Maze Ransomware now Uses Virtual Machines to Evade Endpoint Defenses
Sep21

Maze Ransomware now Uses Virtual Machines to Evade Endpoint Defenses

The operators of Maze ransomware have adopted a new tactic to evade endpoint security solutions. The gang has been observed encrypting computers from inside virtual machines, a tactic also used by the operators of Ragnar Locker ransomware. The new tactic was discovered by researchers at Sophos when responding to a ransomware attack on one of their customers. The Maze gang twice attempted to launch ransomware executables but were...

Read More
Ransomware Attack on Hospital Leads to the Death of a Patient
Sep18

Ransomware Attack on Hospital Leads to the Death of a Patient

A ransomware attack on a German hospital that took critical systems out of action and forced the cancellation of appointments and the temporary closure of its emergency department has led to the death of a patient. On or before September 10, 2020, Düsseldorf University Clinic was attacked with ransomware. The file encryption caused systems to crash and prevented patient information from being accessed. The extent of the encryption and...

Read More
Billions of Devices Vulnerable to ‘BLESA’ Bluetooth Spoofing Vulnerability
Sep16

Billions of Devices Vulnerable to ‘BLESA’ Bluetooth Spoofing Vulnerability

A vulnerability has been discovered in the Bluetooth Low Energy (BLE) reconnection process that could be exploited by an attacker to bypass the reconnection authentication requirements and send spoofed data to a device. The BLE protocol is a slimline version of standard Bluetooth that was developed to keep Bluetooth connections active while conserving battery power. Due to the low power requirements, BLE has proven popular with...

Read More
Hacking Group Observed Installing Weave Scope Tool to Gain Visibility and Control of Business Cloud Environments
Sep11

Hacking Group Observed Installing Weave Scope Tool to Gain Visibility and Control of Business Cloud Environments

The threat detection and response firm Intezer has observed a hacking group using the Weave Scope visualization and monitoring tool to gain visibility into and take control of compromised Docker and Kubernetes cloud environments. The hacking group, referred to as TeamTNT by Intezer, is known to target Docker and Kubernetes systems and has been observed using a credential-stealing worm to discover and exfiltrate AWS login credentials....

Read More
Adobe Patches 12 Critical Flaws in Experience Manager, InDesign, and Framemaker
Sep09

Adobe Patches 12 Critical Flaws in Experience Manager, InDesign, and Framemaker

Adobe has released patches to correct 18 flaws on September 2020 Patch Tuesday. The flaws exist in Adobe Experience Manager, Adobe InDesign, and Adobe Framemaker. 12 of the vulnerabilities have been rated critical, with the rest rated important. 5 patches have been released to correct critical cross-site scripting vulnerabilities in Adobe Experience Manager (CVE-2020-9732, CVE-2020-9734, CVE-2020-9740, CVE-2020-9741, and...

Read More
September 2020 Patch Tuesday: Microsoft Fixes 129 Vulnerabilities; 20 Critical
Sep09

September 2020 Patch Tuesday: Microsoft Fixes 129 Vulnerabilities; 20 Critical

Microsoft has issued patches to correct 129 vulnerabilities on September 2020 Patch Tuesday, 32 of which are remote code execution vulnerabilities and 20 have been rated critical. The vulnerabilities are spread across 15 products. While there is a large number of critical vulnerabilities in this month’s round of updates, none of the vulnerabilities are currently being exploited in the wild, although exploits for some of the flaws are...

Read More
Microsoft Will End Support for Adobe Flash Player on January 1, 2020
Sep07

Microsoft Will End Support for Adobe Flash Player on January 1, 2020

Microsoft has announced that web browser support for Adobe Flash Player will end on January 1, 2021. Adobe Flash Player will no longer be distributed or updated from December 31, 2020. The Security Update for Adobe Flash Player, which is usually released on Patch Tuesday every month for Microsoft Edge and Internet Explorer will end after December 2020. “Beginning in January 2021, Adobe Flash Player will be disabled by default...

Read More
New Cryptocurrency Stealing KryptoCibule Malware Family Identified
Sep03

New Cryptocurrency Stealing KryptoCibule Malware Family Identified

For the past two years, a cryptocurrency-stealing malware named KryptoCibule has been used to mine cryptocurrency on victims’ machines, steal cryptocurrency wallets, and hijack transactions. Malware targeting cryptocurrency tends to either involve mining cryptocurrency or stealing wallets/hijacking transactions. This malware does all three and also plants a backdoor into victim’s devices, allowing them to be remotely accessed....

Read More
Phishing Campaign Offering PPE Delivers Agent Tesla RAT
Sep01

Phishing Campaign Offering PPE Delivers Agent Tesla RAT

Researchers at Area 1 Security have identified a phishing scam that spoofs legitimate chemical companies, exporters and importers to deliver the Agent Tesla Remote Access Trojan (RAT). The phishing emails offer the recipient personal protective equipment (PPE) such as forehead temperature thermometers, disposable face masks, and other medical supplies that have been in short supply. The emails claim that the company has started mass...

Read More
New Version of Qbot Trojan Can Hijack Email Threads
Aug28

New Version of Qbot Trojan Can Hijack Email Threads

Check Point researchers have identified a new version of the Qbot Trojan, a malware threat that first appeared 12 years ago. Qbot is an information stealer that attempts to steal banking information, credit card numbers, passwords, cookies, and emails. It is also known to download other malware variants, including ransomware.  Remote connections can also be made with infected devices to make bank transactions from the victim’s IP...

Read More
New “FritzFrog” P2P Botnet Targeting SSH Servers of Banks, Medical Centers, Government Offices and Universities
Aug21

New “FritzFrog” P2P Botnet Targeting SSH Servers of Banks, Medical Centers, Government Offices and Universities

A new, sophisticated, and stealthy peer-to-peer (P2P) botnet named FritzFrog has been discovered which is being used to target SSH servers. The botnet was identified and analyzed by security researchers at Guardicore Labs who report that the botnet has been active since at least January 2020 and has been used in targeted attacks on government offices, medical centers, banks, telecoms companies, and education institutions, and finance...

Read More
Microsoft Releases Out of Band Update for Windows 8.1, RT 8.1, and Windows Server 2012 R2
Aug20

Microsoft Releases Out of Band Update for Windows 8.1, RT 8.1, and Windows Server 2012 R2

Microsoft has released an out of band update for Windows 8.1, RT 8.1, and Windows Server 2012 R2 to fix two privilege escalation flaws in the Windows Remote Access service. The two flaws – tracked as CVE-2020-1530 and CVE-2020-1537 – affect all supported versions of Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 and are due to improper handling of memory. In order to exploit the flaws, an attacker would need to have...

Read More
Patch Critical Citrix Endpoint Management (XenMobile Servers) Vulnerabilities Now
Aug13

Patch Critical Citrix Endpoint Management (XenMobile Servers) Vulnerabilities Now

Five vulnerabilities, including two critical flaws, have been identified in Citrix Endpoint Management (CEM) – also known as XenMobile Server – which is used by businesses to manage employees’ mobile devices and applications, apply updates, and manage security settings. The critical flaws – tracked as CVE-2020-8208 and CVE-2020-8209 – could be exploited remotely and would allow an unauthenticated individual to access domain...

Read More
Popular Keylogger and Info Stealer Now Steals Credentials from Browsers and VPNs
Aug12

Popular Keylogger and Info Stealer Now Steals Credentials from Browsers and VPNs

Agent Tesla malware has received an update. The information stealer and keylogger can now steal passwords from browsers, VPN clients, FTP and email clients. Agent Tesla is a .Net-based remote access Trojan (RAT) that first appeared in 2014. The malware is offered for sale on hacking forums and darknet marketplaces and has proven to be a popular choice with low-level hackers and BEC scammers. The malware can be used in various stages...

Read More
Microsoft Fixes 120 Vulnerabilities on August 2020 Patch Tuesday, Including 17 Critical Flaws
Aug11

Microsoft Fixes 120 Vulnerabilities on August 2020 Patch Tuesday, Including 17 Critical Flaws

August 2020 Patch Tuesday has seen Microsoft release 120 patches covering 13 products and a Servicing Stack Update for Windows 10 advisory. 17 of the vulnerabilities are rated critical, including 2 zero days, and 103 have been rated important. The two zero days are being actively exploited and an exploit for one of those flaws has been released publicly, so it is important for the security updates to be applied as soon as possible....

Read More
Adobe Fixes 26 Vulnerabilities Including 11 Critical Flaws
Aug11

Adobe Fixes 26 Vulnerabilities Including 11 Critical Flaws

Adobe has released patches to address 26 vulnerabilities in Adobe Acrobat and Adobe Reader, including 11 flaws that have been rated critical. The critical flaws could be exploited to bypass security controls, with 9 of the critical flaws allowing the remote execution of arbitrary code. The remote code execution vulnerabilities are a mix of out-of-bounds write vulnerabilities (CVE-2020-9693 and CVE-2020-9694), use-after-free...

Read More
INTERPOL Report Shows Major Increase in Cyberattacks During the COVID-19 Pandemic
Aug06

INTERPOL Report Shows Major Increase in Cyberattacks During the COVID-19 Pandemic

INTERPOL has completed an assessment of the impact of COVID-19 on cybercrime and has found a major increase in attacks during the pandemic, with cybercriminals shifting their focus from targeting individuals and small businesses to attacking large corporations, critical infrastructure, and government agencies. With many countries implementing lockdowns to curb COVID-19 infections, businesses have been forced into allowing virtually of...

Read More
Online Shopping Scams Have Soared During the COVID-19 Pandemic
Aug05

Online Shopping Scams Have Soared During the COVID-19 Pandemic

There has been a major increase in online shopping scams during the COVID-19 pandemic, according to a recent public service announcement by the FBI. Reports to the FBI’s Internet Crime Complaint Center (IC3) from victims of online shopping scams have soared in recent months. Many of the reports concern orders from websites where the goods are not received or where different items to those ordered were sent. Victims of these scams were...

Read More
FBI Issues Flash Alert Warning of Netwalker Ransomware Attacks
Jul31

FBI Issues Flash Alert Warning of Netwalker Ransomware Attacks

The FBI has issued a Flash Alert following an increase in Netwalker ransomware attacks in the United States. Netwalker ransomware was first identified in March 2020 and was used in an attack on the Australian transportation and logistics company Toll Group. Attacks have also been conducted on an Illinois public health department, a Maryland operator of assisted living facilities, and the University of California, San Francisco. The...

Read More
Vulnerability in Cisco’s Network Security Products Being Actively Exploited
Jul28

Vulnerability in Cisco’s Network Security Products Being Actively Exploited

A high severity flaw in Cisco’s network security products is now being actively exploited. The vulnerability is present in the Cisco products used by many large enterprises and Fortune 500 firms and allows a remote attacker to gain access to sensitive data. The vulnerability is tracked as CVE-2020-3452 and was assigned a CVSS v3 base score of 7.5 out of 10. The flaw is present in the web services interface of Cisco’s Firepower Threat...

Read More
Critical Vulnerability in F5 Networks BIG-IP Devices Exploited in Real-World Attacks
Jul27

Critical Vulnerability in F5 Networks BIG-IP Devices Exploited in Real-World Attacks

On Friday, July 24, 2020, the DHS Cybersecurity and Infrastructure Security Agency (CISA) warned that hackers have started exploiting the CVE-2020-5902 vulnerability in F5 Networks BIG-IP devices. F5 BIG-IP devices are used for load balancing and generally sit between the firewall and a web application. They are used by many Fortune 500 companies, large enterprises, and government agencies and are an attractive target for hackers....

Read More
Out of Band Update Corrects 12 Critical Flaws in Adobe Photoshop, Prelude and Bridge
Jul22

Out of Band Update Corrects 12 Critical Flaws in Adobe Photoshop, Prelude and Bridge

Adobe has issued an out of band update to correct 12 critical vulnerabilities in Adobe Photoshop, Adobe Prelude, and Adobe Bridge, and an information disclosure vulnerability in Adobe Reader Mobile for Android. The critical flaws could all lead to remote code execution on Windows machines in the context of the current user. The impact of the flaws will be limited for standard Windows users, although exploits for the vulnerabilities...

Read More
17-Year Old Critical Wormable DNS Bug Patched by Microsoft
Jul15

17-Year Old Critical Wormable DNS Bug Patched by Microsoft

Microsoft has released a patch for a critical, wormable flaw in Microsoft’s Windows DNS Server that dates back to 2003. The vulnerability, tracked as CVE-2020-1350, was identified by security researchers at Check Point who named it SIGRed. Virtually all businesses will be running DNS with Active Directory and will be affected. Given the number of businesses affected, the ease of exploitation, and how the flaw could be exploited to...

Read More
Maximum Severity Flaw in SAP Could Allow Full Takeover of Enterprise System
Jul14

Maximum Severity Flaw in SAP Could Allow Full Takeover of Enterprise System

The U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency has issued an alert about a critical vulnerability in the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. The flaw, tracked as CVE-2020-6287, can be exploited through HTTP and would allow an attacker to take full control of vulnerable SAP applications. The flaw was discovered by researchers at Onapsis who named...

Read More
Zoom Fixes Zero-Day Legacy Windows RCE Flaw
Jul13

Zoom Fixes Zero-Day Legacy Windows RCE Flaw

A zero-day vulnerability in the Zoom Windows client that could potentially allow remote code execution has now been patched by Zoom. The flaw only affected users running Windows 7 or earlier Windows versions. Later Windows versions were unaffected. Last week, Acros Security announced in a blog post that a zero-day vulnerability had been discovered, and Zoom was notified around the same time. Details about the flaw were not publicly...

Read More
Purple Fox Trojan Developers Create Their Own Exploit Kit and Add Two New Microsoft Exploits
Jul07

Purple Fox Trojan Developers Create Their Own Exploit Kit and Add Two New Microsoft Exploits

The developers of the Purple Fox Trojan/rootkit have created their own exploit kit to distribute their malware and have recently added exploits for two recently patched Microsoft vulnerabilities, according to cybersecurity firm Proofpoint. The first exploit is for the high severity elevation of privilege vulnerability in the Win32k component of Windows, which was patched by Microsoft on October Patch Tuesday 2019. The second exploit...

Read More
Critical Vulnerabilities Identified in Apache Guacamole Remote Access System
Jul03

Critical Vulnerabilities Identified in Apache Guacamole Remote Access System

Security researchers have discovered multiple vulnerabilities in the Apache Guacamole remote access system used by thousands of companies to support home workers. Apache Guacamole is a clientless remote desktop gateway that allows remote workers to access their corporate computers or virtual desktops in the cloud through a web browser. Apache Guacamole supports standard protocols such as VNC, SSH, RDP. The Guacamole server uses one of...

Read More
Microsoft Releases Out of Band Fixes for Two Serious Flaw in the Windows Codecs Library
Jul02

Microsoft Releases Out of Band Fixes for Two Serious Flaw in the Windows Codecs Library

Microsoft has released an out of band update to correct two serious vulnerabilities in the Windows Codecs library, which, if exploited, could allow remote code execution. The operating system uses the built-in Windows Codecs library to handle multimedia content such as photos and videos and handles how large multimedia files are compressed and decoded for playback within applications. The flaws are both concerned with how the Windows...

Read More
Warning Issued Over Maximum Severity Vulnerability in Palo Alto Networks Products
Jul01

Warning Issued Over Maximum Severity Vulnerability in Palo Alto Networks Products

U.S. Cyber Command has issued a warning about a maximum severity vulnerability in the Palo Alto Networks’ operating system. While the flaw is not currently being exploited in the wild, it will be. Advanced persistent threat actors are expected to attempt to exploit the flaw so prompt patching is essential. The severity of this flaw should not be underestimated. The vulnerability, tracked as CVE-2020-2021, is an authentication bypass...

Read More
ESET Reports Doubling of Brute Force Attacks on Remote Desktop Services During the COVID-19 Pandemic
Jun30

ESET Reports Doubling of Brute Force Attacks on Remote Desktop Services During the COVID-19 Pandemic

Cybersecurity firm ESET has analyzed its telemetry data and found there has been a major increase in brute force attacks on remote desktop services during the COVID-19 pandemic. There was a steady increase in attacks between December 1, 2019 and May 1, 2020, rising from around 30,000 brute force attacks a day in early December to around 60,000 daily attacks by the end of the month. Then followed a slight decline, before a sharp rise...

Read More
REvil Threat Group Starts Using New WastedLocker Ransomware
Jun26

REvil Threat Group Starts Using New WastedLocker Ransomware

The Evil Corp Threat Group that was behind the Dridex banking Trojan and BitPaymer ransomware has started using a new ransomware variant in targeted attacks on enterprises. Wastedlocker is a brand-new ransomware variant that has already been used in attacks on around a dozen enterprises. Victims have been issued with ransom demands ranging from $500,000 to more than $1 million. WastedLocker ransomware was first detected by NCC Group’s...

Read More
Newly Discovered Self-Propagating Lucifer Malware Capable of Cryptojacking and DDoS Attacks
Jun25

Newly Discovered Self-Propagating Lucifer Malware Capable of Cryptojacking and DDoS Attacks

Palo Alto Networks’ Unit 42 researchers have identified a new Windows malware dubbed ‘Lucifer’ that drops the XMRig cryptocurrency miner, has Distributed Denial of Service (DDoS) capabilities, and can self-propagate. The malware was named by the author Satan DDoS, but was renamed Lucifer by the Unit 42 researchers so as not to confuse it with Satan ransomware. The Unit 42 team discovered the malware after identifying several new...

Read More
Ripple20: Critical Vulnerabilities in Treck TCP/IP Stack Affect Hundreds of Millions of Devices
Jun17

Ripple20: Critical Vulnerabilities in Treck TCP/IP Stack Affect Hundreds of Millions of Devices

A set of 19 vulnerabilities have been identified in the TCP/IP software library developed by Cincinnati-based Treck Inc., a developer of real-time embedded internet protocols for technology firms. The vulnerabilities were discovered by the Israeli cybersecurity firm JSOF and have been named Ripple20. Treck is a fairly low-profile company that develops low-level internet protocols, which are incorporated into a wide range of devices. A...

Read More
Adobe Out-of-Band Update Fixes 18 Critical Vulnerabilities
Jun17

Adobe Out-of-Band Update Fixes 18 Critical Vulnerabilities

Adobe has issued an out-of-band update correcting 18 critical flaws in Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush, Campaign, and Audition. All 18 flaws allow remote execution of arbitrary code. The updates were released on Tuesday June 16, 2020. Adobe says it is unaware of any public exploits for the vulnerabilities, but users of the above products are strongly advised to update to the latest version of the software...

Read More
6 Vulnerabilities Identified in D-Link DIR-865L Cloud Wireless Routers
Jun16

6 Vulnerabilities Identified in D-Link DIR-865L Cloud Wireless Routers

Security researchers at Palo Alto Network’s Unit 42 team have identified 6 vulnerabilities in the D-Link DIR-865L series of cloud wireless routers, one of which has been rated critical and the remaining 5 are rated high severity. The D-Link DIR-865L series of routers reached end of life in February 2016; however, many are still in use and are vulnerable to attack. After being notified about the flaws, D-Link warned customers that as...

Read More
Fake COVID-19 Contact Tracing Apps Used to Install Malware
Jun11

Fake COVID-19 Contact Tracing Apps Used to Install Malware

Contact tracing and exposure notification apps are being developed in several countries to help control outbreaks of COVID-19. The apps have already been used in several countries and have been shown to help contain local outbreaks and prevent a second major peak of infections. Recent research conducted by the cybersecurity firm Anomali has revealed threat actors have developed fake contact tracing and exposure notification apps which...

Read More
Microsoft Breaks Patch Tuesday Record with Fixes for 129 Vulnerabilities
Jun10

Microsoft Breaks Patch Tuesday Record with Fixes for 129 Vulnerabilities

For the fourth successive month, Microsoft Patch Tuesday has seen more than 100 CVEs patched and June 2020 Patch Tuesday contains the biggest round of updates ever issued. Microsoft has released updates to correct 129  vulnerabilities. That breaks the record set in March when patches were released to correct 115 vulnerabilities. This month’s update includes patches for 11 critical vulnerabilities, although none are currently being...

Read More
PoC Exploit for SMBGhost Windows 10 RCE Flaw Released and Attacks Identified
Jun09

PoC Exploit for SMBGhost Windows 10 RCE Flaw Released and Attacks Identified

The SMBGhost vulnerability in Windows 10 that was patched by Microsoft in March 2020 is being actively exploited in the wild, according to a recent alert from the Department of Homeland Security Cybersecurity Infrastructure and Security Agency (CISA). The vulnerability, tracked as CVE-2020-0796, is a critical wormable vulnerability that’s as bad as it gets. The flaw was assigned a CVSSv3 score of 10 out of 10, with Microsoft...

Read More
Tycoon Ransomware Uses Rare Java Image File Format to Evade Security Solutions
Jun05

Tycoon Ransomware Uses Rare Java Image File Format to Evade Security Solutions

Researchers at Blackberry Threat intelligence and KPMG have identified a new Java-based ransomware dubbed Tycoon that is being used in highly targeted attacks on educational institutions and small- to medium sized companies. The ransomware is manually deployed after the attackers gain access to their target’s networks, most commonly by attacking vulnerable internet-exposed RDP servers. The ransomware has been in use for at least 6...

Read More
TrickBot Trojan Operators Delivering New BazarBackdoor Malware via Phishing Campaign
Jun04

TrickBot Trojan Operators Delivering New BazarBackdoor Malware via Phishing Campaign

The TrickBot Trojan operators are distributing a new backdoor named BazarBackdoor in targeted phishing attacks on businesses. BazarBackdoor is a stealthy backdoor that gives the attackers full access to corporate networks. The malware is being distributed via spear phishing emails that are well written and convincing. Several different lures are used in the campaign including employee termination lists, customer complaints, and...

Read More
Updated Valek Malware Used in Targeted Attacks on U.S and German Enterprises
May29

Updated Valek Malware Used in Targeted Attacks on U.S and German Enterprises

Enterprises in the United States and Germany are being targeted in a phishing campaign spreading Valek malware, according to researchers at Cybereason Nocturnus. Valek is a popular malware loader that was first identified in 2019. Valek has previously been distributed in phishing campaigns to deliver banking Trojans such as Ursnif and IcedID. Valek is active development and new versions are frequently released. According to a recent...

Read More
StrandHogg 2.0 Android Flaw Allows Hackers to Hijack Legitimate Apps
May28

StrandHogg 2.0 Android Flaw Allows Hackers to Hijack Legitimate Apps

The Norwegian security researchers who identified the StrandHogg vulnerability in the Android platform have identified another vulnerability that is even more dangerous that the original. The vulnerability – tracked as CVE-2020-0096 – is a critical flaw that allows hackers to masquerade as virtually any legitimate app on a targeted device. The vulnerability is present on all versions of Android apart from the latest...

Read More
Turla Hacking Group Tweaks ComRAT Malware to Steal Antivirus Logs and Communicate via Gmail
May27

Turla Hacking Group Tweaks ComRAT Malware to Steal Antivirus Logs and Communicate via Gmail

One of the most advanced state-sponsored hacking groups in Russia – Turla – has tweaked its ComRAT malware to steal antivirus logs and communicate with the malware via Gmail. ComRAT malware was first used by Turla in 2007 and is one of the oldest malware variants used by the Turla Group. The malware was used in the attack on the Pentagon in 2008 and has been regularly updated over the past 13 years. The latest version of ComRAT was...

Read More
Ragnar Locker Ransomware Deploys Virtual Machine to Evade Security Software
May26

Ragnar Locker Ransomware Deploys Virtual Machine to Evade Security Software

A new tactic is being used by the threat actors behind Ragnar Locker ransomware that allows them to evade security measures on the host machine and ensure their ransomware payload is executed. Ragnar Locker ransomware was first detected in 2019 and has been used in several high profile attacks, including the attack on the Portuguese energy company, Energias de Portugal where they demanded payment of $10.9 million for the keys to...

Read More
Another Malware Variant Identified that Targets Air-Gapped Networks
May19

Another Malware Variant Identified that Targets Air-Gapped Networks

In the past week, three cybersecurity firms have announced they have found malware variants that are being used to target air-gapped networks. First came the news that ESET had discovered Ramsay malware, followed by a report from Kaspersky Lab of a variant of COMpfun malware, named Reductor, that was also being used to steal data from air-gapped networks. Trend Micro has now announced that it has identified yet another a malware...

Read More
Ramsay Malware Designed to Steal Data from Air-Gapped Networks
May15

Ramsay Malware Designed to Steal Data from Air-Gapped Networks

A new malware toolkit has been discovered that appears to have been developed to steal sensitive data from air-gapped networks. Researchers at ESET have named the malware Ramsay and report it has a range of advanced features that allow it to keep under the radar and steal highly sensitive data from victims. One of the most effective ways of protecting sensitive data is to ensure that it is not saved on any device accessible through...

Read More
Prioritize Patching and Fix These Commonly Exploited Vulnerabilities
May14

Prioritize Patching and Fix These Commonly Exploited Vulnerabilities

A joint alert has been issued by the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to raise awareness about the most commonly exploited vulnerabilities to help organizations strengthen security and prevent attacks by sophisticated foreign threat actors. Patches should always be applied as soon as possible, but the number of patches now being...

Read More
Hacker Attacks More than 900,000 Vulnerable WordPress Sites in a Week
May07

Hacker Attacks More than 900,000 Vulnerable WordPress Sites in a Week

More than 900,000 WordPress websites have been attacked by a hacker over the space of about a week, according to a recent report from the cybersecurity company Defiant. The attacks were conducted using around 24,000 different IP addresses, but they are all believed to be the work of a single hacker as they were all attempting to insert the same malicious JavaScript backdoor into the websites. While the attacks have been ongoing for...

Read More
Malicious COVID-19 Domains Taken Down and New Blocklists Released
May06

Malicious COVID-19 Domains Taken Down and New Blocklists Released

Cybercriminals have registered large numbers of COVID-19 themed domains which are being used for a variety of scams. Internet service providers are being ordered to take down the websites but given the sheer number of malicious websites that have been set up, that process is taking some time. In the United Kingdom, Her Majesty’s Revenue and Customs (HMRC) has ordered internet service providers to take down 292 COVID-19 themed websites...

Read More
Easily Exploitable RCE Salt Vulnerabilities Discovered that Require Urgent Attention
May01

Easily Exploitable RCE Salt Vulnerabilities Discovered that Require Urgent Attention

Researchers at F-Secure have identified two high severity vulnerabilities in the SaltStack Python-based open source Salt project, which can allow remote code execution as root for a full takeover of vulnerable servers. F-Secure believes the vulnerabilities are likely to be exploited in a matter of hours. Salt is a popular configuration tool that is used for datacenter and cloud server management to monitor the state of servers and...

Read More
Microsoft Offers Advice to Healthcare Organizations on Reducing Risk of Manual Ransomware Attacks
Apr29

Microsoft Offers Advice to Healthcare Organizations on Reducing Risk of Manual Ransomware Attacks

Ransomware attacks on healthcare organizations and others involved in the fight against COVID-19 are continuing. In many cases, the attackers gained access to systems many weeks or months previously and have timed the deployment of the ransomware to cause maximum disruption when COVID-19 cases are about to peak to increase the probability of ransoms being paid. Microsoft has recently reported that there have been dozens of ransomware...

Read More
Sophos Discovers and Patches Actively Exploited Flaw in its XG Firewall
Apr27

Sophos Discovers and Patches Actively Exploited Flaw in its XG Firewall

Sophos has released a patch for a zero-day vulnerability in its XG Firewall which has been exploited in attacks to deliver malware. The flaw was discovered by Sophos on April 22, when an anomalous field value was discovered in the management interface of the Firewall. The investigation uncovered a previously unknown SQL injection vulnerability that had been exploited on some virtual and physical firewalls. Sophos reports that several...

Read More
Actively Exploited Zero-Day Flaws Identified in iOS Mail Application
Apr23

Actively Exploited Zero-Day Flaws Identified in iOS Mail Application

Two critical zero-day vulnerabilities have been identified in the iOS Mail application that have been exploited by threat actors in attacks on high profile targets since at least January 2018. The flaws were identified by the cybersecurity firm ZecOps which traced the flaws back to iOS 6, which was released by Apple in 2012, but it is possible that the flaws were introduced in an earlier Mail app version. The vulnerabilities have been...

Read More
Four Zero Day Vulnerabilities in IBM Data Risk Manager Have Been Publicly Disclosed
Apr22

Four Zero Day Vulnerabilities in IBM Data Risk Manager Have Been Publicly Disclosed

Four zero-day vulnerabilities have been identified in IBM Data Risk Manager (IDRM) which could allow the downloading of arbitrary files and, if chained together, remote code execution. The security researcher who discovered the vulnerabilities, Pedro Ribeiro, Director of Research at Agile Information Security, released details of the flaws on GitHub after IBM refused to acknowledge the vulnerabilities, which were responsibly disclosed...

Read More
Two Zoom Zero-Day Vulnerabilities Being Offered for Sale for $500,000
Apr16

Two Zoom Zero-Day Vulnerabilities Being Offered for Sale for $500,000

Two zero-day flaws in the Zoom videoconferencing platform have allegedly been discovered by hackers who are now offering them for sale. The hackers claim the flaws can be exploited to gain access to both the Windows and MacOS Zoom clients. Use of the Zoom teleconferencing solution has soared during the COVID-19 crisis, with personal and business users turning to the platform to maintain contact with friends, family, and the office...

Read More
Zoom Installers are Being Bundled with Malware
Apr08

Zoom Installers are Being Bundled with Malware

The sheer number of people now working from home to maintain social distancing during the coronavirus lockdown has resulted in huge interest in teleconferencing platforms such as Zoom. Despite the recent Zoom security concerns and privacy issues, Zoom remains one of the most popular teleconferencing platforms. Businesses are using the platform to ensure remote workers can maintain contact with the office, and consumers have started...

Read More
Lokibot Information Stealer Distributed in Spear Phishing ampaign Impersonating WHO
Apr06

Lokibot Information Stealer Distributed in Spear Phishing ampaign Impersonating WHO

Researchers at Fortinet’s FortiGuard Labs have identified a new spear phishing campaign that impersonates the World Health Organization (WHO) to distribute the LokiBot information stealer. The emails incorporate the WHO logo and claim to offer important advice about COVID-19 infection control and give recommendations. The email states that the information in the email attachment is intended to address misinformation about the 2019...

Read More
Beware of New Coronavirus Wiper Malware
Apr03

Beware of New Coronavirus Wiper Malware

A new wiper malware has been detected that uses a similar method to the 2017 NotPetya wiper malware to trash computers by overwriting the Master Boot Record (MBR) to render computers useless. Named Coronavirus, this wiper malware is being used purely for the purpose of sabotage. The malware variant was analyzed by researchers at SonicWall Capture Labs Threat Research. The researchers report that the malware variant is not as...

Read More
Zoom Security Concerns Mount as New Flaws Identified
Apr03

Zoom Security Concerns Mount as New Flaws Identified

The 2019 Novel Coronavirus pandemic has forced many employees into telecommuting with them maintaining contact with the office through videoconferencing apps such as Zoom. Zoom has proven to be one of the most popular choices during the COVID-19 crisis, registering a 535% increase in traffic in the past month, but the number of Zoom security concerns have been mounting. Zoom Security Concerns are Mounting Zoom security concerns have...

Read More
Micropatch Released for Actively Exploited Windows Font Processing Vulnerabilities
Mar31

Micropatch Released for Actively Exploited Windows Font Processing Vulnerabilities

Library were being actively exploited in the wild. The flaws concern how type 1 PostScript fonts are handled. The flaws can be exploited if a user is convinced to open a specially crafted document; however, it is also possible to exploit the flaws if a document is viewed in the Windows preview pane. The flaws affect Windows 10, Windows 8.1, Windows 7, Windows Server 2019, 2016, 2012, 2012 R2, 2008 and 2008 R2. Microsoft reports that...

Read More
Cybercriminals are Changing DNS Settings on Routers to Deliver Malware Through Fake Coronavirus Apps
Mar30

Cybercriminals are Changing DNS Settings on Routers to Deliver Malware Through Fake Coronavirus Apps

A malware distribution campaign has been detected that uses malicious coronavirus apps to deliver the Oski information stealing Trojan. The campaign was detected by Bitdefender which reports that 1,193 individuals have been targeted in just a couple of days from March 18. Attempts have been made to shut down the malware repositories that are being used by the attackers, but it is probable that others will be set up to take their...

Read More
Hacked News Sites Used to Spread Malware Disguised as Google Chrome Update
Mar26

Hacked News Sites Used to Spread Malware Disguised as Google Chrome Update

If you visit a website and are advised that you need to update Google Chrome, do not download the update. A campaign has been identified that is using fake Google Chrome updates to trick web visitors into downloading and installing malware. The hacking group is targeting news websites and corporate sites running WordPress and injecting malicious JavaScript code that redirects visitors to landing pages on malicious websites that claim...

Read More
Database Containing Extensive Information of 200 Million Americans Exposed Online
Mar24

Database Containing Extensive Information of 200 Million Americans Exposed Online

A database on the Google Cloud platform containing 800 gigabytes of data and over 200 million user records has been misconfigured and was exposed online, according to researchers at CyberNews. The database contained a folder that included detailed information on around 200 million Americans, including full names, phone numbers, email addresses, dates of birth, credit ratings, home addresses, mortgaged property addresses, number of...

Read More
All Supported Windows Versions Affected by Two Actively Exploited Zero-Day RCE Flaws
Mar23

All Supported Windows Versions Affected by Two Actively Exploited Zero-Day RCE Flaws

Microsoft has issued a security advisory about two actively exploited zero-day flaws in Windows Adobe Type Manager Library. The critical remote code execution vulnerabilities affect all supported Windows desktop and server versions and Windows 7. If exploited, attackers would be able to take full control of vulnerable computers. The flaws are being exploited in limited targeted attacks. Microsoft is currently working on a patch to...

Read More
New Vulnerabilities Identified in Popular Password Managers
Mar23

New Vulnerabilities Identified in Popular Password Managers

Password managers help you create complex and unique passwords for every application, service, and website but how secure are password managers? Could a password manager actually weaken security? According to a study conducted by researchers at the University of York, password managers are not totally secure. Vulnerabilities in password managers have been found that could potentially be exploited by cybercriminals to gain access to a...

Read More
WHO Director-General Impersonated in Spam Campaign Delivering HawkEye Keylogger and Malware Downloader
Mar20

WHO Director-General Impersonated in Spam Campaign Delivering HawkEye Keylogger and Malware Downloader

Another coronavirus-themed phishing campaign has been detected impersonating the World Health Organization (WHO), or more specifically, the Director-General of WHO, Dr. Tedros Adhanom Ghebreyesus. The campaign was identified by security researchers at IBM X-Force Threat Intelligence who report that several waves of spam have already been delivered. The threat actors behind the campaign are using spam emails to distribute a malware...

Read More
Adobe Releases Out-of-Band Patches for 29 Critical Vulnerabilities
Mar18

Adobe Releases Out-of-Band Patches for 29 Critical Vulnerabilities

Adobe usually releases its software updates on Patch Tuesday, the second Tuesday of the month, but no patches were released on March 10, but the round of updates has come a week later, with fixes issued for 41 vulnerabilities across 6 of its products. 29 critical flaws have been addressed and the remaining 11 patches address vulnerabilities that have been rated important. The six affected products are Adobe Genuine Integrity Service,...

Read More
100,000 Websites Impacted by WordPress Popup Builder Plugin Vulnerabilities
Mar16

100,000 Websites Impacted by WordPress Popup Builder Plugin Vulnerabilities

Two vulnerabilities have been identified in the popular WordPress plugin, Popup Builder, which is used on around 100,000 websites. The plugin was developed by Sygnoos to help website owners create and manage popups for marketing products and services to website visitors. The plugin includes the option of incorporating JavaScript code into popups, which runs when popups are loaded. Researchers at Defiant identified flaws that allow an...

Read More
Critical SMBv3 Vulnerability Leaked: Microsoft Patch and Mitigations
Mar12

Critical SMBv3 Vulnerability Leaked: Microsoft Patch and Mitigations

Update 03/12/20: Microsoft has updated its security advisory and released a patch for CVE-2020-0796 Windows 10 and Windows Server 1903 / Server 1909:  Microsoft released patches for 155 vulnerabilities on March 2020 Patch Tuesday but there was one notable absence. A patch was not released for a critical Server Message Block (SMBv3) vulnerability, tracked as CVE-2020-0796. Both Fortinet and Cisco Talos published blogs summarizing the...

Read More
AMD CPUs Vulnerable to Two New Side Channel Attacks
Mar11

AMD CPUs Vulnerable to Two New Side Channel Attacks

All AMD processor manufactured between 2011 and 2019 are vulnerable to two new side channel attacks, according to researchers at Graz University of Technology, some of whom were responsible for identifying the Spectre and Meltdown vulnerabilities. In their paper, Take A Way: Exploring the Security Implications of AMD’s Cache Way Predictors, the researchers detail two side channel attacks that can be performed exploiting...

Read More
Microsoft Releases Patches for 115 Vulnerabilities Including 26 Critical Flaws
Mar10

Microsoft Releases Patches for 115 Vulnerabilities Including 26 Critical Flaws

Microsoft released a record number of patches on March Patch Tuesday. 115 vulnerabilities have been patched across the entire product range, including 26 vulnerabilities that have been rated critical and 88 that have been rated important. None of the flaws in the March round of updates are believed to have been exploited in the wild and none have been made public prior to the patches being released. 17 of the critical flaws affect...

Read More
Microsoft Exchange RCE Vulnerability Being Actively Exploited in the Wild
Mar10

Microsoft Exchange RCE Vulnerability Being Actively Exploited in the Wild

A post-auth remote code execution vulnerability affecting all supported versions of Microsoft Exchange Server is now being exploited in the wild by multiple advanced persistent threat (APT) groups. The vulnerability, tracked as CVE-2020-0688, is present in the Exchange Control Panel (ECP) component of Microsoft Exchange Server and is the result of the failure to create unique cryptographic keys during installation. That means that all...

Read More
Several New Coronavirus-Themed Phishing Scams and Malspam Campaigns Detected
Mar09

Several New Coronavirus-Themed Phishing Scams and Malspam Campaigns Detected

Further email campaigns have been detected that are using the novel coronavirus (COVID-19) outbreak as a lure to spread malware, phish for sensitive data, and fool people into making donations to fake charities. The World Health Organization has previously issued a warning that cybercriminals were using its logos in malicious email campaigns and those campaigns have continued. Campaigns have also been detected impersonating the...

Read More
TrickBot Trojan Gets Trickier with ActiveX Control to Automatically Run Malicious Macros
Mar06

TrickBot Trojan Gets Trickier with ActiveX Control to Automatically Run Malicious Macros

The TrickBot Trojan is now even trickier now that a Windows 10 ActiveX control has been incorporated to automatically run malicious macros in email Office attachments. Several documents have been intercepted in the past few days that abuse the Windows 10 ActiveX control. Malspam emails using this new delivery technique were intercepted by researchers at Morphisec Labs. The ActiveX control is used to execute an OSTAP JavaScript...

Read More
More than 480 Bluetooth Devices Affected by SweynTooth Vulnerabilities
Mar05

More than 480 Bluetooth Devices Affected by SweynTooth Vulnerabilities

12 vulnerabilities have been identified in Bluetooth Low Energy (BLE) software development kits (SDKs) from at least 7 manufacturers. The SDKs are used for system-on-a-chip (SoC) chipsets that are incorporated devices to support BLE communications. The flaws were discovered by researchers at the Singapore University of Technology and Design who collectively named them SweynTooth after Sweyn Forkbeard, the son of King Bluetooth, after...

Read More
More Than 1 Billion Devices Affected by Kr00k Wi-Fi Encryption Vulnerability
Mar04

More Than 1 Billion Devices Affected by Kr00k Wi-Fi Encryption Vulnerability

A vulnerability has been identified in Wi-Fi chips manufactured by Broadcom and Cypress which are used in more than a billion devices, according to a paper recently published by ESET. Smartphones, tablets, laptops, and IoT devices are all affected, including Apple iPhones, iPads, and MacBooks; Samsung Galaxy and Google Nexus smartphones; Amazon Echo and Kindle; Raspberry Pi3; Asus and Huawei access points and routers; and many IoT...

Read More
High Severity Flaw Patched in NVIDIA GPU Display Driver
Mar02

High Severity Flaw Patched in NVIDIA GPU Display Driver

NVIDIA has released security updates that correct flaws in the NVIDIA GPU Display Driver and NVIDIA VGPU Software. An updated GPU display driver has been released with a fix for two vulnerabilities, both of which reside in the NVIDIA Control Panel. One of the flaws is rated high severity flaw and could lead to local escalation of privileges and a denial of service condition on a vulnerable Windows device by corrupting a system file....

Read More
What is a DNS Filter?
Feb29

What is a DNS Filter?

In this post we explain what a DNS filter is, why DNS filtering is important for cybersecurity, and other advantages of DNS filtering, but first it is useful to explain what the DNS is and why it is essential to the correct functioning of the internet. What is the Domain Name System? The Domain Name System (DNS) is the brainchild of Paul Mockapetris. In 1983, Mockapetris and his team developed the DNS to support the growth of email...

Read More
Micropatch Available to Fix for CVE-2020-0674 Internet Explorer Flaw for Windows 10 1903 and 1909 Users
Feb25

Micropatch Available to Fix for CVE-2020-0674 Internet Explorer Flaw for Windows 10 1903 and 1909 Users

Enterprise users of Windows 10 v1903 and v1909 may have held off patching the CVE-2020-0674 vulnerability in Internet Explorer versions 9-11 due to the problems many have experienced with the temporary patch issued by Microsoft and issues with the buggy KB4532693 cumulative update. Fortunately, 0Patch has released a fix that can be applied as a temporary measure until a permanent solution is released by Microsoft that does not have...

Read More
Q4 2019 Threat Report Reveals Emotet Dominates Threat Landscape
Feb20

Q4 2019 Threat Report Reveals Emotet Dominates Threat Landscape

The Q4, 2019 Threat Report from cybersecurity firm Proofpoint has confirmed Emotet was the biggest malware threat in 2019, accounting for 37% of all malicious payloads in 2019, even though for several months of 2019 Emotet was inactive. Emotet activity is up considerably from 2018, when it accounted for 28% of malicious payloads for the year. In Q4, 2019, Emotet accounted for 31% of all malicious payloads. Banking Trojans also proved...

Read More
LokiBot Trojan Masquerades as Epic Games Software Installer
Feb19

LokiBot Trojan Masquerades as Epic Games Software Installer

Threat actors behind the LokiBot Trojan, an information stealer and a backdoor that gives attackers access to Windows systems, are using a new tactic to install their Trojan: Impersonation of a legitimate software installer used by EPIC Games, the gaming company behind the hugely popular free-to-play game Fortnite. LokiBot was first identified around 5 years ago and it is constantly tweaked and updated. LokiBot can steal sensitive...

Read More
99 Vulnerabilities Patched by Microsoft on February 2020 Patch Tuesday
Feb11

99 Vulnerabilities Patched by Microsoft on February 2020 Patch Tuesday

February 2020 Patch Tuesday has seen Microsoft release patches for 99 vulnerabilities (and one advisory for Adobe Flash), making it one of the largest monthly patch releases in recent months. 12 of the patches correct critical vulnerabilities with the remainder all rated important. Four patches correct vulnerabilities that have previously been disclosed, one of which – CVE-2020-0674 – is an actively exploited vulnerability affecting...

Read More
Emotet Now Spreading by Hacking Nearby WiFi Networks
Feb10

Emotet Now Spreading by Hacking Nearby WiFi Networks

A new variant of Emotet spreads like a worm sending copies of itself to computers connected to WiFi networks within range of an infected device.  This is the first time that this method of propagating the Emotet Trojan has been identified, but it would appear that it is not actually new and has been used for many months. The new Emotet capability was detected by researchers at Binary Defense on January 23, 2019. Their research...

Read More
Malware Campaign Delivers Package of Seven Malware Variants via BitBucket
Feb07

Malware Campaign Delivers Package of Seven Malware Variants via BitBucket

Cybereason’s Nocturnus research team has identified a malware distribution campaign that aims to deliver multiple malware variants via the cloud storage platform BitBucket. The researchers believe more than 500,000 computers have already been infected, with hundreds more infections occurring every hour. Victims are infected with several malware variants including the Azorult backdoor and information stealer, STOP ransomware, the...

Read More
Vulnerable Citrix Servers Targeted by Ransomware Gangs
Jan27

Vulnerable Citrix Servers Targeted by Ransomware Gangs

Multiple threat actors are conducting attacks on Citrix servers that have not had the patch applied to correct the CVE-2019-19781 vulnerability. The flaw affects the Citrix Application Delivery Controller (ADC), Citrix Gateway, and two old versions of Citrix SD-WAN WANOP appliances and was announced on December 17, 2019. Exploits for the vulnerability first started to be published on January 11, 2020. A permanent fix was issued to...

Read More
Urgent Patching Required for Windows Server Flaws Now PoC Exploits Published
Jan27

Urgent Patching Required for Windows Server Flaws Now PoC Exploits Published

On January 2020 Patch Tuesday (01.14.2020) Microsoft released patches to address two vulnerabilities in Remote Desktop Gateway (RD Gateway) that affected Windows Server 2012, 2016, and 2019. The vulnerabilities have been collectively named BlueGate. Exploitation of the vulnerabilities could lead to remote code execution. Microsoft recommended prompt patching to correct the flaws and now the urgency has increased as several...

Read More
CISA Warns of Increase in Emotet Malware Activity
Jan24

CISA Warns of Increase in Emotet Malware Activity

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning over an increase in Emotet malware activity. The Emotet botnet sprung back to life on January 13, 2020 with largescale spamming campaigns detected spreading the Emotet Trojan. The Emotet Trojan is a modular malware that serves as a banking Trojan, information stealer, and malware downloader. The Trojan can move...

Read More
Cisco Patches Critical Vulnerability in Cisco Firepower Management Center
Jan24

Cisco Patches Critical Vulnerability in Cisco Firepower Management Center

Cisco has issued hotfix patches for a critical vulnerability in its network security tool, Cisco Firepower Management Center (FMC). The flaw, tracked as CVE-2019-16028, is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external server. The flaw could be exploited by a remote attacker to bypass authentication and execute arbitrary actions on a vulnerable device with...

Read More
The Emotet Botnet is Back in Action Sending Spam with New Lures to Fool the Unwary
Jan22

The Emotet Botnet is Back in Action Sending Spam with New Lures to Fool the Unwary

There was a welcome Christmas break from the Emotet botnet, but life has returned to normal and it is well and truly back in action. Millions of malspam emails are now being sent spreading the Emotet Trojan in more than 80 countries. The emails contain attachments that are used to install the information stealing Emotet Trojan. Since Emotet is itself a malware downloader, that may not be the only malicious payload that is deployed....

Read More
Critical Zero-Day Internet Explorer Vulnerability Exploited in the Wild
Jan21

Critical Zero-Day Internet Explorer Vulnerability Exploited in the Wild

Microsoft has announced it is developing a patch for a zero-day Internet Explorer vulnerability that is currently being exploited in the wild. In the meantime, a workaround has been released which should be implemented as soon as possible to prevent exploitation of the vulnerability. The vulnerability is present in Internet Explorer 9, 10 and 11 when used on Windows 7, 8.1, and 10, as well as Windows Server 2012, 2016, and 2019. An...

Read More
January 2020 Patch Tuesday Sees Microsoft Patches 49 Vulnerabilities
Jan14

January 2020 Patch Tuesday Sees Microsoft Patches 49 Vulnerabilities

January 2020 Patch Tuesday has seen Microsoft issue patches for 49 vulnerabilities including 7 rated critical, along with a fix for the Crypt32.dll vulnerability discovered and publicly disclosed by the U.S. National Security Agency. Microsoft has also issued its last round of updates for Windows 7, which reached end of life on January 14. None of the vulnerabilities in this month’s updates are being exploited in the wild and details...

Read More
NSA Issues Cybersecurity Advisory on Critical Flaw Affecting Windows 10 and Windows Server
Jan14

NSA Issues Cybersecurity Advisory on Critical Flaw Affecting Windows 10 and Windows Server

The U.S. National Security Agency has taken the unusual step of publicly disclosing a vulnerability to a software vendor. This is the first time that such a disclosure has been attributed to the NSA. The vulnerability, tracked as CVE-2020-0601, affects Windows 10 and Windows Server 2016 and 2019, and has been rated as critical by the NSA, but only important by Microsoft. When the NSA discovers vulnerabilities they are usually kept...

Read More
Critical Citrix Vulnerability Under Active Attack
Jan13

Critical Citrix Vulnerability Under Active Attack

A critical vulnerability in the Citrix Application Delivery Controller and Citrix Gateway is being exploited in real world attacks. The vulnerability was discovered by security researcher Mikhail Klyuchnikov who reported it to Citrix, but more than a month after being notified about the flaw, a firmware upgrade has yet to be released for vulnerable Citrix appliances. The vulnerability, CVE-2019-19781, has been described by some...

Read More
Mozilla Patches Actively Exploited Zero Day Firefox Vulnerability
Jan10

Mozilla Patches Actively Exploited Zero Day Firefox Vulnerability

Mozilla has patched a critical zero-day vulnerability in the Firefox browser which is being actively exploited in the wild. The flaw – tracked as CVE-2019-17026 – is a type confusion vulnerability in the IonMonkey just-in-time (JIT) compiler for the Mozilla SpiderMonkey JavaScript engine with StoreElementHole and FallibleStoreElement. The flaw is present in the Firefox web browser for Windows, Linux, and Mac. The flaw is due to...

Read More
Landry’s Restaurant Chain Discovers POS Malware Infection
Jan07

Landry’s Restaurant Chain Discovers POS Malware Infection

The popular U.S. restaurant chain Landry’s has discovered malware on the point of sale (POS) system used by 63 of the chain’s brands including Aquarium, Atlantic Grill, Bubba Gump Shrimp Co., Mitchell’s Steakhouse, Morton’s, and Rainforest Café. The malware potentially stole track data, which included card numbers, expiry dates, cardholder’s names, and verification codes. Landry’s said in its breach notification that it had installed...

Read More
Critical Flaw Affecting 80,000 Businesses Patched by Citrix
Dec27

Critical Flaw Affecting 80,000 Businesses Patched by Citrix

A critical vulnerability in the Citrix Application Delivery Controller and Citrix Gateway has been patched by Citrix. If exploited, the vulnerability could allow an unauthenticated user to access a company’s applications and remotely execute arbitrary code on a company’s local network.  The vulnerability  – CVE-2019-19781 – affects all versions of the Citrix Application Delivery Controller and Citrix Gateway on all...

Read More
Campaign Identified Delivering Package of 6 Malware Variants
Dec24

Campaign Identified Delivering Package of 6 Malware Variants

A malware distribution campaign has been detected by researchers at Deep Instinct which is delivering a package of 6 malware variants in one hit. The malware includes a backdoor, cryptojacker, cryptocurrency stealer, and information stealing Trojans. Deep Instinct has called the campaign Hornet’s Nest due to the sheer number of threats being delivered. The campaign starts with the delivery of a malware dropper dubbed Legion Loader,...

Read More
Preinstalled Acer and Asus Software Contains Privilege Escalation Flaws
Dec19

Preinstalled Acer and Asus Software Contains Privilege Escalation Flaws

SafeBreach has discovered vulnerabilities in software preinstalled on Acer and Asus laptops and computers which could be exploited by hackers to execute malicious payloads with elevated permissions using a signed service. The first flaw affects Acer Quick Access, a preinstalled application that has system-level privileges. Acer Quick Access allows users to modify USB charge settings, toggle wireless devices on and off, and change...

Read More
New Orleans Recovering from Ransomware Attack
Dec16

New Orleans Recovering from Ransomware Attack

On Friday December 13, 2019, the City of New Orleans suffered a cyberattack which forced it to shut down its servers while the incident was investigated. The attack was discovered around 5am on Friday when suspicious activity was detected on the network. The decision was taken to shut down its servers around 11am and employees were told to turn off their computers in an attempt to contain the attack. The City’s Emergency Operations...

Read More
Zeppelin Ransomware Used to Attack MSPs, Technology, and Healthcare Companies
Dec13

Zeppelin Ransomware Used to Attack MSPs, Technology, and Healthcare Companies

Security researchers at Blackberry Cylance have identified a new variant of Buran ransomware which is being used in targeted attacks on technology and healthcare companies in Europe and the United States. The new ransomware variant was first detected on November 6, 2019. It is written in Delphi and is a member of the VegaLocker and Buran ransomware family. It is believed to be distributed under the ransomware-as-a-service model. The...

Read More