intelligence started observing a noticeable spike in scans targeting port 7001.
Denial of Service Can Cause Blue Screen of Death on Windows
Bitdefender’s Marius Tivader has published a PoC for a denial-of-service vulnerability that can force Windows systems into a blue screen of death—even when the screen is locked. The bug exists in the New Technology File System (NTFS), and it’s not clear when or if Microsoft plans to fix it. Affected versions include (but might not be limited to) Windows 7 Enterprise 6.1.7601 SP1 (build 7601 x64), Windows 10 Pro 10.0.15063 (build 15063 x64), and Windows 10 Enterprise Evaluation Insider Preview 10.0.16215 (build 16215 x64). Exploitation seems to require physical access.
Samas Ransomeware Spreading Via RDP, Other Targeted Methods
Sophos recently published a technical white paper detailing improvements to the Samas ransomware. True-to-form (and unlike many other varieties of ransomware), Samas continues to take a targeted approach to infecting victims, generally brute-forcing weakly credentialed Remote Desktop Protocol (RDP) ports to gain access to systems. Samas also tends to target businesses, the networks of which it moves around by leveraging PSExec, rather than consumers.
HR-Themed Phishing Campaign Steals Office 365 Credentials
A new phishing scheme is making the rounds, in which victims receive email messages purporting to come from human resources departments. The emails contain documents that supposedly contain “Rules of Conduct.” However, when opened, the documents prompt users to log in to a fake Office 365 page, stealing the credentials of whoever enters them. BleepingComputer has the write-up.