New Version Of Jupyter Malware Spotted In The Wild

Researchers from cybersecurity company Morphisec have recently discovered a new strain of malware they believe has been in the wild of the internet since at least May of this year (2020).

Dubbed Jupyter, this strain is classed as an Info Stealer. It focuses on getting into user names, passwords and other private systems and exfiltrating that data to a server the hackers control.

As malware goes, this strain certainly isn’t the worst or most destructive we’ve ever seen. However, armed with a sufficient number of your passwords, the hackers can wreak untold havoc on your life, so it’s definitely a threat that should be taken seriously.

Of interest, Jupyter seems to preferentially target Chromium Firefox and Google Chrome Browsers, so if you’re not using either of those, your risk of running afoul of this strain is relatively low. Unfortunately, Chrome is far and away the most popular browser on the web today, which means the vast majority of netizens are at risk.

The malware is most commonly presented as a zip file and utilizes Microsoft Word Icons inside the zip, with the file names sending out the unmistakable message that they should be urgently opened.

Naturally, if an unsuspecting victim heads down this path, the malware is installed behind the scenes, and promptly begins rooting through the now compromised system looking for user names, passwords, browsing history, cookies and the like. Once it’s found everything of interest, these are bundled and sent off to a command and control server where they’re combined with other data from other compromised systems so they can be ported to the Dark Web for sale.

Based on an early analysis of the code, the research team believes this new strain to be of Russian origin, but to this point, they have not traced it back to a specific threat actor. In any case, be aware that it’s out there and stay vigilant.

Cisco Data Center Manager Software Users Should Patch Immediately

Do you use Cisco’s Data Center Manager Software? If so, be advised that the company recently issued an advisory concerning a serious security flaw.

The advisory reads, in part, as follows:

“The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.

A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system.”

The bug is being tracked as CVE-2020-3382. The essence of the issue is that an attacker can use the static key to generate a valid session token on an affected device and make use of the REST API with administrative privileges. This would allow them to do pretty much anything they please.

There are no known workarounds for the issue, and it affects DCNM versions 11.0, 11.1, 11.2, and 11.3. If you’re currently running any of those, you’ll want to update to the latest version right away. This one has a severity rating of 9.8 out of a possible 10.

The company was quick to point out that there have been no known instances of hackers actually making use of this exploit yet. However, given its severity and the fact that there are no workarounds for it, your best bet is to update your software as soon as possible.

Be sure your IT staff is aware, and make sure they make updating a high priority. This one’s serious enough to warrant immediate attention.

New Chromium Based Edge Browser Update From Windows 10

Microsoft has been talking for months about their new Edge browser based on Chromium technology. Users will finally be able to see it in action as of the KB4559309 Windows 10 update, which will replace the legacy Edge browser with the company’s latest offering.

It should be noted that previous Windows 10 releases did include the new Chromium-based Edge browser, but it was installed alongside the legacy Edge browser.

Also, in order to use the new Chromium-based browser, you had to make the conscious choice to open the new browser. Your legacy Edge browser would open by default.

That changes with the KB4559309 update, which purges the legacy Edge browser. At that point, if you want to use a Microsoft-based browser, your only option will be the new Chromium Edge. Any attempt to open the legacy browser will automatically redirect to the new product.

As part of the update, all of your user data stored in the legacy Edge browser will be ported to the new code. That includes tabs from previous sessions, saved passwords, and bookmarked websites. A small point, but one still worth mentioning, is the fact that unlike previous updates, a system restart is not required to begin making use of the new browser.

If you don’t want to have the new Edge browser installed on your device, you can prevent it. However, doing so requires you to go deep into the system, adding a “DoNotUpdateToEdgeWithChromium” key in your Windows Registry.

That, however, is not a step recommended for anyone except the most experienced Windows users. That is because any time you start playing in the Registry, you run the risk of doing serious damage to the system, so proceed with extreme caution.

On balance, the new Chromium-based Edge browser looks like a good upgrade and the early sense is that most users will be pleased with the change. Stay tuned, because it’s coming soon!

Microsoft’s Edge Browser To Release New Features

Microsoft recently re-reinvented its web browser. After finally giving up on bug-plagued Internet Explorer, the company introduced Microsoft Edge, which it hoped would take the internet community by storm.

When that didn’t happen, they re-introduced Edge, this time as a Chromium-based browser, which essentially made it a Google Chrome clone.

The company is clearly not thrilled with that. Since the latest iteration of Edge was released in January of 2020, Microsoft has been working hard to add new features to the browser to differentiate it from Chrome, including a QR code generator and additional code that provides tighter integration into the Windows 10 ecosystem.

Beyond these things, there are a number of other features that have been spotted in beta builds of the product. Here’s a quick overview:

Collections

The latest Edge browser has a unique feature called “Collections.” It allows users to compare items across multiple online retail vendors and combine information about them from a variety of platforms, including Wikipedia, allowing each user to create a highly customized base of research material. Even better, the company has put some effort into this, and has even built a dedicated panel allowing you to quickly reference your collection later.

The latest improvement in the feature is the addition of an “Open Tabs” option. It allows you to re-open all of the tabs from another device you’re logged into, enabling you to access or refine your collections with one-touch convenience.

Extensions Sync

This one is all about cross-browser functionality, allowing users to install browser extensions for both Edge and Chrome, making seamless use of both. The company has extended this basic functionality, allowing you to synchronize your extensions between devices you use, ensuring that you have the same browsing experience on all of your devices.

Miscellaneous Enhancements

Aside from the two big items above, the company is also introducing improvements to the built in PDF reader and adding new group policies enabling network administrators to more easily manage the browser in an Enterprise environment.

These are generally excellent enhancements. As previously mentioned, right now, they’re only available in Canary builds. The broader user base can expect to start seeing them appearing in the stable release of Edge 84 and beyond.

Hackers Stopped With Help of Microsoft Digital Crimes Unit

Microsoft’s Digital Crimes Unit (DCU) recently played an instrumental role in taking down a botnet made up of more than 400,000 devices.

A botnet is a tool that hackers use to invade systems. The botnets were rented out to a variety of groups to conduct DDoS attacks, launch phishing campaigns, and deliver a variety of different types of malware.

Of interest, the botnet was controlled and coordinated by an LED light control console.

The team initially faced the daunting prospect of tracking down more than 400,000 IP addresses associated with the botnet. After conducting an extensive search, they narrowed the scope of their investigation to 90 IPs, and discovered that one in particular seemed to be coordinating the activities of the rest. This IP was traced back to an LED light console inside an office building in rural northern Taiwan.

Taiwan’s Ministry of Justice Investigation Bureau was contacted and after conducting their own research and investigation, moved in to shut the device down.

A spokesman for the Bureau had this to say about the incident:

This case marks a milestone. That’s because we were able to take down the IoT device and secure the breach to a limited range for those compromised computers in Taiwan, which is quite different from our previous global cooperation cases.”

This is not the first time in recent weeks that Microsoft’s DCU has made headlines. Just last month, the group, in conjunction with Microsoft partners, coordinated the take down of Necurs. That was one of the largest spam botnets ever reported, and was infamous for the widespread distribution of malware as far back as 2012.

While there is no doubt that other threats will rise to take the place of these two now defunct botnets, it is nice to know that industry titans are working tirelessly and in conjunction with law enforcement agencies around the world to try and keep us all a little safer. Kudos to Microsoft and to Taiwanese law enforcement for a job very well done!