PayDay – Negotiating ransom with a ransomware operator (Dec 8th, 2017)

The SonicWall Capture Labs Threat Research Team has conducted an experimental dialog with a ransomware operator using the PayDay ransomware trojan. PayDay, is a recent variant of the BTCWare ransomware trojan and has been in the wild for a few weeks. PayDay follows the current ransomware operator trend of using email to communicate with their victims in order to demand payment for file decryption. Payment has increased to an astronomical 0.5 Bitcoins (roughly $8000 USD at today’s prices). In this case however, the price could be negotiated lower.

Read More…

Apache CouchDB JSON Remote Privilege Escalation (Dec 8, 2017)

Apache CouchDB is open source database software that focuses on ease of use and having a scalable architecture. It has a document-oriented NoSQL database architecture and is implemented in the concurrency-oriented language Erlang; it uses JSON to store data, JavaScript as its query language using MapReduce, and HTTP for an API.

A privilege escalation vulnerability exists in CouchDB. The vulnerability is due to a discrepancy in the behaviours of the JavaScript JSON parser, used in design documents, and the Jiffy JSON parser, used within the CouchDB Erlang-based internals. Allowing an attacker to bypass the user access control.

Read More…

Spam campaign roundup: Thanksgiving weekend edition (Nov 22, 2017)

Everyone is gearing up for the Thanksgiving weekend. While consumers take advantage of retailers’ pre-Black Friday deals which have started earlier and earlier in recent years, cybercriminals are also trying to get an early leg-up on the holiday shopping.

The SonicWall Capture Labs Threat Research Team has observed that this year is no different. Cybercriminals are shopping for your personal data as more consumers turn to online shopping. The statistics we have gathered for this year indicates that users who shop on Amazon online has more than doubled as compared to last year.

Read More…

Fake coupon downloads Cobalt Strike to take control of your system (Nov 30, 2017)

With the holiday shopping season in full swing, cybercriminals are taking advantage of the fact that consumers are expected to shop for great deals over the next few weeks. During this Cyber sales week, the SonicWall Capture Labs Threat Research Team has spotted a specially crafted document file pretending to be a coupon that will save you big bucks on all items with major online retailers like amazon, ebay and aliexpress. In this infection, multiple levels of scripts are being executed and downloaded to carry on the full attack.

Read More…