Patch Tuesday July 2019: 15 Critical Vulnerabilities Fixed Including 2 Actively Exploited Zero Days
Jul09

Patch Tuesday July 2019: 15 Critical Vulnerabilities Fixed Including 2 Actively Exploited Zero Days

Patch Tuesday July 2019 has seen Microsoft fix 77 vulnerabilities including 15 rated critical and two actively exploited zero days.  Six of the vulnerabilities patched this month had been previously disclosed to the public. The two actively exploited zero-days are both privilege escalation vulnerabilities. The first – CVE-2019-0880 – affects how the 64-bit printer spooler service on 64-bit Windows systems – splwow64.exe –...

Read More
New Mac Malware Being Pushed via High Ranking Websites
Jul03

New Mac Malware Being Pushed via High Ranking Websites

A new form of Mac malware has been discovered that is being distributed through a variety of websites that rank high in the Google search results. The malware is a Trojan that masquerades as an Adobe flash installer but is really an Apple disk image file (.dmg) that delivers the malware payload, malicious applications and various browser extensions. The malware has been dubbed OSX/CrescentCore and several installers have been captured...

Read More
Second Major Florida Ransomware Attack Raises Ransom Total to $1.1 Million in a Month
Jul01

Second Major Florida Ransomware Attack Raises Ransom Total to $1.1 Million in a Month

Two Florida cities suffered major ransomware attacks in the past month that wiped out their computer and phone systems. First came the news that Riviera Beach had suffered a major ransomware attack. The attack started on May 29, 2019 and was detected the following day. The ransomware took the city’s phone system, email system, and water payment system out of action. A ransom demand of 65 Bitcoin ($592,000) was issued by the attackers...

Read More
QR Code Phishing Scam Targets Cofense Customers
Jun28

QR Code Phishing Scam Targets Cofense Customers

A new phishing campaign has been detected that uses QR codes to hide the hyperlink to a phishing webpage. Not only does this tactic bypass security solutions that search for potentially malicious URLs, by using a QR code the recipient must switch from the business network to their mobile phone to view the document. The corporate network may have a web filter, sandboxes, and other cybersecurity protections to prevent users from...

Read More
Millions of Computers Vulnerable to Dell SupportAssist Flaw
Jun26

Millions of Computers Vulnerable to Dell SupportAssist Flaw

A vulnerability has been identified in Dell SupportAssist software that is pre-installed on millions of Dell PCs and laptops. The privilege escalation flaw could be exploited by malicious software or a logged-in user to elevate privileges to administrator level. The flaw affects both the home 9 (v 3.2.1 and prior) and business (v 2.0) versions of the SupportAssist utility, which is the new name for Dell System Detect. The purpose of...

Read More
MSP Remote Access Tools Abused to Deploy Ransomware on Client Networks
Jun21

MSP Remote Access Tools Abused to Deploy Ransomware on Client Networks

Managed service providers (MSPs) are being warned about a spate of attacks that has seen hackers infiltrate MSP systems, compromise their remote management tools, and use them to deploy ransomware on client networks. It is not hard to see the attraction with attacking MSPs. If access can be gained to the MSP network, hackers potentially have access to all the MSP clients through the remote management tools they use to serve their...

Read More
Microsoft Urges Azure Customers to Update Exim to Fix Actively Exploited Vulnerability
Jun18

Microsoft Urges Azure Customers to Update Exim to Fix Actively Exploited Vulnerability

Microsoft has issued a stern warning to Azure customers to update their virtual machines and ensure they are running Exim version 4.92. Recently, a zero-day Linux Exim mail server vulnerability (CVE-2019-10149) was discovered and an exploit has now been developed and is being used in real-world attacks, including an extensive worm campaign on millions of vulnerable Linux servers. Microsoft explained in a recent advisory that certain...

Read More
Free GandCrab Ransomware Decryptor Released for Versions 5.0 and 5.2
Jun18

Free GandCrab Ransomware Decryptor Released for Versions 5.0 and 5.2

Bitdefender has released a decryption tool that can be used to recover files encrypted by all GandCrab ransomware variants, including 5.0 and 5.2. Three decryptors have previously been developed for specific GandCrab ransomware versions. However, as soon as a decryptor was developed, a new version of the ransomware was released. GandCrab ransomware was one of the most widely used ransomware variants in 2018. Since it was first...

Read More
June 2019 Patch Tuesday: Microsoft Corrects 88 Vulnerabilities
Jun11

June 2019 Patch Tuesday: Microsoft Corrects 88 Vulnerabilities

June 2019 Patch Tuesday has seen Microsoft release 88 patches to address recently discovered vulnerabilities. 20 of the vulnerabilities have been rated critical, and 4 advisories and one servicing stack update have been released. None of the vulnerabilities are believed to have been exploited in the wild. Included in this month’s round of updates are patches to correct four publicly disclosed vulnerabilities – those identified and...

Read More
U.S. Coast Guard Issues Warning Following Increase in Cyberattacks on Ships
Jun11

U.S. Coast Guard Issues Warning Following Increase in Cyberattacks on Ships

A rise in malware attacks on commercial vessels has prompted the U.S. Coast Guard to issue a warning to ship owners about the increased risk of attack. Cybersecurity best practices for commercial vessels have also been released to help ship owners and shipping firms improve security. The latest alert is the second to be issued in the past three months. In May, the U.S. Coast Guard warned about an ongoing spear phishing campaign...

Read More
BlueKeep Exploit Developed That Allows Full Takeover of Windows 7 or Windows 2008 Device in 22 Seconds
Jun06

BlueKeep Exploit Developed That Allows Full Takeover of Windows 7 or Windows 2008 Device in 22 Seconds

A working exploit for the Microsoft BlueKeep flaw (CVE-2019-0708) has been developed that allows a full, remote account takeover in 22 seconds with no user interaction required. The reverse engineer Zǝɹosum0x0 developed a MetaSploit module which allowed the flaw to be exploited. The exploit was combined with the MimiKatz tool to obtain login credentials, which allowed full control of a vulnerable Windows 2008 device to be gained...

Read More
New Zero-Day Vulnerability Identified in Microsoft Remote Desktop Services
Jun05

New Zero-Day Vulnerability Identified in Microsoft Remote Desktop Services

A zero-day vulnerability has been identified in Microsoft Remote Desktop Services which could allow an attacker to hijack an existing session that has been locked. By exploiting the vulnerability, the lock screen can be bypassed, even if two-factor authentication has been implemented. The zero-day vulnerability was discovered by Carnegie Mellon University Software Engineering Institute’s Joe Tammariello and concerns Microsoft’s...

Read More
MacOS Zero-Day Vulnerability Allows Synthetic Mouse Clicks to Run Malicious Code
Jun04

MacOS Zero-Day Vulnerability Allows Synthetic Mouse Clicks to Run Malicious Code

A zero-day vulnerability has been discovered in Apple’s Mojave operating system which could be exploited to run malicious code on vulnerable devices without being detected. The zero-day flaw was discovered by Digita Security’s chief research officer Patrick Wardle. The flaw is in Mojave’s application verification system and could be exploited to run whitelisted applications that have been doctored to run malicious code by mimicking...

Read More
BlueKeep RDP Vulnerability Still Not Patched on Almost 1 Million Devices
May30

BlueKeep RDP Vulnerability Still Not Patched on Almost 1 Million Devices

The critical, wormable BlueKeep RDP vulnerability (CVE-2019-0708) that was patched by Microsoft on May 14 has still not been addressed on almost 1 million devices, according to Robert Graham, head of offensive security research at Errata Security. Graham conducted a rdpscan using a scanning tool on top of a masscan port scanner. The tool allowed him to scan the Internet for devices that have not had the BlueKeep RDP bug corrected. In...

Read More
HawkEye Keylogger Used in Targeted Attacks on Businesses
May29

HawkEye Keylogger Used in Targeted Attacks on Businesses

Businesses around the world are being targeted by threat actors distributing the Hawkeye keylogger. IBM X-Force researchers identified major campaigns in April and May that targeted businesses across a range of industry sectors, including healthcare, transportation, logistics, marketing, agriculture, and importers and exporters. The Hawkeye keylogger was first identified in 2013 and is still under active development. The malware is...

Read More
Exploit for Zero Day Flaw in Windows Task Scheduler Released Online
May23

Exploit for Zero Day Flaw in Windows Task Scheduler Released Online

Security researcher ‘SandboxEscaper’ has released a PoC exploit for yet another vulnerability in Windows Task Scheduler, just a few days after the latest round of patches were issued by Microsoft. This is the 5th exploit for a new zero-day exploit in Windows that has been publicly disclosed by SandboxEscaper. She also claims to have a further four exploits for zero-day vulnerabilities that have not yet been disclosed. The latest bug...

Read More
More Than 1 Million Machines Still Vulnerable to EternalBlue Exploit
May22

More Than 1 Million Machines Still Vulnerable to EternalBlue Exploit

In March 2017, Microsoft released the MS17-010 patch to correct a flaw in Windows Server Message Block (SMB) v1 that was exploited by WannaCry ransomware two months later. That global malware attack should have served as a warning that patching the vulnerability was essential. As if that was not warning enough, soon after WannaCry came NotPetya and BadRabbit. Yet, three years on, many computers remain vulnerable and have still not had...

Read More
Unistellar Hacking Group Deletes More Than 12,500 Unsecured MongoDB Databases
May20

Unistellar Hacking Group Deletes More Than 12,500 Unsecured MongoDB Databases

There has been a spate of attacks on businesses running unsecured MongoDB databases in the past three weeks that has seen the attackers delete databases and demand payment to restore the data. The attacks have been conducted by the Unistellar hacking group. This is the largest campaign targeting MongoDB databases since the widespread attacks in 2017. At the time of writing, the latest campaign has seen more than 12,500 databases...

Read More
New Intel MDS Vulnerabilities Allow Sensitive Data to Be Accessed from CPUs
May16

New Intel MDS Vulnerabilities Allow Sensitive Data to Be Accessed from CPUs

Four Microarchitectural Data Sampling (MDS) vulnerabilities have been discovered in Intel processers which could be exploited using a variety of different attack methods to gain access to sensitive information. The flaws can be exploited on computers as well as in cloud environments and can allow information to be obtained from the operating system, applications, virtual machines, and trusted execution environments. The information...

Read More
Microsoft Issues Patches for 79 Vulnerabilities Including Critical Wormable Flaw
May15

Microsoft Issues Patches for 79 Vulnerabilities Including Critical Wormable Flaw

May 2019 Patch Tuesday has seen Microsoft release security updates to correct 79 vulnerabilities including one critical flaw that could potentially be exploited in a WannaCry-style malware attack. The wormable vulnerability (CVE-2019-0708) is in Remote Desktop Services and can be exploited by sending specially crafted requests via Remote Desktop Protocol (RDP). The vulnerability is pre-authentication and requires no user interaction....

Read More
WhatsApp Zero Day Vulnerability Actively Exploited to Spy on Users
May14

WhatsApp Zero Day Vulnerability Actively Exploited to Spy on Users

A WhatsApp zero day vulnerability has been identified which is being exploited to install spyware on users’ devices. The flaw is a buffer overflow vulnerability is in the VOIP stack which can be exploited by sending specially crafted SRTCP packets to the targeted device. No user interaction is required to exploit the flaw. It can be exploited by placing a call to the user’s device. It does not matter whether the call is answered,...

Read More
Microsoft SharePoint Server Flaw Actively Exploited in the Wild
May13

Microsoft SharePoint Server Flaw Actively Exploited in the Wild

A remote code execution vulnerability in Microsoft SharePoint (CVE-2019-0604) is being actively exploited in the wild by multiple threat actors who are leveraging the flaw to deliver malware. SharePoint is a collaboration tool that integrates with Microsoft Office. Many organizations run SharePoint Server, which is installed on their IT infrastructure to give greater control of SharePoint. If the flaw is exploited, it could give an...

Read More
Warning Issued over Electricfish Malware used by North Korea-Backed Threat Group Hidden Cobra
May13

Warning Issued over Electricfish Malware used by North Korea-Backed Threat Group Hidden Cobra

US-CERT has issued a warning about a new malware variant dubbed Electricfish, which is reportedly being used by the North Korea-backed threat group Hidden Cobra, aka Lazarus. The malware is packaged as a Windows 32-bit executable file and establishes a custom protocol that allows traffic to be funneled between two IP addresses. The malware continuously attempts to contact the source and the designation system, which allows both sides...

Read More
Antivirus Tool Used by Dharma Ransomware to Hide Malicious Activity
May10

Antivirus Tool Used by Dharma Ransomware to Hide Malicious Activity

Security researchers at Trend Micro have discovered the threat actors behind Dharma ransomware are using a legitimate AV tool to hide the malicious activities of their ransomware. Dharma ransomware first surfaced in 2016 and has since been used in many attacks on businesses, in particular attacks on healthcare organizations in the United States. The ransomware variant is distributed via spam email which contains a link to a web page...

Read More
Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends
May08

Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends

Verizon has released its 2019 Data Breach Investigations Report. The annual report provides an in-depth analysis of global data breaches, new cyberattack trends, and an overview of the current threat landscape. This is the 12th consecutive year that Verizon has produced the report and this year’s instalment is most extensive DBIR report released to date.  Verizon now collects data from 73 sources and included 41,686 reported security...

Read More
Large Enterprises Targeted in Major MegaCortex Ransomware Campaign
May07

Large Enterprises Targeted in Major MegaCortex Ransomware Campaign

A new strain of MegaCortex ransomware is being used in targeted attacks on large enterprises. The campaign has seen a large number of attacks performed in the past week according to Sophos. MegaCortex ransomware first surfaced in January 2019 and since then the number of attacks has grown steadily, although the past few days have seen a massive spike in attacks. Sophos reports that over a 48-hour period, 47 large enterprises were...

Read More
DHS Orders Federal Agencies to Address Critical Vulnerabilities Within 15 Days
May02

DHS Orders Federal Agencies to Address Critical Vulnerabilities Within 15 Days

The U.S. Department of Homeland Security has issued a binding operational directive (BOD) which requires all federal agencies to correct critical vulnerabilities in Internet-accessible systems within 15 days of detection, and high severity vulnerabilities within 30 days of detection. Federal agencies are increasingly deploying Internet-accessible systems which are interconnected with complex IT systems. Vulnerabilities in those...

Read More
Sodinokibi Ransomware Spread via Oracle WebLogic Server Exploit
May01

Sodinokibi Ransomware Spread via Oracle WebLogic Server Exploit

A new ransomware variant named Sodinokibi is being used in attacks that exploit a recently disclosed vulnerability in Oracle WebLogic Server – CVE-2019-2725. Oracle released an out-of-band patch to address the flaw on April 26 following several reported cases of the vulnerability being exploited in the wild. Oracle WebLogic Server is part of Oracle Middleware, which is used by many large enterprises. Even though the...

Read More
Biggest Malware Threats in Healthcare Revealed
Apr30

Biggest Malware Threats in Healthcare Revealed

A recent report from Malwarebytes has revealed Trojans are the biggest malware threat. Trojans account for 79% of all malware detected on healthcare systems by Malwarebytes. The Emotet Trojan is the leading malware variant, accounting for 37% of all detected Trojans. While the Emotet Trojan was once just a banking Trojan concerned with obtaining credentials to online bank accounts, it has since evolved to include a wide range of...

Read More
Exploitable Flaws Discovered in New WPA3 Wi-Fi Security Standard
Apr25

Exploitable Flaws Discovered in New WPA3 Wi-Fi Security Standard

The next generation of Wi-Fi security – WPA3 – was launched in the summer of 2018, which promised to be the most secure form of Wi-Fi with the vulnerabilities of WPA2 eliminated. However, WPA3 was found to not be as secure as was initially thought. In total, five methods have been identified that allow the WPA3 standard to be hacked to obtain WiFi passwords. The hacking methods were uncovered by Mathy Vanhoef of New York University...

Read More
New Malvertising Campaign Detected Using Highly Sophisticated Aftershock-3PC Malware
Apr19

New Malvertising Campaign Detected Using Highly Sophisticated Aftershock-3PC Malware

A new form of malware named Aftershock-3PC is being used in a major malvertising campaign. The malware uses a range of advanced techniques to avoid detection. The malware is being used in malvertising attacks via more than 200 premium ad networks. The malware is polymorphic and constantly changes its code to evade detection and uses over 30 different domains to avoid being detected by signature-based anti-malware solutions used by...

Read More
297 Flaws Patched by Oracle in its April Security Update
Apr18

297 Flaws Patched by Oracle in its April Security Update

Oracle’s April security update includes patches for 297 vulnerabilities across its product suite. Users of Oracle products have been advised to update the products as soon as possible to prevent the vulnerabilities from being exploited. This is especially important for this security update as it includes 53 critical bugs that have been assigned a CVSS v3 base score of 9.0 or above. 47 of those have a CVSS v3 score of 9.8. The patches...

Read More
DHS and FBI Issue Warning About New North Korean Hoplight Trojan
Apr16

DHS and FBI Issue Warning About New North Korean Hoplight Trojan

The U.S Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have both issued advisories about a new Trojan called Hoplight which is being used by the Lazarus APT group. Lazarus is a North Korea-backed hacking group, also known as Hidden Cobra, Zinc, and Nickel Academy. The hacking group primarily uses spear phishing to install malware on high value targets. The group is primarily concerned with...

Read More
Microsoft Confirms Support Agent’s Credentials were Compromised and Customers’ Email Data Potentially Accessed
Apr16

Microsoft Confirms Support Agent’s Credentials were Compromised and Customers’ Email Data Potentially Accessed

Microsoft has experienced a data breach that has lasted at least three months. During that time, hackers were able to access affected users’ email addresses, email subject lines, folder names, and email contacts. The breach affected certain users of its web email services: Hotmail, MSN, and Outlook. A Microsoft support agent’s account details were compromised on January 1, 2019 which allowed the attackers to gain access to information...

Read More
Cryptocurrency Mining Malware Still Dominates the Malware Threat Landscape
Apr11

Cryptocurrency Mining Malware Still Dominates the Malware Threat Landscape

The latest Global Threat Index report from Check Point shows cryptocurrency mining malware continues to be the biggest malware threat, even with the demise of Coinminer. Coinminer has topped the list of the most prevalent malware since December 2017. Coinminer is no longer active, but its code is still present on many websites and could be reactivated at any point.  In its place, is another cryptocurrency mining malware variant –...

Read More
The Baldr Information Stealer: A Dangerous New Malware Threat
Apr11

The Baldr Information Stealer: A Dangerous New Malware Threat

A new information stealer has been detected which could become a long-term threat. The Baldr information stealer is not especially sophisticated and lacks persistence, but it can exfiltrate data quickly once downloaded in a ‘smash and grab’ attack. The Baldr information stealer will not survive a reboot and is incapable of spreading to other devices, but for most threat actors that will not pose any problems. Once downloaded, Baldr...

Read More
Adobe Patches 24 Critical RCE Vulnerabilities
Apr10

Adobe Patches 24 Critical RCE Vulnerabilities

Adobe has patched 43 vulnerabilities on April 2019 Patch Tuesday. 24 of the vulnerabilities have been rated critical and are remote code execution vulnerabilities. They are present in Acrobat Reader, Adobe Shockwave Player, and Adobe Flash. The remainder of the vulnerabilities have been rated Important or moderate and affect Adobe Flash Player, Shockwave Player, Dreamweaver, Adobe XD CC, Adobe Experience Manager Forms, InDesign, and...

Read More
April 2019 Patch Tuesday: Microsoft Fixes 74 Vulnerabilities
Apr10

April 2019 Patch Tuesday: Microsoft Fixes 74 Vulnerabilities

Microsoft has released fixes for 74 vulnerabilities on April 2019 Patch Tuesday, two of which are being actively exploited in the wild. The two zero-day Windows vulnerabilities that are being actively exploited are CVE-2019-0803 and CVE-2019-0859. Both of these are elevation of privilege vulnerabilities and are due to how the Win32k component handles objects in the memory. If exploited, an attacker could execute malicious code in...

Read More
Verizon Pushing Firmware Upgrade that Addresses Serious Router Command Injection Flaw
Apr09

Verizon Pushing Firmware Upgrade that Addresses Serious Router Command Injection Flaw

Millions of Verizon routers are affected by a command injection flaw that could allow an attacker to gain full control of the device. The flaw affects Fios Quantum Gateway routers and is one of three vulnerabilities that have been addressed by Verizon in the latest version of its firmware. The most serious flaw, tracked as CVE-2019-3914, has been assigned a CVSS v3 base score of 8.5 and affects the API backend of the router. If...

Read More
Beware of Tax Season Phishing Scams
Apr04

Beware of Tax Season Phishing Scams

Cybercriminals have stepped up their efforts to scam U.S. taxpayers into divulging their sensitive information and installing malware. Many elaborate tax season phishing scams have been detected in 2019. Phishing scams are common during tax season. Tax-themed phishing emails are sent which contain a hyperlink that directs the recipient to a website where they are asked to enter information such as their name, address, DOB, and Social...

Read More
Cisco Releases 24 Patches to Address ISO XE Software Vulnerabilities
Mar28

Cisco Releases 24 Patches to Address ISO XE Software Vulnerabilities

Cisco has released 25 patches that address 19 high-severity and 6-medium-severity flaws, most of which are present in its ISO XE operating system used by its networking products such as switches, controllers, and routers. 15 of the 19 high severity vulnerabilities are in the Internetworking Operating System IOS XE, several of which could allow unauthenticated attackers to gain root privileges on vulnerable devices and execute...

Read More
Apple Patches 51 Serious Security Flaws in iOS 12.2 Update
Mar27

Apple Patches 51 Serious Security Flaws in iOS 12.2 Update

Apple has released a new update of its iOS operating system for iPhone 5s and later, iPad Air and later, and 6th gen iPods. An update is also available for tvOS for Apple TV HD and Apple TV 4K. The latest version of the operating system includes patches for 51 serious flaws that could potentially be exploited for DoS attacks, privilege escalation, gaining root access to vulnerable devices, stealing data, and executing malicious code....

Read More
One Third of Organizations Have Experienced A Security Breach Involving Remote Workers
Mar26

One Third of Organizations Have Experienced A Security Breach Involving Remote Workers

Robust defenses may have been implemented to protect networks from cyberattacks, but the same level of protection is not always applied for remote workers. Allowing employees to work remotely may improve staff morale and can even lead to an increase in productivity, but it also introduces risk. Those risks have been made clear by a recent survey conducted by the virtual private network solution provider OpenVPN. The study was...

Read More
7 Out of 10 Ransomware Attacks are on SMBs
Mar25

7 Out of 10 Ransomware Attacks are on SMBs

71% of ransomware attack are on SMBs, according to a new report from Beazley Breach Response (BBR) Services When an attack involves widespread encryption across an organization’s network ransom demands can be very high. The highest ransom demand received by a client was $8.5 million. The ransom wasn’t paid, but some companies have no alternative other than to pay the ransom demand. One client paid $935,000 for the keys to unlock...

Read More
Microsoft Will End Support for Windows 7 in January 2020
Mar22

Microsoft Will End Support for Windows 7 in January 2020

Microsoft has announced that support for Windows 7 will come to an end on January 14, 2020. All Windows 7 users will be advised to upgrade to Windows 10 as soon as possible. Windows 7 users will receive notifications on screen to alert them that the OS is approaching end of life when they install the latest KB4493132 update, which will be made available through Windows Update. The update is not mandatory. Users will have the option of...

Read More
New Mirai Variant Targets Enterprise Wireless Presentation Systems
Mar20

New Mirai Variant Targets Enterprise Wireless Presentation Systems

Enterprise wireless presentation systems and signage TVs are being attacked by the latest Mirai variant, according to new research from Palo Alto Networks’ Unit 42 team. Previously, the threat actors behind Mirai have mostly focused on attacking vulnerable consumer IoT devices, but there are benefits to be gained from attacking enterprise IoT devices. A successful attack will give the attackers greater bandwidth to use in DDoS...

Read More
MFA Bypassed in IMAP-Based Attacks on Office 365 and G Suite Accounts
Mar15

MFA Bypassed in IMAP-Based Attacks on Office 365 and G Suite Accounts

Multi-factor authentication can prevent accounts from being accessed if passwords are stolen or obtained using brute force tactics; however, Proofpoint has discovered that multi-factor authentication is being bypassed on Office 365 and G Suite accounts using the legacy IMAP protocol. The IMAP authentication protocol bypasses MFA and attackers are able to avoid being locked out of accounts. The methods used made failed login attempts...

Read More
March 2019 Patch Tuesday: 2 Actively Exploited Bugs Patched by Microsoft
Mar13

March 2019 Patch Tuesday: 2 Actively Exploited Bugs Patched by Microsoft

March 2019 Patch Tuesday has seen Microsoft issue fixes for 64 vulnerabilities, two of which are being actively exploited in the wild.   The two actively exploited flaws are being tracked as CVE-2019-0808 and CVE-2019-0797. The first is a zero-day vulnerability in the Win32k component of Windows that could be exploited by an authenticated user to elevate privileges and execute arbitrary code. The flaw was identified by Google’s...

Read More
Verifications.io MongoDB Misconfiguration Exposed 2 Billion Records
Mar13

Verifications.io MongoDB Misconfiguration Exposed 2 Billion Records

The enterprise email verification service, Verifications.io, has exposed around 2 billion records due the misconfiguration of MongoDB instances. The data leak was discovered by researcher Bob Diachenko, who identified an unsecured 150 GB MongoDB instance. Analysis of the database showed it contained around 809 million records. However, a subsequent analysis by DynaRisk revealed four MongoDB instances had been exposed, which in total...

Read More
Jackson County, Georgia Pays $400,000 Ransom to Recover Encrypted Files
Mar11

Jackson County, Georgia Pays $400,000 Ransom to Recover Encrypted Files

After considering the potential costs and benefits, Jackson County, Georgia determined that paying the ransom demand to unlock files encrypted in ransomware attack was the best option, even though the ransom demand was around $400,000. The attack occurred over the weekend of March 2/3, 2019, and resulted in the widespread encryption of data. The email system of the country’s government was taken out of action, and even systems used by...

Read More
Google Chrome and Windows 7 Flaws Being Actively Exploited in the Wild
Mar08

Google Chrome and Windows 7 Flaws Being Actively Exploited in the Wild

All Chrome users have been advised to update to the latest version of the browser – 72.0.3626.121 – as soon as possible to prevent a zero-day flaw from being exploited. Google released the new Chrome version on March 1, 2019, which addressed a use-after-free vulnerability in the FileReader component of Chrome that is being tracked as CVE-2019-5786. FileReader is an API used by web applications to read the contents of files...

Read More
Actively Exploited Zero-Day ColdFusion Vulnerability Patched by Adobe
Mar04

Actively Exploited Zero-Day ColdFusion Vulnerability Patched by Adobe

Adobe has issued an out-of-band update to correct the actively exploited ColdFusion vulnerability CVE-2019-7816. The zero-day flaw in its web application development platform is a file upload restriction bypass issue. If exploited, the flaw could allow remote code execution. At least one threat actor is known to be exploiting the flaw in the wild. According to Adobe, in order to exploit the flaw, an attacker would need to have the...

Read More
WinRAR Vulnerability Actively Exploited in the Wild to Install Backdoor
Feb27

WinRAR Vulnerability Actively Exploited in the Wild to Install Backdoor

The 19-year old WinRAR vulnerability that was recently identified by Check Point is being exploited in the wild to install a backdoor that allows remote access. An updated version of WinRAR was released in January to correct the flaw, but many users have yet to update to the latest version of the file compression tool. In January it was estimated that around 500 million individuals worldwide had a vulnerable version of WinRAR...

Read More
B0r0nt0K Ransomware Attack Could Cost You $75,000
Feb25

B0r0nt0K Ransomware Attack Could Cost You $75,000

A new cryptoransomware threat called B0r0nt0K ransomware is being used to encrypt files on Linux and Windows servers. If you haven’t backed up, you will have to pay a ransom of 20 Bitcoin – Around $75,000 – to recover your files.   The new threat was reported to Bleeping Computer by a forum user whose client had been attacked with the new ransomware variant and had website files encrypted. B0r0nt0K Ransomware encrypted all files...

Read More
Zero-Day WinRAR Remote Code Execution Flaw Allows Full PC Takeover
Feb22

Zero-Day WinRAR Remote Code Execution Flaw Allows Full PC Takeover

A patch has been released to correct a 19-year old zero-day WinRAR remote code execution vulnerability. The flaw was identified by security researchers at Check Point who were able to successfully exploit the flaw to take full control of a vulnerable computer. All that is required is to send an email to someone with an out-of-date version of the software installed on their computer and convince them to open an attached compressed...

Read More
Businesses Targeted in Ongoing Credential-Stealing Separ Malware Phishing Attack
Feb21

Businesses Targeted in Ongoing Credential-Stealing Separ Malware Phishing Attack

An ongoing phishing campaign is targeting businesses and distributing the information-stealing Separ malware. The campaign has mostly concentrated on businesses in South East Asia and the Middle East, although some businesses in North America have also been attacked. The Separ information stealer has been in use since September 2017, with earlier versions of the info-stealer dating back to 2013. The latest campaign, which uses an...

Read More
Drupal Updates Released to Correct Critical RCE Vulnerability
Feb21

Drupal Updates Released to Correct Critical RCE Vulnerability

An update for the Drupal CMS has been released that corrects a critical vulnerability – CVE-2019-6340 – which, if exploited, could allow the execution of arbitrary PHP code. The vulnerability is the result of improper sanitization of data in certain field types. Exploitation of the vulnerability is possible if the core RESTful Web Services module is enabled and PATCH and POST requests are allowed. It is also possible for the...

Read More
GandCrab Ransomware Decryptor Developed for Versions 5.0.4 to 5.1
Feb20

GandCrab Ransomware Decryptor Developed for Versions 5.0.4 to 5.1

A free GandCrab ransomware decryptor has been released that works for the latest version of the ransomware. Files encrypted by versions 1, 4, early versions of 5, and versions 5.0.4 to 5.1 can now be decrypted without paying the ransom. GandCrab ransomware was first detected in January 2018 and went on to become the biggest ransomware threat of 2018. In addition to encrypting local files on an infected device, GandCrab ransomware can...

Read More
Trickbot Trojan Updated to Obtain VNC, PuTTY, and RDP Credentials
Feb19

Trickbot Trojan Updated to Obtain VNC, PuTTY, and RDP Credentials

The Trickbot banking Trojan has been updated with a new module which is capable of obtaining VNC, PuTTY, and remote desktop credentials. The latest variant of Trickbot is being distributed in a tax season-themed phishing campaign involving emails that offer help with recent changes to the U.S. tax code to reduce tax bills. The emails appear to have been sent by the accounting organization Deloitte and have a tax incentive-related...

Read More
FINRA Issues Phishing Warning to Brokerage Firms
Feb19

FINRA Issues Phishing Warning to Brokerage Firms

The Financial Industry Regulatory Authority (FINRA) has issued a warning to brokerage firms about a new phishing campaign. The scam involves spam emails which appear to have been sent from a credit union alerting the brokerage firm to potential money laundering by one of their clients. The email messages appear to have been sent by a BSA-AML compliance officer at a legitimate Indiana-based credit union and contain details of the...

Read More
MSPs Targeted in New GandCrab Ransomware Campaign
Feb15

MSPs Targeted in New GandCrab Ransomware Campaign

Managed service providers (MSPs) and IT support companies are being targeted in a new GandCrab ransomware campaign. MSPs are an attractive target. If access can be gained to MSP systems, the attackers can abuse trusted relationships to perform attacks on their clients. MSPs are often used by SMBs that do not have the internal resource to manage their own IT or have insufficient staff numbers to devote to cybersecurity. MSPs perform a...

Read More
Emotet Threat Actors Now Distributing Trojan via XML Files Masked as Word Documents
Feb15

Emotet Threat Actors Now Distributing Trojan via XML Files Masked as Word Documents

At least one cybercriminal group distributing the Emotet Trojan has started using a new tactic to infect end users with the malware. The malware is now being delivered using XML files disguised as Word documents, with the malware installed via embedded macros. The Emotet Trojan is one of the most rapidly evolving malware variants. The malware is regularly updated with new functions and the methods used to distribute the malware and...

Read More
Mac Users Targeted with New Shlayer Malware Variant
Feb15

Mac Users Targeted with New Shlayer Malware Variant

A new Shlayer malware variant has been detected that infects Mac computers and disables macOS Gatekeeper security software. The latest version of the malware was identified by researchers at Carbon Black and appears to only target MacOS versions from 10.10.5 to 10.14.3. Shlayer malware is distributed via fake Flash Player updates. Warnings are generated when visiting websites advising the user that their Flash Player is out of date...

Read More
VFEmail Suffers Catastrophic Cyberattack with Permanent Loss of Customers Email Data
Feb13

VFEmail Suffers Catastrophic Cyberattack with Permanent Loss of Customers Email Data

The email provider VFEmail has suffered a cyberattack that has caused “catastrophic destruction.” A hacker with a Bulgarian IP address gained access to its U.S. servers and formatted them; destroying all data in its primary and backup systems. The attack started in the morning of February 11, 2019. VFEmail issued a statement saying that all disks on its U.S. servers were formatted and all of its virtual machines, mail servers, and...

Read More
February 2019 Patch Tuesday: Microsoft Fixes 74 Vulnerabilities; Adobe 75
Feb13

February 2019 Patch Tuesday: Microsoft Fixes 74 Vulnerabilities; Adobe 75

February 2019 Patch Tuesday has seen almost 150 vulnerabilities fixed by Microsoft and Adobe, including 43 critical Adobe flaws and 20 critical Microsoft vulnerabilities, one of which is being actively exploited in the wild.    The actively exploited vulnerability was discovered by the Google Project Zero team. The vulnerability is in Internet Explorer 11 – CVE-2019-0676 – and could be exploited if a user visits a specially...

Read More
Phishing Campaign Leverages Google Translate to Steal Google and Facebook Credentials
Feb11

Phishing Campaign Leverages Google Translate to Steal Google and Facebook Credentials

A phishing campaign has been detected that abuses Google Translate to make the phishing webpage appear to be an official login page for Google. The phishing emails in the campaign are similar to many other campaigns that have been run in the past. The messages have the subject “Security Alert” with a message body virtually identical to the messages sent by Google when a user’s Google account has been accessed from an unfamiliar device...

Read More
Office 365 Phishing Campaign Uses SharePoint Collaboration Request as Lure
Feb06

Office 365 Phishing Campaign Uses SharePoint Collaboration Request as Lure

A single Office 365 username/password combination can give a hacker access to a vast quantity of sensitive information. Information detailed in emails can be of great value to competitors, identity thieves, and other fraudsters. Office 365 credentials also give hackers access to cloud storage repositories that can contain highly sensitive business information and compromised accounts can be used to distribute malware and conduct...

Read More
New Speakup Linux Backdoor Trojan Used in Widespread Attacks
Feb05

New Speakup Linux Backdoor Trojan Used in Widespread Attacks

Security researchers at Check Point have identified a new Trojan named Speakup which is being used in targeted attacks on Linux servers. The Speakup Linux backdoor Trojan can also be used to attack Mac devices. The Trojan is deployed via exploits of vulnerabilities across six Linux distributions, including the recently identified ThinkPHP vulnerability, CVE-2018-20062.  The current campaign is targeting Linux devices in China,...

Read More
Xvideos Sextortion Scam Threatens to Expose Porn Viewing Habits
Feb04

Xvideos Sextortion Scam Threatens to Expose Porn Viewing Habits

An xvideos sextortion scam threatens to expose users’ porn viewing habits to friends, family, and work colleagues.   The scammer claims to have recorded the user via the webcam while they viewed content on the xvideos adult website. The email is made more believable by the inclusion of the user’s password in the message body. The scammer claims to have gained access to the email recipient’s computer and installed a keylogger. The...

Read More
Apple IOS Vulnerability Allows Hackers to Snoop on FaceTime Calls
Jan29

Apple IOS Vulnerability Allows Hackers to Snoop on FaceTime Calls

A serious Apple IOS vulnerability has been detected that allows people to gain access to both the microphone and the front facing camera on Apple devices by exploiting a flaw in FaceTime. Further, the flaw even allows microphone/camera access if the call is not answered. The flaw has prompted many security experts to suggest Apple device owners to stop using FaceTime until the flaw is corrected. To exploit the flaw, a user would need...

Read More
Fake Google Update Installer Used to Install AZORult Trojan
Jan28

Fake Google Update Installer Used to Install AZORult Trojan

Researchers at Minerva Labs have identified a new AZORult Trojan campaign that installs the malware through a fake Google update installer. The AZORult Trojan is an information stealer that can obtain system information, cookies, passwords stored in browsers, browser histories, information from saved files, banking credentials, and cryptocurrency wallets. The malware is also used as a downloader of other malware variants and is...

Read More
0Patch Micropatches Released to Address 3 Zero-Day Windows Flaws
Jan23

0Patch Micropatches Released to Address 3 Zero-Day Windows Flaws

0Patch has released a micropatch to address three zero-day Windows flaws that have yet to be addressed by Microsoft, including a zero-day remote code execution vulnerability in the Windows Contacts app. The 0Patch platform allows micropatches to be quickly distributed, applied, and removed to/from running processes without having to reboot computers or even restart processes. The platform is still in beta, although testing and...

Read More
STOP Ransomware Delivered via Software Cracks
Jan22

STOP Ransomware Delivered via Software Cracks

STOP ransomware, a crypto-ransomware variant that uses the .rumba file extension on encrypted files, is being delivered via software cracks. Software cracking programs that generate licenses for popular software programs are commonly used to deliver malware. The executable files often install spyware and adware code during the cracking process and while it is not unknown for other malware to be installed when the programs are run, it...

Read More
Cryptocurrency Mining Malware Tops Most Wanted Malware List
Jan21

Cryptocurrency Mining Malware Tops Most Wanted Malware List

Check Point’s Most Wanted Malware report for December 2018 shows that cryptocurrency mining malware was the leading malware threat in December. The top four malware threats in December 2018 were all cryptocurrency miners. Top spot goes to the Monero miner Coinhive: An online miner that uses the processing power of visitors’ computers whenever they visit a website that has had the miner installed. Coinhive has topped the Most Wanted...

Read More
773 Million Email Addresses and 21 Million Unique Passwords Listed for Sale
Jan18

773 Million Email Addresses and 21 Million Unique Passwords Listed for Sale

A massive collection of login credentials that includes approximately 773 million email addresses has been uncovered by security researcher Troy Hunt. Hunt is an Australian Microsoft Regional Director and maintains the Have I Been Pwned (HIBP) website, where people can check to see whether their login credentials have been stolen in a data breach. Hunt discovered the 87GB database on a popular hacking forum. The data was spread across...

Read More
Highly Sophisticated Apple Vishing Scam Detected
Jan10

Highly Sophisticated Apple Vishing Scam Detected

A sophisticated Apple vishing scam has been uncovered. In contrast to most phishing attempts that use email, this scam used voice calls (vishing) with the calls appearing to have come from Apple. The scam starts with an automated voice call to an iPhone that spoofs Apple Inc. The caller display shows that the call is from Apple Inc., increasing the likelihood that the call will be answered. The user is advised that there has been a...

Read More
January 2019 Patch Tuesday Updates
Jan09

January 2019 Patch Tuesday Updates

January 2019 Patch Tuesday has seen 51 flaws corrected in Microsoft products. There are four updates to correct flaws in the Microsoft Edge Browser. Seven of the 51 updates have been marked as critical. January 2019 Patch Tuesday Critical Vulnerabilities in Microsoft Products The 51 updates are broken down as: Microsoft JET Database Engine (11), Microsoft Windows (6), Microsoft Office (4), Microsoft Office SharePoint (4), Windows...

Read More
Free Decryptor for Fileslocker Ransomware Developed After Master Key Leaked
Jan03

Free Decryptor for Fileslocker Ransomware Developed After Master Key Leaked

A free decryptor for Fileslocker ransomware has been developed following the leaking of the master key for the ransomware on Pastebin. The master key is the key used by threat actors to decrypt files that have been encrypted by the ransomware. The post was created on December 29, 2018 and states that the master key, which decrypts the private key, is “applicable to V1, V2 version” and that the poster is “waiting for security personnel...

Read More
Tribune Publishing Cyberattack Cripples Several U.S. Newspapers
Jan02

Tribune Publishing Cyberattack Cripples Several U.S. Newspapers

A recent malware attack on Tribune Publishing has caused disruption to several newspaper print runs including those of the Los Angeles Times, San Diego Tribune, and the west coast editions of the New York Times and Wall Street Journal, amongst others. The Tribune Publishing cyberattack occurred on Thursday December 28, 2018, and spread throughout the Tribune Publishing network on Friday, affecting the Saturday editions of several...

Read More
FTC Issues Warning About New Netflix Phishing Scam
Jan01

FTC Issues Warning About New Netflix Phishing Scam

The U.S. Federal Trade Commission has issued a warning about a new global Netflix phishing scam that attempts to fool Netflix subscribers into disclosing their account credentials and payment information. The scam uses a tried and tested tactic to obtain that information: The threat of account closure due to payment information being out of date. Users are sent a message asking them to update their payment details because Netflix has...

Read More
Orange Livebox Modems Leaking WiFi Information
Dec28

Orange Livebox Modems Leaking WiFi Information

Hackers are exploiting a flaw (CVE-2018-20377) in Orange Livebox ASDL modems that allows them to obtain the SSID and the Wi-Fi password of the devices in plaintext. Once access is gained to a vulnerable modem, attackers could update the firmware and change device settings. Exploiting the flaw is as simple as sending a GET request. The flaw was identified by Troy Mursch at Bad Packets, who noticed the firm’s honeypots were being...

Read More
Backdoor and Ransomware Detections Increased More than 43% in 2018
Dec20

Backdoor and Ransomware Detections Increased More than 43% in 2018

The recently published Kaspersky Security Bulletin 2018 shows there has been a 43% increase in ransomware detections and a 44% increase in backdoor detections in the first 10 months of 2018, highlighting the growing threat from malware. Kaspersky Lab is now handling 346,000 new malicious files every day and has so far detected more than 21.64 million malicious objects in 2018. Backdoor detections increased from 2.27 million to 3.26...

Read More
Actively Exploited Internet Explorer Flaw Patched by Microsoft
Dec20

Actively Exploited Internet Explorer Flaw Patched by Microsoft

Microsoft has issued an out of band update for Internet Explorer to correct a vulnerability that is being actively exploited in the wild. The Internet Explorer flaw was found by Clement Lecigne at Google’s Threat Analysis Group, who reported the vulnerability to Microsoft. The remote code execution flaw, tracked as CVE-2018-8653, is in the Internet Explorer scripting engine, which handles memory objects. If the flaw is exploited, an...

Read More
New Office 365 Phishing Attack Detected
Dec18

New Office 365 Phishing Attack Detected

A new Office 365 phishing attack has been identified that uses alerts about message delivery failures to lure unsuspecting users to a website where they are asked to provide their Office 365 account details. The new scam was detected by security researcher Xavier Mertens during an analysis of email honeypot data. The emails closely resemble official messages sent by Microsoft to alert Office 365 users to message delivery failures. The...

Read More
Microsoft and Adobe December 2018 Patch Tuesday Updates
Dec12

Microsoft and Adobe December 2018 Patch Tuesday Updates

December 2018 Patch Tuesday has seen Microsoft issue patches for 39 vulnerabilities, 10 of which have been rated critical, and two are being actively exploited in the wild. There are 9 critical vulnerabilities in Microsoft products and one critical vulnerability in Adobe Flash Player. The patches cover the following products and services: Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft Edge, Microsoft Office...

Read More
2018 Security Awareness Training Statistics
Dec12

2018 Security Awareness Training Statistics

A recent survey conducted by Mimecast has produced some interesting security awareness training statistics for 2018. The survey shows many businesses are taking considerable risks by not providing adequate training to their employees on cybersecurity. Ask the IT department what is the greatest risk cybersecurity risk and many will say end users. IT teams put a considerable amount of effort into implementing and maintaining...

Read More
Adobe Patches Actively Exploited 0-Day Vulnerability in Flash Player
Dec06

Adobe Patches Actively Exploited 0-Day Vulnerability in Flash Player

On Wednesday, December 5, 2018, Adobe issued an update to correct a vulnerability in Adobe Flash Player that is being leveraged by a threat group in targeted attacks in Russia. The threat group has already attacked a healthcare facility in Russia that is used by senior civil servants. The vulnerability was identified by researchers at Gigamon who passed on details of the vulnerability to Adobe in late November. Qihoo 360 researchers...

Read More
Marriott Announces 500 Million-Record Breach of Starwood Hotel Guests’ Data
Nov30

Marriott Announces 500 Million-Record Breach of Starwood Hotel Guests’ Data

The Marriott hotel chain has announced it has suffered a massive data breach that has resulted in the theft of the personal information of up to 500 million guests of the Starwood Hotels and Resorts group. Marriott discovered the data breach on September 8, 2018 after an alert was generated by its internal security system following an attempt by an unauthorized individual to access the Starwood guest reservation database. Third-party...

Read More
49% of All Phishing Sites Have SSL Certificates and Display Green Padlock
Nov29

49% of All Phishing Sites Have SSL Certificates and Display Green Padlock

Almost half of phishing sites now have SSL certificates, start with HTTPS, and display the green padlock to show the sites are secure, according to new research by PhishLabs. The number of phishing websites that have SSL certificates has been increasing steadily since Q3, 2016, when around 5% of phishing websites were displaying the green padlock to indicate a secure connection. The percentage increased to approximately 25% of all...

Read More
Major Malvertising Campaign Detected: 300 Million Browser Sessions Hijacked in 48 Hours
Nov28

Major Malvertising Campaign Detected: 300 Million Browser Sessions Hijacked in 48 Hours

A major malvertising campaign is being conducted that is redirecting web users to phishing and scam websites. While malvertising campaigns are nothing new, this one stands out due to the scale of the campaign. In 48 hours, more than 300 million users have had their browsers redirected to malicious web pages. The campaign was uncovered by researchers at cybersecurity firm Confiant on November 12. The researchers note that the actor...

Read More
APT28 Group Uses New Cannon Trojan in Spear Phishing Campaign Targeting US and EU Government Agencies
Nov22

APT28 Group Uses New Cannon Trojan in Spear Phishing Campaign Targeting US and EU Government Agencies

A new spear phishing campaign is being conducted by the AP28 (Sofacy Group/Fancy Bear/Sednit) on government organizations in the United States, Europe, and a former USSR state using the previously unknown Cannon Trojan. The campaign was detected by Palo Alto Networks’ Unit 42 team and was first identified in late October. The campaign is being conducted via spam email and uses weaponized Word document to deliver two malware variants....

Read More
Critical AMP for WP Plugin Vulnerability Allows Any User to Gain Admin Rights
Nov20

Critical AMP for WP Plugin Vulnerability Allows Any User to Gain Admin Rights

A new critical WordPress plugin vulnerability has been identified that could allow site users to escalate privileges to admin level, giving them the ability to add custom code to a vulnerable website or upload malware. The vulnerability is in the AMP for WP plugin, a popular plugin that converts standard WordPress posts into the Google Accelerated Mobile Pages format to improve load speeds on mobile browsers. The plugin has more than...

Read More
TA505 APT Group Spreading tRat Malware in New Spam Campaigns
Nov20

TA505 APT Group Spreading tRat Malware in New Spam Campaigns

The prolific APT group TA505 is conducting spam email campaigns spreading a new, modular malware variant named tRAT. tRAT malware is a remote access Trojan capable of downloading additional modules. In addition to adding infected users to a botnet, the threat actors have the option of selling access to different elements of the malware to other threat groups for use in different attacks. Threat researchers at Proofpoint intercepted...

Read More
Phishing Accounts for 50% of All Fraud Attacks
Nov15

Phishing Accounts for 50% of All Fraud Attacks

An analysis of current cyber fraud threats by network security firm RSA shows that phishing attacks have increased by 70% since Q2 and now account for 50% of all fraud attacks suffered by organizations. Phishing attacks are popular because they are easy to conduct and have a high success rate. An attacker can set up a webpage that mimics a well-known brand such as Microsoft or Google that requests login details. Emails are then sent...

Read More
Microsoft Patches 12 Critical Vulnerabilities on November Patch Tuesday
Nov14

Microsoft Patches 12 Critical Vulnerabilities on November Patch Tuesday

Microsoft has issued patches for 12 critical vulnerabilities in November Patch Tuesday and has fixed a flaw that is being actively exploited by at least one threat group. In total, 64 vulnerabilities have been fixed across Windows, IE, Edge, and other Microsoft products. The 12 critical vulnerabilities could allow hackers to execute malicious code and take full control of a vulnerable device. The majority of the critical...

Read More
WordPress GDPR Compliance Plugin Vulnerability Being Actively Exploited
Nov12

WordPress GDPR Compliance Plugin Vulnerability Being Actively Exploited

Websites with the WordPress GDPR Compliance plugin installed are being hijacked by hackers. A vulnerability in the plugin is being exploited, allowing attackers to modify site settings and register new user accounts with admin privileges. The vulnerability can be remotely exploited by unauthenticated users, many of whom have automated exploitation of the vulnerability to hijack as many sites as possible before the vulnerability is...

Read More
Zero-Day VirtualBox Vulnerability and Exploit Published
Nov07

Zero-Day VirtualBox Vulnerability and Exploit Published

Details of a zero-day VirtualBox vulnerability have been published online along with a step by step exploit. The vulnerability in the Oracle open source hosted hypervisor was published on GitHub by Russian security researcher, Sergey Zelenyuk, rather than being disclosed to Oracle to allow the bug to be fixed. The decision was influenced by a previous vulnerability that he found in VirtualBox that was disclosed to Oracle but took the...

Read More
Elon Musk Bitcoin Scam Generates $180,000 in a Day
Nov06

Elon Musk Bitcoin Scam Generates $180,000 in a Day

The promise of payment of a sizable sum in return for a small payment is a classic scam that has been conducted in various forms for many years. An administration fee is required before a Saudi prince’s inheritance will be paid, and payment I required to help a widow get her husbands fortune out of the country. This week an interesting variation of the scam has been conducted on Twitter that has been surprisingly effective. The Saudi...

Read More
BleedingBit Vulnerabilities Affect Millions of Wireless Access Points
Nov02

BleedingBit Vulnerabilities Affect Millions of Wireless Access Points

Armis Labs has identified two vulnerabilities in Texas Instruments’ Bluetooth Low Energy (BLE) chips that are used in wireless access points manufactured by Cisco, Meraki, and Aruba. The affected wireless access point are used by hundreds of thousands of businesses around the world. Cisco, Meraki, and Aruba supply at least 70% of business wireless access points, which places all of those businesses at risk. It is not yet known exactly...

Read More
Stealthy sLoad Downloader Performs Extensive Reconnaissance to Improve Quality of Infected Hosts
Oct25

Stealthy sLoad Downloader Performs Extensive Reconnaissance to Improve Quality of Infected Hosts

A new PowerShell downloader has been discovered – the sLoad downloader – which is being used in stealthy, highly targeted attacks in the United Kingdom and Italy. The sLoad downloader performs a wide range of checks to find out a great deal of information about the system on which it resides, before choosing the most appropriate malicious payload to deploy – if a payload is deployed at all. The sLoad downloader was first identified in...

Read More