Web / Internet Threats















        New 'PyXie' RAT Used Against Multiple Industries. A new Python-based remote access Trojan (RAT) has been
        used in campaigns targeting a wide range of industries, BlackBerry Cylance revealed this week. Dubbed PyXie,
        the malware has been active since last year, but received little attention, although it has been observed in
        conjunction with Cobalt Strike beacons and a downloader seemingly linked to the Shifu banking Trojan.

                Source: https://www.securityweek.com/new-pyxie-rat-used-against-multiple-industries



        Ransomware Attack Forces Great Plains Health to EHR Downtime. Great Plains Health was hit with a
        ransomware attack on Monday night, forcing the Nebraska hospital to launch downtime procedures as it
        attempts to recover its IT systems, according to local news outlet KNOP News 2. The ransomware was first
        detected around 7PM on Monday, which was immediately identified by the information systems. Great Plains
        worked through the night to reduce the impact of the attack.

                Source:  https://healthitsecurity.com/news/ransomware-attack-forces-great-plains-health-to-ehr-
                downtime



        Kaspersky Security Bug Provides Hackers with Signed Code Execution. A security issue discovered in
        Kaspersky Secure Connection, which itself is bundled into a series of other Kaspersky security products, allows
        a malicious actor to obtain signed code execution, persistence, and even defense evasion in the case of more
        complex attacks. Detailed in CVE-2019-15689, the vulnerability enables hackers to run an unsigned executable
        though a signed version that is launched as NT AUTHORITY/SYSTEM, technically opening the door for further
        malicious activities on the compromised device.

                Source: https://news.softpedia.com/news/kaspersky-security-bug-provides-hackers-with-signed-code-
                execution-528427.shtml



        Smith & Wesson Online Store Affected by Magecart Attack. The online store for American gun manufacturer
        Smith & Wesson fell victim to a Magecart attack that’s designed to steal customers’ payment data. Willem de
        Groot of Sanguine Security learned that a particular Magecart group had been impersonating his employer and
        abusing his name as a contact to register domain names. While investigating this group, de Groot observed
        that the attackers had compromised Smith & Wesson’s online store before Black Friday with a script from
        live.sequracdn[.]net/storage/modrrnize.js.
                Source:  https://www.tripwire.com/state-of-security/security-data-protection/smith-wesson-online-
                store-affected-by-magecart-attack/












                                                    www.accumepartners.com
                                                                                                                    13