Microsoft patched a zero-day vulnerability in the Windows operating system that was used in real-world attacks to escalate user privileges and help crooks deliver malware to PoS (Point of Sale) systems.
Security firm FireEye says the criminal group behind this campaign targeted more than 100 North American businesses, mainly in the retail, hospitality and restaurant industries.
The group created its own brand of malware
The company also reveals the presence of two never seen before malware families, PUNCHBUGGY and PUNCHTRACK, used only by this threat group.
PUNCHBUGGY is a simple DLL file, but modified to allow crooks to request and download files from a remote server via HTTPS. PUNCTRACK is a classic PoS malware that can scrape the memory of PoS systems for Track 1 or Track 2 card data.
FireEye says that on March 8, they saw a new exploit against the Windows platform employed in this group's campaign.
The security firm says the group was distributing Word files via spam campaigns. The Word files would trick users into enabling Macro support, and then they would run an exploit to achieve remote code execution rights in the name of the current user.
Crooks used an unpatched Windows bug to install their malware.
[...]
Full Article: Microsoft Patches Windows Zero-Day Leveraged in PoS Attacks
Security firm FireEye says the criminal group behind this campaign targeted more than 100 North American businesses, mainly in the retail, hospitality and restaurant industries.
The group created its own brand of malware
The company also reveals the presence of two never seen before malware families, PUNCHBUGGY and PUNCHTRACK, used only by this threat group.
PUNCHBUGGY is a simple DLL file, but modified to allow crooks to request and download files from a remote server via HTTPS. PUNCTRACK is a classic PoS malware that can scrape the memory of PoS systems for Track 1 or Track 2 card data.
FireEye says that on March 8, they saw a new exploit against the Windows platform employed in this group's campaign.
The security firm says the group was distributing Word files via spam campaigns. The Word files would trick users into enabling Macro support, and then they would run an exploit to achieve remote code execution rights in the name of the current user.
Crooks used an unpatched Windows bug to install their malware.
[...]
Full Article: Microsoft Patches Windows Zero-Day Leveraged in PoS Attacks
