In news from Bleeping computer, an exploit developer named SandboxEscaper has dropped an exploit for a new zero-day in the Windows operating, which exploits the Task Scheduler utility. The exploit works on Windows 10, and achieves local privilege escalation, meaning a user with limited access can be granted full control over files reserved for full-privilege users. The exploit was published by following security updates released by Microsoft.
Bleeping Computer also reported that security researchers have created exploits for the remote code execution vulnerability in Microsoft’s Remote Desktop Services, tracked as CVE-2019-0708, it’s been dubbed ‘BlueKeep’. Microsoft released a patch for the vulnerability on May 14th and described it as being “wormable” meaning it does not requiring user interaction to spread to other vulnerable machines.
The authors of the Trickbot banking Trojan, which has been around for several years, have returned to using URL redirection instead of malicious email attachments to spread their malware. According to Dark Reading this is a good example for how cybercriminals evolve or recycle their tactics to stay ahead of defenders.
Shade ransomware is a family of ransomware, distributed mainly through spam emails and exploit kits, first appeared in the wild in late 2014. Recent research conducted by Unit42, shows that the targets of the ransomware have changed, and it is no longer focused on Russia and former Soviet-Union nations, but has shifted to targeting the United States, Japan, India, Thailand and Canada.