April 6, 2020 By David Bisson 2 min read

Last week in security news, researchers uncovered an attack campaign that spent the past two years targeting Windows machines running MS-SQL servers. The security community also learned of a vulnerability that enabled attackers to steal the credentials of people using the Zoom Windows client.

Top Story of the Week: Inside Vollgar’s Campaign Against MS-SQL Servers

Guardicore Labs found that the campaign had been targeting Windows machines running MS-SQL servers since May 2018. The campaign used brute-force attacks in an attempt to access targeted Windows machines. Upon successful authentication, the campaign loaded backdoors and executed malicious modules containing crypto-miners and remote-access Trojans (RATs).

Researchers at Guardicore dubbed the campaign “Vollgar, blending together the Vollar cryptocurrency mined in this campaign with the attacks’ vulgar behavior.

Source: iStock

Also in Security News

  • VelvetSweatshop Technique Used by Attack Campaign to Deliver LimeRAT: Researchers at Mimecast discovered an attack campaign that used “VelvetSweatshop” to password-protect a malicious Excel spreadsheet. As VelvetSweatshop is the default password employed by Excel to decrypt protected documents, this decision streamlined the attack chain by allowing the worksheet to bypass security tools and by not requiring users to manually enter a password.
  • Zoom Vulnerability Allowed Attackers to Steal Windows Credentials: As reported by Bleeping Computer, security researchers found that the Zoom Windows client was vulnerable to a UNC path injection in the client’s chat feature. A digital attacker could have exploited the security flaw to steal the user’s Windows credentials.
  • Indian Financial Institutions Targeted by Crimson RAT: Zscaler observed an attack campaign that used spear phishing emails to target Indian financial institutions. Those emails used either malicious PE executables or Office documents to deliver samples of Crimson RAT, malware that is capable of exfiltrating files and sending them to its command-and-control (C&C) server.

Security Tip of the Week: Improve Your Organization’s Password Security

Security professionals can help protect their organizations against brute-force attacks by improving their password security. They can do this by using multifactor authentication (MFA) wherever possible. Additionally, they should also consider working with a penetration testing service for the purpose of evaluating the overall password security of the organization.

More from

CVE-2023-20078 technical analysis: Identifying and triggering a command injection vulnerability in Cisco IP phones

7 min read - CVE-2023-20078 catalogs an unauthenticated command injection vulnerability in the web-based management interface of Cisco 6800, 7800, and 8800 Series IP Phones with Multiplatform Firmware installed; however, limited technical analysis is publicly available. This article presents my findings while researching this vulnerability. In the end, the reader should be equipped with the information necessary to understand and trigger this vulnerability.Vulnerability detailsThe following Cisco Security Advisory (Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities - Cisco) details CVE-2023-20078 and…

X-Force data reveals top spam trends, campaigns and senior superlatives in 2023

10 min read - The 2024 IBM X-Force Threat Intelligence Index revealed attackers continued to pivot to evade detection to deliver their malware in 2023. The good news? Security improvements, such as Microsoft blocking macro execution by default starting in 2022 and OneNote embedded files with potentially dangerous extensions by mid-2023, have changed the threat landscape for the better. Improved endpoint detection also likely forced attackers to shift away from other techniques prominent in 2022, such as using disk image files (e.g. ISO) and…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today