Tens of millions of Android infected with malicious virus and Microsoft disabled a function of Excel ｜ global network security hotspot on October 9

1.GriftHorse Android Malware exists in 200 Fraud applications , influence 1000 Wan Tai equipment

exceed 1000 Ten thousand units Android Device infected by Google Play And third-party app stores Android Malware .

Mobile security company Zimperium Express , This activity is aimed at 70 A country / Device users in the region , Let victims subscribe to high-quality services through seemingly harmless fraud applications SMS service . be known as GriftHorse The Trojan horse exists in about 200 A malicious Android In the application , Most of them have gone from GooglePlay Delete from the store .

meanwhile ,Android Fraud apps steal hundreds of millions of dollars from victims .

according to Zimperium That's what I'm saying , Scam applications can entice users to click on malicious links to steal funds from their accounts . After installation , Fraud applications actively send various pop-up windows and notifications , Promise to provide all kinds of gifts and discounts . Victims can receive up to five notifications per hour , This increases the likelihood of their taking action .

After clicking , A malicious application redirects users to an online site that requires them to submit a phone number for verification to claim a prize . However , The threat agent secretly subscribes to the advanced SMS service , These services began to charge phone calls without their knowledge .

News source ：

https://www.cpomagazine.com/cyber-security/grifthorse-android-malware-present-in-200-scam-apps-affects-10-million-devices-stealing-hundreds-of-millions/

2. Microsoft will protect... By disabling a traditional feature Excel

Microsoft Will soon be disabled by default Excel 4.0 XLM Macro to protect people's PC. Threat actors can use these types of macros to implant malware into people's PC. An attacker can send XLM Macros are placed in malicious documents , Download malware to unsuspecting victims' computers . By default , The switch will Microsoft 365 Disable these types of macros in the tenant .

Microsoft It is recommended that people use VBA macro , instead of Excel4.0XLM macro . these years , The company has been pushing people to use these more secure macros , But now it will be disabled by default Excel 4.0 XLM Macro to further promote .VBA Macro supports anti malware scanning interface (AMSI), It can scan documents for malware and other dangerous content .

Windows Administrators can use the Excel Trust Center disabled XLM macro , But Microsoft will soon default to disabling Excel 4.0 macro . The preview will be in 10 Month is disabled by default XLM macro , Will change in 11 Month launch .

News source ：

https://www.windowscentral.com/microsoft-protect-excel-users-malware-disabling-ancient-feature

3. Extortion software criminals are still using old vulnerabilities to carry out network attacks

Network security researchers have examined the most common vulnerabilities and exposures in recent years (CVE). They discovered that some of these vulnerabilities have been around for nearly a decade , And there are vendor patches available . However, many organizations have not yet applied the available security updates , Therefore, it is still vulnerable to blackmail software attacks .

The oldest of the first five vulnerabilities detailed in the analysis is CVE-2012-1723, This is a Oracle Java SE7 in Java Runtime environment (JRE) A vulnerability in the component . This ransomware, though basic , But some organizations are still vulnerable , Because they didn't apply the relevant security patches .

Two other common vulnerabilities detailed by the researchers come from 2013 year .CVE-2013-0431 yes Reveton Extortion software uses JRE Loophole , and CVE-2013-1493 yes Exxroute Ransomware is aimed at Oracle Java Loophole . In both cases , Patches to fix bugs have been available for more than eight years .CVE-2018-12808 yes Adobe Acrobat One of them has a loophole for three years , Used for phishing emails and malicious PDF File transfer ransomware .

The latest vulnerability in the list is Adobe CVE-2019-1458, This is a Windows Right raising loophole in , On 2019 year 12 Month appears , And has been NetWalker Ransomware organizations often use .

about IT And the information security team , Maintaining network security has always been a tough battle .

News source ：

https://www.zdnet.com/article/ransomware-cyber-criminals-are-still-exploiting-years-old-vulnerabilities-to-launch-attacks/