Qbot as a prelude to Egregor ransomware infections
Researchers at Group-IB security company have issued a statement claiming to have found activity linking the Qbot banking trojan (also known as QakBot, Pinkslipbot or Quakbot) to the distribution of Egregor ransomware. Qbot operators reportedly decided to migrate their operation (formerly associated with other ransomware families such as ProLock) to join Egregor, thus seeking a greater number of victims. In the three months of activity since the creation of the ransomware in September 2020, Egregor has managed to compromise a total of 69 companies, mainly in the manufacturing (28.9%) and retail (14.5%) sectors, being one of the most active families since Maze closed its operations last month. Also, since Emotet decided to retake the distribution of TrickBot in September, Qbot operators have had to distribute without its help, through their own phishing campaigns that attach malicious Microsoft Excel documents.
Vulnerability in cPanel 2FA authentication
Security researchers at Digital Defense have discovered a major security flaw in cPanel, a popular software package used by web hosting companies to manage their clients’ websites. The flaw discovered could allow attackers to elude two-factor authentication(2FA) for cPanel accounts using brute force attacks, with a temporary cost of just a few minutes. Digital Defense has privately reported the flaw to the cPanel team and according to their security advisory, the 2FA authentication flaw would have been fixed in cPanel & WebHost Manager (WHM) 18.104.22.168, 22.214.171.124, and 126.96.36.199 software. Users should not disable the 2FA feature for their cPanel accounts due to this bug but should request that their web hosting providers update their cPanel installation to the latest version.
New version and new campaign of Trickbot malware