Contact Contact Us

WEEKLY COMMENTS

The first week of 2019 brought news about the active spreading in Asia of the newest version of the NRSMiner cryptominer, which has been using the EternalBlue exploit to propagate within a local network. Most of the infected systems are in Vietnam. NRSMiner can download a cryptocurrency miner, download updated modules, and delete files and services installed by previous versions of NRSMiner. Once EternalBlue is exploited, attackers will also install the DoublePulsar backdoor. We advise organisations to install patches for EternalBlue (MS17-010) and disable SMBv1 as soon as possible.

In addition, Adobe has released an out-of-band security update for two critical vulnerabilities in Adobe Acrobat and Adobe Reader that could lead to privilege elevation and arbitrary code execution. CVE-2018-16018 allows a remote attacker to bypass security restrictions and gain elevated privileges by persuading a victim to open a specially crafted document. CVE-2018-16011 allows a remote attacker to execute arbitrary code on a targeted system due to a use-after-free error, by persuading a victim to open a specially crafted document. Though attackers have not been seen exploiting these two critical vulnerabilities in the wild, we advise organisations to install the latest patches to protect themselves from potential attacks.

References:
[1] NRSMiner updates to newer version

Ensign InfoSecurity Singapore
30A Kallang Place
#08-01
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883