PureLocker Ransomware: A New Ransomware Threat Targeting Enterprise Servers
Nov14

PureLocker Ransomware: A New Ransomware Threat Targeting Enterprise Servers

Security researchers at IBM X-Force and Intezer have identified a new form of ransomware that is being used in targeted attacks on enterprise servers. The new threat has been called PureLocker as it has been written in PureBasic, which is unusual for ransomware. PureLocker represents a serious threat, especially since signature-based security solutions struggle to detect malware written in PureBasic. Researchers at Intezer note that...

Read More
November Patch Tuesday: Microsoft Patches 74 Flaws Including Actively Exploited RCE
Nov13

November Patch Tuesday: Microsoft Patches 74 Flaws Including Actively Exploited RCE

November Patch Tuesday has seen Microsoft patch 74 vulnerabilities across all its products, including 13 critical flaws and one remote code execution vulnerability that is being actively exploited in the wild. The actively exploited flaw – CVE-2019-1429 – is in Internet Explorer and is a Scripting Engine Memory Corruption vulnerability that was identified by Google’s Project Zero team. The flaw can be exploited by convincing a...

Read More
CISA Issues Warning About Holiday Season Scams
Nov12

CISA Issues Warning About Holiday Season Scams

‘Tis the season to be jolly, especially if you are a scammer. In the run up to holiday season, cybercriminals go into overdrive and are ready and waiting to take advantage of the millions of online shoppers looking to secure a bargain. Holiday season scams are plentiful, highly varied, convincing, and often successful. This year, the U.S. government is warning consumers to be on high alert for holiday season scams that aim to obtain...

Read More
Highly Convincing Phishing Scam Uses Fake WebEx Client to Deliver RAT
Nov11

Highly Convincing Phishing Scam Uses Fake WebEx Client to Deliver RAT

A new phishing scam has been detected that uses a WebEx meeting request as a lure to get business users to download a remote access Trojan that masquerades as the WebEx client (WebEx.exe). The campaign was detected by Alex Lanstein and shared on Twitter. The meeting request is a carbon copy of a genuine WebEx meeting notification email. As with the real meeting requests, the email contains a Join Meeting button, which the user needs...

Read More
MegaCortex Ransomware Ups the Ante with Threat of Publication of Stolen Data
Nov08

MegaCortex Ransomware Ups the Ante with Threat of Publication of Stolen Data

The developers of MegaCortex ransomware have released an updated version of their file-encrypting malware. The latest version incorporates a new feature to hamper recovery without paying the ransom along with a new threat. Victims are told that if they do not pay the ransom, their files will be published online. The latest version of MegaCortex ransomware was discovered by MalwareHunterTeam. The new version will change the Windows...

Read More
Targeted Ransomware Attacks Hit Spanish Companies Hard
Nov06

Targeted Ransomware Attacks Hit Spanish Companies Hard

A wave of ransomware attacks has been reported in Spain with several appearing to have been attacked almost simultaneously on Monday. One of the attacked companies was Everis, one of the largest IT consulting companies and managed service providers in Spain. The attack on Everis was targeted, which was made clear by the extension added to files encrypted by the ransomware – .3v3r1s. The dropped ransom note explained that its network...

Read More
Mass BlueKeep RDP Attacks Detected Spreading Cryptcurrency Miners
Nov04

Mass BlueKeep RDP Attacks Detected Spreading Cryptcurrency Miners

The BlueKeep remote code execution vulnerability in Windows Remote Desktop Services is being exploited in real world attacks. The vulnerability – CVE-2019-0708 – can be exploited on vulnerable systems by sending a specially crafted request over RDP. No user interaction is required.  A patch to correct the flaw was issued by Microsoft in May. The flaw is one of the most serious vulnerabilities discovered in 2019. Like the Windows...

Read More
Update Google Chrome: Zero-Day Vulnerability Being Actively Exploited in the Wild
Nov01

Update Google Chrome: Zero-Day Vulnerability Being Actively Exploited in the Wild

A recently discovered vulnerability in Google Chrome is being actively exploited by hackers. The vulnerability was discovered by Kaspersky Lab security researchers Anton Ivanov and Alexey Kulaev who reported the flaw to Google. The flaw – CVE-2019-13720 – is a high-severity use-after-free memory corruption vulnerability in the audio component of the Chrome browser. If exploited the flaw could cause the browser to crash and...

Read More
FBI Issues Warning Following Increase in E-Skimming Attacks
Oct28

FBI Issues Warning Following Increase in E-Skimming Attacks

The FBI has issued a warning following an increase in e-skimming attacks on small and medium sized businesses and government agencies. E-skimming is the term given to the loading of malicious code onto e-commerce websites that captures credit card information when consumers purchase products online. The code sends personal information and credit card details to an attacker-controlled domain in real-time. These attacks are performed on...

Read More
7.5 Million Adobe Creative Cloud Users Warned of Data Breach
Oct28

7.5 Million Adobe Creative Cloud Users Warned of Data Breach

Adobe has announced that a vulnerability has exposed the private information of approximately 7.5 million Adobe Creative Cloud users. The information was contained in an Elasticsearch database, which could be accessed by anyone via a web browser without any authentication required. Fortunately, only basic customer information was exposed. No financial information or passwords were stored in the database, only basic information about...

Read More
NordVPN Discloses 2018 Security Breach
Oct23

NordVPN Discloses 2018 Security Breach

NordVPN is one of the most popular and well-known VPN services on the market. It is used by many people to ensure privacy when using the internet; however, the firm has recently announced that it has suffered a security breach. The announcement came following a post on Twitter by a security researcher who claimed that an unknown individual had stolen private encryption keys that ensure traffic through its servers remain private and...

Read More
Free Decyptor for STOP Ransomware Released
Oct21

Free Decyptor for STOP Ransomware Released

Researchers at New Zealand-based cybersecurity firm Emsisoft have released a free decryptor for STOP ransomware. STOP ransomware is primarily used to attack consumers rather than businesses and is usually delivered via cracked software and adware bundles distributed on websites that offer cracks for legitimate software applications such as Photoshop. The threat actors behind the campaign are highly active. In fact, STOP ransomware is...

Read More
Critical Linux Wi-Fi Bug Could Result in Full System Compromise
Oct21

Critical Linux Wi-Fi Bug Could Result in Full System Compromise

A critical flaw in the Linux rtlwifi driver has been identified which could allow a full system compromise. A patch is being prepared but as not yet been added to the Linux kernel. The rtlwifi driver is used to ensure compatibility of Realtek Wi-Fi chips on Linux devices and allow them to communicate with the Linux operating system. The vulnerability – CVE-2019-17666 – has existed for around 4 years but has only just been...

Read More
Adobe October Update Includes Patches for 45 Critical Vulnerabilities in Acrobat and Reader
Oct16

Adobe October Update Includes Patches for 45 Critical Vulnerabilities in Acrobat and Reader

Adobe usually releases its patches, fixes, and software updates on the same day as Microsoft – The second Tuesday of the month or Patch Tuesday as it has come to be known. No updates were release on Tuesday, October 9, but it turns out that the updates have just been delayed. On October 15, Adobe released a slew of updates to correct vulnerabilities in Adobe Acrobat, Adobe Reader, Adobe Experience Manager, Adobe Experience Manager...

Read More
Many Popular Smartphones Vulnerable to Actively Exploited Zero-Day Android Flaw
Oct15

Many Popular Smartphones Vulnerable to Actively Exploited Zero-Day Android Flaw

A zero-day flaw in the Android operating system used by some of the most popular mobile phones on the market is being exploited in real-world attacks. The zero-day flaw is being exploited by the Israeli surveillance firm NSO Group, which is best known for selling zero-day exploits in operating systems to governments for the purpose of espionage. The flaw is present in the Android Kernel binder driver and is a use-after-free...

Read More
Reductor Malware Allows Hijacking of HTTPS Traffic
Oct11

Reductor Malware Allows Hijacking of HTTPS Traffic

Security researchers at Kaspersky Lab have identified a new form of malware named Reductor that manipulates the random number generator of web browsers allowing decryption of TLS traffic on the fly. The threat actors behind the malware have not been identified, although there are similarities in the code which links it to the COMPfun Trojan, suggesting the authors of both malware variants could be one and the same. Based on...

Read More
TransUnion Data Breach Impacts 37,000 Canadians
Oct11

TransUnion Data Breach Impacts 37,000 Canadians

Chicago-based TransUnion, one of the ‘big three’ consumer credit reporting agencies, has announced that a data breach has been experienced that has potentially allowed an unauthorized individual to gain access to the data of tens of thousands of Canadians. The breach has not affected any consumers in the United States and is far more limited than the data breach the credit reporting agency Experian, which affected 147 million...

Read More
Free Muhstik, HildaCrypt, and Nempty Ransomware Decryptors Released
Oct11

Free Muhstik, HildaCrypt, and Nempty Ransomware Decryptors Released

Over the past few days, free decryptors have been released for three ransomware variants – Muhstik, HildaCrypt, and Nempty Ransomware. The decryptors will allow victims of these ransomware variants to recover their files without paying a ransom. Free Decryptor for Nemty Ransomware Researchers at cybersecurity firm Tesorian have developed a free decryptor for Nemty ransomware which works on versions 1.4 and 1.6 of the ransomware....

Read More
Microsoft Patches 59 Vulnerabilities Including 9 Critical Flaws
Oct09

Microsoft Patches 59 Vulnerabilities Including 9 Critical Flaws

October 2019 Patch Tuesday has seen Microsoft patch 59 vulnerabilities in its products including 8 critical flaws and 1 critical security advisory about the latest servicing stack updates. 49 vulnerabilities are rated important and 1 is of moderate severity. While prompt patching is strongly advisable, none of the flaws in this month’s round of updates are publicly known or are being used in attacks in the wild. The patches have been...

Read More
NSCS Warns Vulnerable VPNs are Being Targeted by APT Groups
Oct07

NSCS Warns Vulnerable VPNs are Being Targeted by APT Groups

The UK’s National Cyber Security Center (NCSC) has issued a warning following an increase in cyberattacks exploiting vulnerabilities in virtual private networks (VPNs). The NCSC has been investigating attacks by Advanced Persistent Threat (APT) actors who are targeting government agencies and the military, healthcare organizations, educational institutions, and businesses. These entities typically use VPNs to improve security, yet...

Read More
FDA Issues Warning over Urgent/11 Vulnerabilities in Component Used in Medical Devices
Oct02

FDA Issues Warning over Urgent/11 Vulnerabilities in Component Used in Medical Devices

The U.S. Food and Drug Administration (FDA) and ICS-CERT have issued warnings about 11 vulnerabilities in a software component used in several operating systems and certain medical devices. The vulnerabilities, collectively referred to as URGENT/11, could lead to remote code execution, information disclosure, and attacks that change the functionality of medical devices and stop them working as intended. While there have not been any...

Read More
New Fileless Malware Threat Discovered That Downloads its Own LOLBins
Sep30

New Fileless Malware Threat Discovered That Downloads its Own LOLBins

A new form of fileless malware has been discovered that uses legitimate Windows tools – living-off-the-land binaries or LOLBins – to conduct its malicious actions. While the use of LOLBins by fileless malware is nothing new, in this case the malware uses standard tools and also downloads its own LOLBIns. The first – Node.exe – is the Windows implementation of the Node.js framework which is typically used by web...

Read More
Healthcare Industry Cybersecurity Matrix of Information Sharing Organizations Issued by HSCC
Sep27

Healthcare Industry Cybersecurity Matrix of Information Sharing Organizations Issued by HSCC

The U.S. Healthcare and Public Health Sector Coordinating Council (HSCC) has published a new resource to help healthcare organizations start participating in threat intelligence sharing and stay abreast of the latest cybersecurity threats affecting the healthcare sector. Many healthcare organizations understand the importance of cybersecurity information sharing but have yet to make a start. Getting started can be somewhat daunting,...

Read More
New Links Between Sodinokibi and GandCrab Ransomware Discovered
Sep26

New Links Between Sodinokibi and GandCrab Ransomware Discovered

The threat actors behind the infamous and highly successful GandCrab ransomware operation announced their retirement earlier this year and shut down their operation. The gang was known for taunting researchers and claimed in May that they had made so much money from their operation – $2 billion – that they could afford to retire. That announcement was taken with a large pinch of salt by many security researchers, both in...

Read More
Adobe Fixes Critical Coldfusion Flaws
Sep25

Adobe Fixes Critical Coldfusion Flaws

Adobe has issued an out-of-band update for its web application platform Coldfusion which fixes two critical vulnerabilities and one important flaw. One of the critical vulnerabilities is command injection flaw that could lead to remote code execution. The flaw was identified by Badcode of the Knownsec 404 Team and is being tracked as CVE-2019-8073. The second critical vulnerability, CVE-2019-8074, is a path traversal flaw that could...

Read More
MITRE Corporation Publishes List of Top 25 Most Dangerous Software Errors and Vulnerabilities
Sep20

MITRE Corporation Publishes List of Top 25 Most Dangerous Software Errors and Vulnerabilities

The MITRE Corporation has published a list of the most dangerous software errors and vulnerabilities. It has been 8 years since the last list was published in 2011. The list contains the Top 25 Common Weakness Enumeration (CWE) software errors based on the risk they pose to organizations and what could possibly happen if the flaws are exploited. The top errors are easy to find, easy to exploit, and can potentially cause catastrophic...

Read More
Emotet is Back in Action and Delivering TrickBot and Ryuk Ransomware
Sep18

Emotet is Back in Action and Delivering TrickBot and Ryuk Ransomware

It has been all quiet on the Emotet front for the past four months, but the infamous botnet is back with a vengeance. A large-scale spam campaign has been detected that is distributing the versatile Emotet banking Trojan via malicious Word macros. The malspam campaign was detected by researchers at Malwarebytes who identified an uptick in command and control server activity and an email campaign distributing malicious messages in...

Read More
Don’t Neglect the Human Factor – Employee Security Awareness Training is Essential
Sep13

Don’t Neglect the Human Factor – Employee Security Awareness Training is Essential

Cybercriminals are attacking businesses by exploiting the weakest link in the security chain – Employees. Attacks exploiting the human factor are far easier to pull off that attempting to find remote code execution vulnerabilities. They are also much quicker and less resource-heavy than brute force attacks. A single phishing email can be all it takes for malware to be installed on a network or for account credentials and sensitive...

Read More
Exploit Kit Activity Increases: 4 New Malvertising Campaigns Detected
Sep12

Exploit Kit Activity Increases: 4 New Malvertising Campaigns Detected

Exploit kit activity may not be at the level seen in 2016, but the malicious website toolkits are enjoying something of a resurgence. New exploit kits such as Lord have recently been discovered and the activity of more established kits such as Rig and GrandSoft has increased significantly in recent months. Exploit kit activity is now at three times the level of this time last year. Exploit kits are toolkits that are loaded onto...

Read More
Weaponized BlueKeep Exploit Released
Sep11

Weaponized BlueKeep Exploit Released

A weaponized exploit for the BlueKeep vulnerability has been published online by security researchers at Rapid7 and Metasploit. BlueKeep – CVE-2019-0708 – is a wormable remote kernel use-after-free vulnerability affecting the remote desktop protocol on older versions of Windows, including Windows 7 and Windows Server 2008 R2. The latest Windows versions (Windows 8, Windows 10) are unaffected. If exploited, an attacker...

Read More
Google Docs Phishing Campaign Bypasses Email Security Solutions to Deliver TrickBot Trojan
Sep03

Google Docs Phishing Campaign Bypasses Email Security Solutions to Deliver TrickBot Trojan

A phishing campaign has been detected that uses Google Docs to bypass email security solutions and ensure the emails are delivered to end users’ inboxes. The campaign was detected by security researchers at Cofense, who found the emails were bypassing Proofpoint’s email security gateway solution and were not identified as malicious. The scammers use a legitimate Google account to send emails that link to a document on Google Docs. The...

Read More
Digital Extortion and Fileless Malware Attacks Have Soared in 1H, 2019
Sep02

Digital Extortion and Fileless Malware Attacks Have Soared in 1H, 2019

The first 6 months of 2019 have seen significant increases in business email compromise (BEC) attacks, ransomware attacks, and other forms of cyber extortion, according to a mid-year cybersecurity roundup from Trend Micro. The report, titled Evasive Threats, Pervasive Effects, provides insights into the current threat landscape and the main threats currently faced by businesses. Ransomware attacks have increased significantly, but the...

Read More
Phishing Campaign Uses Fake Resumes Used to Deliver Quasar RAT
Aug29

Phishing Campaign Uses Fake Resumes Used to Deliver Quasar RAT

Fake resumes are being used in a phishing campaign targeting HR departments which delivers Word documents containing a malicious macro that downloads the Quasar Remote Access Trojan (RAT), according to Cofense researchers. The Quasar RAT is an open source malware available on GitHub. The malware is used by many APT groups for espionage, network exploitation, logging keystrokes, stealing passwords, recording webcam footage, and taking...

Read More
Malicious CamScanner App Downloaded by 100 Million Users
Aug29

Malicious CamScanner App Downloaded by 100 Million Users

Users of the free version of the CamScanner app have been advised to uninstall the app immediately, following the discovery of a hidden Trojan Dropper module. The app has already been downloaded by more than 100 million users worldwide, all of whom may be at risk. CamScanner is an optical character recognition (OCR) app that allows users to create editable PDF files from photos of text. The free version of the app was available to...

Read More
Apple Fixes Critical Jailbreak Vulnerability… Again
Aug27

Apple Fixes Critical Jailbreak Vulnerability… Again

A patch has been released to address a critical jailbreak vulnerability in iOS 12.4. The flaw is a use-after-free vulnerability affecting the iOS kernel and is being tracked as CVE-2019-8605. If exploited, an attacker could execute arbitrary code with system-level privileges and jailbreak the phone. Jailbreaking an iPhone allows software to be installed that would not otherwise be permitted and gives users more control over their...

Read More
Study Highlights Risk of Lateral Phishing Attacks
Aug21

Study Highlights Risk of Lateral Phishing Attacks

Phishing is the use of impersonation to trick another person into disclosing sensitive information. Phishing can take place over the Internet, telephone, or via text message, but email is the most common attack vector. There are many reasons for compromising email accounts and a variety of tactics are used depending on the end goal. With Business Email Compromise (BEC) the aim is to gain access to the CEO’s email account and use it to...

Read More
Custom 404 Pages Used to Serve Fake Microsoft Office 365 Login Forms
Aug19

Custom 404 Pages Used to Serve Fake Microsoft Office 365 Login Forms

A new phishing campaign has been detected by security researchers at Microsoft that uses custom 404 pages to display a fake Office 365 login form. A single domain is used in this campaign and a custom 404 page is created that displays the fake Office 365 login form. The custom 404 page is displayed when any visitor to the website attempts to visit a non-existent web page. Since any URL could be entered to generate the 404 page, the...

Read More
Xwo Web Scanner Used to Identify Unprotected MongoDB Databases
Aug14

Xwo Web Scanner Used to Identify Unprotected MongoDB Databases

Security researchers at AT&T Alien Labs have identified a new ‘malware’ variant that is being used to identify potential targets. The web scanner has been named Xwo, based on the name of its main module. Xwo is python-based and actively scans for exposed web services and default passwords. Xwo scans for services such as MongoDB, Memcached, MySQL, PostgreSQL, Redis, Tomcat, and FTP for any default credentials that have not been...

Read More
August 2019 Patch Tuesday Sees More Than 90 Vulnerabilities Patched
Aug14

August 2019 Patch Tuesday Sees More Than 90 Vulnerabilities Patched

August 2019 Patch Tuesday has seen Microsoft issue fixes for 93 vulnerabilities across Windows, Microsoft Browsers, Microsoft Office, and Outlook. 26 of the vulnerabilities have been rated critical. Somewhat unusually, there are no patches to address currently exploited zero-day vulnerabilities in this month’s updates; however, it is still important to apply the updates as soon as possible as it is unlikely to be long before exploits...

Read More
U.S. Utilities Targeted in Phishing Campaign Spreading New RAT
Aug05

U.S. Utilities Targeted in Phishing Campaign Spreading New RAT

U.S. utilities are being targeted in a phishing campaign distributing a new malware variant called LookBack. The spear phishing campaign impersonates a U.S. engineering licensing board and lures recipients into opening an attached Word document. The emails impersonate the U.S. National Council of Examiners for Engineering and Surveying (NCEES) and claim that the recipient has failed an NCEES examination. Further information about the...

Read More
2 Billion Devices Vulnerable to Critical ‘Urgent/11’ VxWorks RCE Flaws
Jul30

2 Billion Devices Vulnerable to Critical ‘Urgent/11’ VxWorks RCE Flaws

Researchers at cybersecurity firm Armis have identified 11 zero-day vulnerabilities in VxWorks, the most popular real time operating system (RTOS). The vulnerabilities are collectively known as ‘Urgent/11’. VxWorks is a real time operating system that is used in approximately 2 billion devices, from routers and VOIP phones to medical devices and critical infrastructure equipment. The vulnerabilities could be exploited in an attack...

Read More
Phishing Campaign Uses Fake Office 365 Site to Download Trickbot Trojan
Jul19

Phishing Campaign Uses Fake Office 365 Site to Download Trickbot Trojan

The Trickbot Trojan is being distributed via a new fake Office 365 phishing website. The website is virtually identical to official Microsoft Office 365 site, complete with a realistic looking URL – get-office365[.]live. Nothing appears untoward on the site. Even all the URLs point to webpages on Microsoft domains. However, a few seconds after landing on the site a popup warning will appear from either the Chrome Update Center...

Read More
Phishing Campaign Uses SHTML Files to Redirect Users to Malicious Websites
Jul19

Phishing Campaign Uses SHTML Files to Redirect Users to Malicious Websites

A novel new phishing campaign has been detected that uses an unusual method of directing users to malicious websites that harvest credentials. Phishing campaigns typically use embedded hyperlinks in the message body. Advanced email security solutions can detect and assess the URLs to determine whether they are malicious. To get around this, hyperlinks are often hidden in documents or macros or scripts are hidden in other types of...

Read More
Patch Issued for Critical Drupal 8.7.4 Vulnerability
Jul18

Patch Issued for Critical Drupal 8.7.4 Vulnerability

A critical flaw in the Drupal website content management system (CMS) has been patched. The vulnerability is in the core component of the CMS and could allow a threat actor to compromise and take full control of a website. The vulnerability was introduced in Drupal version 8.7.4 and occurs when the currently experimental Workspaces module is enabled. That creates an exploitable access bypass condition. The flaw is being tracked as...

Read More
Patch Tuesday July 2019: 15 Critical Vulnerabilities Fixed Including 2 Actively Exploited Zero Days
Jul09

Patch Tuesday July 2019: 15 Critical Vulnerabilities Fixed Including 2 Actively Exploited Zero Days

Patch Tuesday July 2019 has seen Microsoft fix 77 vulnerabilities including 15 rated critical and two actively exploited zero days.  Six of the vulnerabilities patched this month had been previously disclosed to the public. The two actively exploited zero-days are both privilege escalation vulnerabilities. The first – CVE-2019-0880 – affects how the 64-bit printer spooler service on 64-bit Windows systems – splwow64.exe –...

Read More
New Mac Malware Being Pushed via High Ranking Websites
Jul03

New Mac Malware Being Pushed via High Ranking Websites

A new form of Mac malware has been discovered that is being distributed through a variety of websites that rank high in the Google search results. The malware is a Trojan that masquerades as an Adobe flash installer but is really an Apple disk image file (.dmg) that delivers the malware payload, malicious applications and various browser extensions. The malware has been dubbed OSX/CrescentCore and several installers have been captured...

Read More
Second Major Florida Ransomware Attack Raises Ransom Total to $1.1 Million in a Month
Jul01

Second Major Florida Ransomware Attack Raises Ransom Total to $1.1 Million in a Month

Two Florida cities suffered major ransomware attacks in the past month that wiped out their computer and phone systems. First came the news that Riviera Beach had suffered a major ransomware attack. The attack started on May 29, 2019 and was detected the following day. The ransomware took the city’s phone system, email system, and water payment system out of action. A ransom demand of 65 Bitcoin ($592,000) was issued by the attackers...

Read More
QR Code Phishing Scam Targets Cofense Customers
Jun28

QR Code Phishing Scam Targets Cofense Customers

A new phishing campaign has been detected that uses QR codes to hide the hyperlink to a phishing webpage. Not only does this tactic bypass security solutions that search for potentially malicious URLs, by using a QR code the recipient must switch from the business network to their mobile phone to view the document. The corporate network may have a web filter, sandboxes, and other cybersecurity protections to prevent users from...

Read More
Millions of Computers Vulnerable to Dell SupportAssist Flaw
Jun26

Millions of Computers Vulnerable to Dell SupportAssist Flaw

A vulnerability has been identified in Dell SupportAssist software that is pre-installed on millions of Dell PCs and laptops. The privilege escalation flaw could be exploited by malicious software or a logged-in user to elevate privileges to administrator level. The flaw affects both the home 9 (v 3.2.1 and prior) and business (v 2.0) versions of the SupportAssist utility, which is the new name for Dell System Detect. The purpose of...

Read More
MSP Remote Access Tools Abused to Deploy Ransomware on Client Networks
Jun21

MSP Remote Access Tools Abused to Deploy Ransomware on Client Networks

Managed service providers (MSPs) are being warned about a spate of attacks that has seen hackers infiltrate MSP systems, compromise their remote management tools, and use them to deploy ransomware on client networks. It is not hard to see the attraction with attacking MSPs. If access can be gained to the MSP network, hackers potentially have access to all the MSP clients through the remote management tools they use to serve their...

Read More
Microsoft Urges Azure Customers to Update Exim to Fix Actively Exploited Vulnerability
Jun18

Microsoft Urges Azure Customers to Update Exim to Fix Actively Exploited Vulnerability

Microsoft has issued a stern warning to Azure customers to update their virtual machines and ensure they are running Exim version 4.92. Recently, a zero-day Linux Exim mail server vulnerability (CVE-2019-10149) was discovered and an exploit has now been developed and is being used in real-world attacks, including an extensive worm campaign on millions of vulnerable Linux servers. Microsoft explained in a recent advisory that certain...

Read More
Free GandCrab Ransomware Decryptor Released for Versions 5.0 and 5.2
Jun18

Free GandCrab Ransomware Decryptor Released for Versions 5.0 and 5.2

Bitdefender has released a decryption tool that can be used to recover files encrypted by all GandCrab ransomware variants, including 5.0 and 5.2. Three decryptors have previously been developed for specific GandCrab ransomware versions. However, as soon as a decryptor was developed, a new version of the ransomware was released. GandCrab ransomware was one of the most widely used ransomware variants in 2018. Since it was first...

Read More
June 2019 Patch Tuesday: Microsoft Corrects 88 Vulnerabilities
Jun11

June 2019 Patch Tuesday: Microsoft Corrects 88 Vulnerabilities

June 2019 Patch Tuesday has seen Microsoft release 88 patches to address recently discovered vulnerabilities. 20 of the vulnerabilities have been rated critical, and 4 advisories and one servicing stack update have been released. None of the vulnerabilities are believed to have been exploited in the wild. Included in this month’s round of updates are patches to correct four publicly disclosed vulnerabilities – those identified and...

Read More
U.S. Coast Guard Issues Warning Following Increase in Cyberattacks on Ships
Jun11

U.S. Coast Guard Issues Warning Following Increase in Cyberattacks on Ships

A rise in malware attacks on commercial vessels has prompted the U.S. Coast Guard to issue a warning to ship owners about the increased risk of attack. Cybersecurity best practices for commercial vessels have also been released to help ship owners and shipping firms improve security. The latest alert is the second to be issued in the past three months. In May, the U.S. Coast Guard warned about an ongoing spear phishing campaign...

Read More
BlueKeep Exploit Developed That Allows Full Takeover of Windows 7 or Windows 2008 Device in 22 Seconds
Jun06

BlueKeep Exploit Developed That Allows Full Takeover of Windows 7 or Windows 2008 Device in 22 Seconds

A working exploit for the Microsoft BlueKeep flaw (CVE-2019-0708) has been developed that allows a full, remote account takeover in 22 seconds with no user interaction required. The reverse engineer Zǝɹosum0x0 developed a MetaSploit module which allowed the flaw to be exploited. The exploit was combined with the MimiKatz tool to obtain login credentials, which allowed full control of a vulnerable Windows 2008 device to be gained...

Read More
New Zero-Day Vulnerability Identified in Microsoft Remote Desktop Services
Jun05

New Zero-Day Vulnerability Identified in Microsoft Remote Desktop Services

A zero-day vulnerability has been identified in Microsoft Remote Desktop Services which could allow an attacker to hijack an existing session that has been locked. By exploiting the vulnerability, the lock screen can be bypassed, even if two-factor authentication has been implemented. The zero-day vulnerability was discovered by Carnegie Mellon University Software Engineering Institute’s Joe Tammariello and concerns Microsoft’s...

Read More
MacOS Zero-Day Vulnerability Allows Synthetic Mouse Clicks to Run Malicious Code
Jun04

MacOS Zero-Day Vulnerability Allows Synthetic Mouse Clicks to Run Malicious Code

A zero-day vulnerability has been discovered in Apple’s Mojave operating system which could be exploited to run malicious code on vulnerable devices without being detected. The zero-day flaw was discovered by Digita Security’s chief research officer Patrick Wardle. The flaw is in Mojave’s application verification system and could be exploited to run whitelisted applications that have been doctored to run malicious code by mimicking...

Read More
BlueKeep RDP Vulnerability Still Not Patched on Almost 1 Million Devices
May30

BlueKeep RDP Vulnerability Still Not Patched on Almost 1 Million Devices

The critical, wormable BlueKeep RDP vulnerability (CVE-2019-0708) that was patched by Microsoft on May 14 has still not been addressed on almost 1 million devices, according to Robert Graham, head of offensive security research at Errata Security. Graham conducted a rdpscan using a scanning tool on top of a masscan port scanner. The tool allowed him to scan the Internet for devices that have not had the BlueKeep RDP bug corrected. In...

Read More
HawkEye Keylogger Used in Targeted Attacks on Businesses
May29

HawkEye Keylogger Used in Targeted Attacks on Businesses

Businesses around the world are being targeted by threat actors distributing the Hawkeye keylogger. IBM X-Force researchers identified major campaigns in April and May that targeted businesses across a range of industry sectors, including healthcare, transportation, logistics, marketing, agriculture, and importers and exporters. The Hawkeye keylogger was first identified in 2013 and is still under active development. The malware is...

Read More
Exploit for Zero Day Flaw in Windows Task Scheduler Released Online
May23

Exploit for Zero Day Flaw in Windows Task Scheduler Released Online

Security researcher ‘SandboxEscaper’ has released a PoC exploit for yet another vulnerability in Windows Task Scheduler, just a few days after the latest round of patches were issued by Microsoft. This is the 5th exploit for a new zero-day exploit in Windows that has been publicly disclosed by SandboxEscaper. She also claims to have a further four exploits for zero-day vulnerabilities that have not yet been disclosed. The latest bug...

Read More
More Than 1 Million Machines Still Vulnerable to EternalBlue Exploit
May22

More Than 1 Million Machines Still Vulnerable to EternalBlue Exploit

In March 2017, Microsoft released the MS17-010 patch to correct a flaw in Windows Server Message Block (SMB) v1 that was exploited by WannaCry ransomware two months later. That global malware attack should have served as a warning that patching the vulnerability was essential. As if that was not warning enough, soon after WannaCry came NotPetya and BadRabbit. Yet, three years on, many computers remain vulnerable and have still not had...

Read More
Unistellar Hacking Group Deletes More Than 12,500 Unsecured MongoDB Databases
May20

Unistellar Hacking Group Deletes More Than 12,500 Unsecured MongoDB Databases

There has been a spate of attacks on businesses running unsecured MongoDB databases in the past three weeks that has seen the attackers delete databases and demand payment to restore the data. The attacks have been conducted by the Unistellar hacking group. This is the largest campaign targeting MongoDB databases since the widespread attacks in 2017. At the time of writing, the latest campaign has seen more than 12,500 databases...

Read More
New Intel MDS Vulnerabilities Allow Sensitive Data to Be Accessed from CPUs
May16

New Intel MDS Vulnerabilities Allow Sensitive Data to Be Accessed from CPUs

Four Microarchitectural Data Sampling (MDS) vulnerabilities have been discovered in Intel processers which could be exploited using a variety of different attack methods to gain access to sensitive information. The flaws can be exploited on computers as well as in cloud environments and can allow information to be obtained from the operating system, applications, virtual machines, and trusted execution environments. The information...

Read More
Microsoft Issues Patches for 79 Vulnerabilities Including Critical Wormable Flaw
May15

Microsoft Issues Patches for 79 Vulnerabilities Including Critical Wormable Flaw

May 2019 Patch Tuesday has seen Microsoft release security updates to correct 79 vulnerabilities including one critical flaw that could potentially be exploited in a WannaCry-style malware attack. The wormable vulnerability (CVE-2019-0708) is in Remote Desktop Services and can be exploited by sending specially crafted requests via Remote Desktop Protocol (RDP). The vulnerability is pre-authentication and requires no user interaction....

Read More
WhatsApp Zero Day Vulnerability Actively Exploited to Spy on Users
May14

WhatsApp Zero Day Vulnerability Actively Exploited to Spy on Users

A WhatsApp zero day vulnerability has been identified which is being exploited to install spyware on users’ devices. The flaw is a buffer overflow vulnerability is in the VOIP stack which can be exploited by sending specially crafted SRTCP packets to the targeted device. No user interaction is required to exploit the flaw. It can be exploited by placing a call to the user’s device. It does not matter whether the call is answered,...

Read More
Microsoft SharePoint Server Flaw Actively Exploited in the Wild
May13

Microsoft SharePoint Server Flaw Actively Exploited in the Wild

A remote code execution vulnerability in Microsoft SharePoint (CVE-2019-0604) is being actively exploited in the wild by multiple threat actors who are leveraging the flaw to deliver malware. SharePoint is a collaboration tool that integrates with Microsoft Office. Many organizations run SharePoint Server, which is installed on their IT infrastructure to give greater control of SharePoint. If the flaw is exploited, it could give an...

Read More
Warning Issued over Electricfish Malware used by North Korea-Backed Threat Group Hidden Cobra
May13

Warning Issued over Electricfish Malware used by North Korea-Backed Threat Group Hidden Cobra

US-CERT has issued a warning about a new malware variant dubbed Electricfish, which is reportedly being used by the North Korea-backed threat group Hidden Cobra, aka Lazarus. The malware is packaged as a Windows 32-bit executable file and establishes a custom protocol that allows traffic to be funneled between two IP addresses. The malware continuously attempts to contact the source and the designation system, which allows both sides...

Read More
Antivirus Tool Used by Dharma Ransomware to Hide Malicious Activity
May10

Antivirus Tool Used by Dharma Ransomware to Hide Malicious Activity

Security researchers at Trend Micro have discovered the threat actors behind Dharma ransomware are using a legitimate AV tool to hide the malicious activities of their ransomware. Dharma ransomware first surfaced in 2016 and has since been used in many attacks on businesses, in particular attacks on healthcare organizations in the United States. The ransomware variant is distributed via spam email which contains a link to a web page...

Read More
Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends
May08

Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends

Verizon has released its 2019 Data Breach Investigations Report. The annual report provides an in-depth analysis of global data breaches, new cyberattack trends, and an overview of the current threat landscape. This is the 12th consecutive year that Verizon has produced the report and this year’s instalment is most extensive DBIR report released to date.  Verizon now collects data from 73 sources and included 41,686 reported security...

Read More
Large Enterprises Targeted in Major MegaCortex Ransomware Campaign
May07

Large Enterprises Targeted in Major MegaCortex Ransomware Campaign

A new strain of MegaCortex ransomware is being used in targeted attacks on large enterprises. The campaign has seen a large number of attacks performed in the past week according to Sophos. MegaCortex ransomware first surfaced in January 2019 and since then the number of attacks has grown steadily, although the past few days have seen a massive spike in attacks. Sophos reports that over a 48-hour period, 47 large enterprises were...

Read More
DHS Orders Federal Agencies to Address Critical Vulnerabilities Within 15 Days
May02

DHS Orders Federal Agencies to Address Critical Vulnerabilities Within 15 Days

The U.S. Department of Homeland Security has issued a binding operational directive (BOD) which requires all federal agencies to correct critical vulnerabilities in Internet-accessible systems within 15 days of detection, and high severity vulnerabilities within 30 days of detection. Federal agencies are increasingly deploying Internet-accessible systems which are interconnected with complex IT systems. Vulnerabilities in those...

Read More
Sodinokibi Ransomware Spread via Oracle WebLogic Server Exploit
May01

Sodinokibi Ransomware Spread via Oracle WebLogic Server Exploit

A new ransomware variant named Sodinokibi is being used in attacks that exploit a recently disclosed vulnerability in Oracle WebLogic Server – CVE-2019-2725. Oracle released an out-of-band patch to address the flaw on April 26 following several reported cases of the vulnerability being exploited in the wild. Oracle WebLogic Server is part of Oracle Middleware, which is used by many large enterprises. Even though the...

Read More
Biggest Malware Threats in Healthcare Revealed
Apr30

Biggest Malware Threats in Healthcare Revealed

A recent report from Malwarebytes has revealed Trojans are the biggest malware threat. Trojans account for 79% of all malware detected on healthcare systems by Malwarebytes. The Emotet Trojan is the leading malware variant, accounting for 37% of all detected Trojans. While the Emotet Trojan was once just a banking Trojan concerned with obtaining credentials to online bank accounts, it has since evolved to include a wide range of...

Read More
Exploitable Flaws Discovered in New WPA3 Wi-Fi Security Standard
Apr25

Exploitable Flaws Discovered in New WPA3 Wi-Fi Security Standard

The next generation of Wi-Fi security – WPA3 – was launched in the summer of 2018, which promised to be the most secure form of Wi-Fi with the vulnerabilities of WPA2 eliminated. However, WPA3 was found to not be as secure as was initially thought. In total, five methods have been identified that allow the WPA3 standard to be hacked to obtain WiFi passwords. The hacking methods were uncovered by Mathy Vanhoef of New York University...

Read More
New Malvertising Campaign Detected Using Highly Sophisticated Aftershock-3PC Malware
Apr19

New Malvertising Campaign Detected Using Highly Sophisticated Aftershock-3PC Malware

A new form of malware named Aftershock-3PC is being used in a major malvertising campaign. The malware uses a range of advanced techniques to avoid detection. The malware is being used in malvertising attacks via more than 200 premium ad networks. The malware is polymorphic and constantly changes its code to evade detection and uses over 30 different domains to avoid being detected by signature-based anti-malware solutions used by...

Read More
297 Flaws Patched by Oracle in its April Security Update
Apr18

297 Flaws Patched by Oracle in its April Security Update

Oracle’s April security update includes patches for 297 vulnerabilities across its product suite. Users of Oracle products have been advised to update the products as soon as possible to prevent the vulnerabilities from being exploited. This is especially important for this security update as it includes 53 critical bugs that have been assigned a CVSS v3 base score of 9.0 or above. 47 of those have a CVSS v3 score of 9.8. The patches...

Read More
DHS and FBI Issue Warning About New North Korean Hoplight Trojan
Apr16

DHS and FBI Issue Warning About New North Korean Hoplight Trojan

The U.S Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have both issued advisories about a new Trojan called Hoplight which is being used by the Lazarus APT group. Lazarus is a North Korea-backed hacking group, also known as Hidden Cobra, Zinc, and Nickel Academy. The hacking group primarily uses spear phishing to install malware on high value targets. The group is primarily concerned with...

Read More
Microsoft Confirms Support Agent’s Credentials were Compromised and Customers’ Email Data Potentially Accessed
Apr16

Microsoft Confirms Support Agent’s Credentials were Compromised and Customers’ Email Data Potentially Accessed

Microsoft has experienced a data breach that has lasted at least three months. During that time, hackers were able to access affected users’ email addresses, email subject lines, folder names, and email contacts. The breach affected certain users of its web email services: Hotmail, MSN, and Outlook. A Microsoft support agent’s account details were compromised on January 1, 2019 which allowed the attackers to gain access to information...

Read More
Cryptocurrency Mining Malware Still Dominates the Malware Threat Landscape
Apr11

Cryptocurrency Mining Malware Still Dominates the Malware Threat Landscape

The latest Global Threat Index report from Check Point shows cryptocurrency mining malware continues to be the biggest malware threat, even with the demise of Coinminer. Coinminer has topped the list of the most prevalent malware since December 2017. Coinminer is no longer active, but its code is still present on many websites and could be reactivated at any point.  In its place, is another cryptocurrency mining malware variant –...

Read More
The Baldr Information Stealer: A Dangerous New Malware Threat
Apr11

The Baldr Information Stealer: A Dangerous New Malware Threat

A new information stealer has been detected which could become a long-term threat. The Baldr information stealer is not especially sophisticated and lacks persistence, but it can exfiltrate data quickly once downloaded in a ‘smash and grab’ attack. The Baldr information stealer will not survive a reboot and is incapable of spreading to other devices, but for most threat actors that will not pose any problems. Once downloaded, Baldr...

Read More
Adobe Patches 24 Critical RCE Vulnerabilities
Apr10

Adobe Patches 24 Critical RCE Vulnerabilities

Adobe has patched 43 vulnerabilities on April 2019 Patch Tuesday. 24 of the vulnerabilities have been rated critical and are remote code execution vulnerabilities. They are present in Acrobat Reader, Adobe Shockwave Player, and Adobe Flash. The remainder of the vulnerabilities have been rated Important or moderate and affect Adobe Flash Player, Shockwave Player, Dreamweaver, Adobe XD CC, Adobe Experience Manager Forms, InDesign, and...

Read More
April 2019 Patch Tuesday: Microsoft Fixes 74 Vulnerabilities
Apr10

April 2019 Patch Tuesday: Microsoft Fixes 74 Vulnerabilities

Microsoft has released fixes for 74 vulnerabilities on April 2019 Patch Tuesday, two of which are being actively exploited in the wild. The two zero-day Windows vulnerabilities that are being actively exploited are CVE-2019-0803 and CVE-2019-0859. Both of these are elevation of privilege vulnerabilities and are due to how the Win32k component handles objects in the memory. If exploited, an attacker could execute malicious code in...

Read More
Verizon Pushing Firmware Upgrade that Addresses Serious Router Command Injection Flaw
Apr09

Verizon Pushing Firmware Upgrade that Addresses Serious Router Command Injection Flaw

Millions of Verizon routers are affected by a command injection flaw that could allow an attacker to gain full control of the device. The flaw affects Fios Quantum Gateway routers and is one of three vulnerabilities that have been addressed by Verizon in the latest version of its firmware. The most serious flaw, tracked as CVE-2019-3914, has been assigned a CVSS v3 base score of 8.5 and affects the API backend of the router. If...

Read More
Beware of Tax Season Phishing Scams
Apr04

Beware of Tax Season Phishing Scams

Cybercriminals have stepped up their efforts to scam U.S. taxpayers into divulging their sensitive information and installing malware. Many elaborate tax season phishing scams have been detected in 2019. Phishing scams are common during tax season. Tax-themed phishing emails are sent which contain a hyperlink that directs the recipient to a website where they are asked to enter information such as their name, address, DOB, and Social...

Read More
Cisco Releases 24 Patches to Address ISO XE Software Vulnerabilities
Mar28

Cisco Releases 24 Patches to Address ISO XE Software Vulnerabilities

Cisco has released 25 patches that address 19 high-severity and 6-medium-severity flaws, most of which are present in its ISO XE operating system used by its networking products such as switches, controllers, and routers. 15 of the 19 high severity vulnerabilities are in the Internetworking Operating System IOS XE, several of which could allow unauthenticated attackers to gain root privileges on vulnerable devices and execute...

Read More
Apple Patches 51 Serious Security Flaws in iOS 12.2 Update
Mar27

Apple Patches 51 Serious Security Flaws in iOS 12.2 Update

Apple has released a new update of its iOS operating system for iPhone 5s and later, iPad Air and later, and 6th gen iPods. An update is also available for tvOS for Apple TV HD and Apple TV 4K. The latest version of the operating system includes patches for 51 serious flaws that could potentially be exploited for DoS attacks, privilege escalation, gaining root access to vulnerable devices, stealing data, and executing malicious code....

Read More
One Third of Organizations Have Experienced A Security Breach Involving Remote Workers
Mar26

One Third of Organizations Have Experienced A Security Breach Involving Remote Workers

Robust defenses may have been implemented to protect networks from cyberattacks, but the same level of protection is not always applied for remote workers. Allowing employees to work remotely may improve staff morale and can even lead to an increase in productivity, but it also introduces risk. Those risks have been made clear by a recent survey conducted by the virtual private network solution provider OpenVPN. The study was...

Read More
7 Out of 10 Ransomware Attacks are on SMBs
Mar25

7 Out of 10 Ransomware Attacks are on SMBs

71% of ransomware attack are on SMBs, according to a new report from Beazley Breach Response (BBR) Services When an attack involves widespread encryption across an organization’s network ransom demands can be very high. The highest ransom demand received by a client was $8.5 million. The ransom wasn’t paid, but some companies have no alternative other than to pay the ransom demand. One client paid $935,000 for the keys to unlock...

Read More
Microsoft Will End Support for Windows 7 in January 2020
Mar22

Microsoft Will End Support for Windows 7 in January 2020

Microsoft has announced that support for Windows 7 will come to an end on January 14, 2020. All Windows 7 users will be advised to upgrade to Windows 10 as soon as possible. Windows 7 users will receive notifications on screen to alert them that the OS is approaching end of life when they install the latest KB4493132 update, which will be made available through Windows Update. The update is not mandatory. Users will have the option of...

Read More
New Mirai Variant Targets Enterprise Wireless Presentation Systems
Mar20

New Mirai Variant Targets Enterprise Wireless Presentation Systems

Enterprise wireless presentation systems and signage TVs are being attacked by the latest Mirai variant, according to new research from Palo Alto Networks’ Unit 42 team. Previously, the threat actors behind Mirai have mostly focused on attacking vulnerable consumer IoT devices, but there are benefits to be gained from attacking enterprise IoT devices. A successful attack will give the attackers greater bandwidth to use in DDoS...

Read More
MFA Bypassed in IMAP-Based Attacks on Office 365 and G Suite Accounts
Mar15

MFA Bypassed in IMAP-Based Attacks on Office 365 and G Suite Accounts

Multi-factor authentication can prevent accounts from being accessed if passwords are stolen or obtained using brute force tactics; however, Proofpoint has discovered that multi-factor authentication is being bypassed on Office 365 and G Suite accounts using the legacy IMAP protocol. The IMAP authentication protocol bypasses MFA and attackers are able to avoid being locked out of accounts. The methods used made failed login attempts...

Read More
March 2019 Patch Tuesday: 2 Actively Exploited Bugs Patched by Microsoft
Mar13

March 2019 Patch Tuesday: 2 Actively Exploited Bugs Patched by Microsoft

March 2019 Patch Tuesday has seen Microsoft issue fixes for 64 vulnerabilities, two of which are being actively exploited in the wild.   The two actively exploited flaws are being tracked as CVE-2019-0808 and CVE-2019-0797. The first is a zero-day vulnerability in the Win32k component of Windows that could be exploited by an authenticated user to elevate privileges and execute arbitrary code. The flaw was identified by Google’s...

Read More
Verifications.io MongoDB Misconfiguration Exposed 2 Billion Records
Mar13

Verifications.io MongoDB Misconfiguration Exposed 2 Billion Records

The enterprise email verification service, Verifications.io, has exposed around 2 billion records due the misconfiguration of MongoDB instances. The data leak was discovered by researcher Bob Diachenko, who identified an unsecured 150 GB MongoDB instance. Analysis of the database showed it contained around 809 million records. However, a subsequent analysis by DynaRisk revealed four MongoDB instances had been exposed, which in total...

Read More
Jackson County, Georgia Pays $400,000 Ransom to Recover Encrypted Files
Mar11

Jackson County, Georgia Pays $400,000 Ransom to Recover Encrypted Files

After considering the potential costs and benefits, Jackson County, Georgia determined that paying the ransom demand to unlock files encrypted in ransomware attack was the best option, even though the ransom demand was around $400,000. The attack occurred over the weekend of March 2/3, 2019, and resulted in the widespread encryption of data. The email system of the country’s government was taken out of action, and even systems used by...

Read More
Google Chrome and Windows 7 Flaws Being Actively Exploited in the Wild
Mar08

Google Chrome and Windows 7 Flaws Being Actively Exploited in the Wild

All Chrome users have been advised to update to the latest version of the browser – 72.0.3626.121 – as soon as possible to prevent a zero-day flaw from being exploited. Google released the new Chrome version on March 1, 2019, which addressed a use-after-free vulnerability in the FileReader component of Chrome that is being tracked as CVE-2019-5786. FileReader is an API used by web applications to read the contents of files...

Read More
Actively Exploited Zero-Day ColdFusion Vulnerability Patched by Adobe
Mar04

Actively Exploited Zero-Day ColdFusion Vulnerability Patched by Adobe

Adobe has issued an out-of-band update to correct the actively exploited ColdFusion vulnerability CVE-2019-7816. The zero-day flaw in its web application development platform is a file upload restriction bypass issue. If exploited, the flaw could allow remote code execution. At least one threat actor is known to be exploiting the flaw in the wild. According to Adobe, in order to exploit the flaw, an attacker would need to have the...

Read More
WinRAR Vulnerability Actively Exploited in the Wild to Install Backdoor
Feb27

WinRAR Vulnerability Actively Exploited in the Wild to Install Backdoor

The 19-year old WinRAR vulnerability that was recently identified by Check Point is being exploited in the wild to install a backdoor that allows remote access. An updated version of WinRAR was released in January to correct the flaw, but many users have yet to update to the latest version of the file compression tool. In January it was estimated that around 500 million individuals worldwide had a vulnerable version of WinRAR...

Read More
B0r0nt0K Ransomware Attack Could Cost You $75,000
Feb25

B0r0nt0K Ransomware Attack Could Cost You $75,000

A new cryptoransomware threat called B0r0nt0K ransomware is being used to encrypt files on Linux and Windows servers. If you haven’t backed up, you will have to pay a ransom of 20 Bitcoin – Around $75,000 – to recover your files.   The new threat was reported to Bleeping Computer by a forum user whose client had been attacked with the new ransomware variant and had website files encrypted. B0r0nt0K Ransomware encrypted all files...

Read More
Zero-Day WinRAR Remote Code Execution Flaw Allows Full PC Takeover
Feb22

Zero-Day WinRAR Remote Code Execution Flaw Allows Full PC Takeover

A patch has been released to correct a 19-year old zero-day WinRAR remote code execution vulnerability. The flaw was identified by security researchers at Check Point who were able to successfully exploit the flaw to take full control of a vulnerable computer. All that is required is to send an email to someone with an out-of-date version of the software installed on their computer and convince them to open an attached compressed...

Read More
Businesses Targeted in Ongoing Credential-Stealing Separ Malware Phishing Attack
Feb21

Businesses Targeted in Ongoing Credential-Stealing Separ Malware Phishing Attack

An ongoing phishing campaign is targeting businesses and distributing the information-stealing Separ malware. The campaign has mostly concentrated on businesses in South East Asia and the Middle East, although some businesses in North America have also been attacked. The Separ information stealer has been in use since September 2017, with earlier versions of the info-stealer dating back to 2013. The latest campaign, which uses an...

Read More