Critical Vulnerabilities Identified in Apache Guacamole Remote Access System
Jul03

Critical Vulnerabilities Identified in Apache Guacamole Remote Access System

Security researchers have discovered multiple vulnerabilities in the Apache Guacamole remote access system used by thousands of companies to support home workers. Apache Guacamole is a clientless remote desktop gateway that allows remote workers to access their corporate computers or virtual desktops in the cloud through a web browser. Apache Guacamole supports standard protocols such as VNC, SSH, RDP. The Guacamole server uses one of...

Read More
Microsoft Releases Out of Band Fixes for Two Serious Flaw in the Windows Codecs Library
Jul02

Microsoft Releases Out of Band Fixes for Two Serious Flaw in the Windows Codecs Library

Microsoft has released an out of band update to correct two serious vulnerabilities in the Windows Codecs library, which, if exploited, could allow remote code execution. The operating system uses the built-in Windows Codecs library to handle multimedia content such as photos and videos and handles how large multimedia files are compressed and decoded for playback within applications. The flaws are both concerned with how the Windows...

Read More
Warning Issued Over Maximum Severity Vulnerability in Palo Alto Networks Products
Jul01

Warning Issued Over Maximum Severity Vulnerability in Palo Alto Networks Products

U.S. Cyber Command has issued a warning about a maximum severity vulnerability in the Palo Alto Networks’ operating system. While the flaw is not currently being exploited in the wild, it will be. Advanced persistent threat actors are expected to attempt to exploit the flaw so prompt patching is essential. The severity of this flaw should not be underestimated. The vulnerability, tracked as CVE-2020-2021, is an authentication bypass...

Read More
ESET Reports Doubling of Brute Force Attacks on Remote Desktop Services During the COVID-19 Pandemic
Jun30

ESET Reports Doubling of Brute Force Attacks on Remote Desktop Services During the COVID-19 Pandemic

Cybersecurity firm ESET has analyzed its telemetry data and found there has been a major increase in brute force attacks on remote desktop services during the COVID-19 pandemic. There was a steady increase in attacks between December 1, 2019 and May 1, 2020, rising from around 30,000 brute force attacks a day in early December to around 60,000 daily attacks by the end of the month. Then followed a slight decline, before a sharp rise...

Read More
REvil Threat Group Starts Using New WastedLocker Ransomware
Jun26

REvil Threat Group Starts Using New WastedLocker Ransomware

The Evil Corp Threat Group that was behind the Dridex banking Trojan and BitPaymer ransomware has started using a new ransomware variant in targeted attacks on enterprises. Wastedlocker is a brand-new ransomware variant that has already been used in attacks on around a dozen enterprises. Victims have been issued with ransom demands ranging from $500,000 to more than $1 million. WastedLocker ransomware was first detected by NCC Group’s...

Read More
Newly Discovered Self-Propagating Lucifer Malware Capable of Cryptojacking and DDoS Attacks
Jun25

Newly Discovered Self-Propagating Lucifer Malware Capable of Cryptojacking and DDoS Attacks

Palo Alto Networks’ Unit 42 researchers have identified a new Windows malware dubbed ‘Lucifer’ that drops the XMRig cryptocurrency miner, has Distributed Denial of Service (DDoS) capabilities, and can self-propagate. The malware was named by the author Satan DDoS, but was renamed Lucifer by the Unit 42 researchers so as not to confuse it with Satan ransomware. The Unit 42 team discovered the malware after identifying several new...

Read More
Ripple20: Critical Vulnerabilities in Treck TCP/IP Stack Affect Hundreds of Millions of Devices
Jun17

Ripple20: Critical Vulnerabilities in Treck TCP/IP Stack Affect Hundreds of Millions of Devices

A set of 19 vulnerabilities have been identified in the TCP/IP software library developed by Cincinnati-based Treck Inc., a developer of real-time embedded internet protocols for technology firms. The vulnerabilities were discovered by the Israeli cybersecurity firm JSOF and have been named Ripple20. Treck is a fairly low-profile company that develops low-level internet protocols, which are incorporated into a wide range of devices. A...

Read More
Adobe Out-of-Band Update Fixes 18 Critical Vulnerabilities
Jun17

Adobe Out-of-Band Update Fixes 18 Critical Vulnerabilities

Adobe has issued an out-of-band update correcting 18 critical flaws in Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush, Campaign, and Audition. All 18 flaws allow remote execution of arbitrary code. The updates were released on Tuesday June 16, 2020. Adobe says it is unaware of any public exploits for the vulnerabilities, but users of the above products are strongly advised to update to the latest version of the software...

Read More
6 Vulnerabilities Identified in D-Link DIR-865L Cloud Wireless Routers
Jun16

6 Vulnerabilities Identified in D-Link DIR-865L Cloud Wireless Routers

Security researchers at Palo Alto Network’s Unit 42 team have identified 6 vulnerabilities in the D-Link DIR-865L series of cloud wireless routers, one of which has been rated critical and the remaining 5 are rated high severity. The D-Link DIR-865L series of routers reached end of life in February 2016; however, many are still in use and are vulnerable to attack. After being notified about the flaws, D-Link warned customers that as...

Read More
Fake COVID-19 Contact Tracing Apps Used to Install Malware
Jun11

Fake COVID-19 Contact Tracing Apps Used to Install Malware

Contact tracing and exposure notification apps are being developed in several countries to help control outbreaks of COVID-19. The apps have already been used in several countries and have been shown to help contain local outbreaks and prevent a second major peak of infections. Recent research conducted by the cybersecurity firm Anomali has revealed threat actors have developed fake contact tracing and exposure notification apps which...

Read More
Microsoft Breaks Patch Tuesday Record with Fixes for 129 Vulnerabilities
Jun10

Microsoft Breaks Patch Tuesday Record with Fixes for 129 Vulnerabilities

For the fourth successive month, Microsoft Patch Tuesday has seen more than 100 CVEs patched and June 2020 Patch Tuesday contains the biggest round of updates ever issued. Microsoft has released updates to correct 129  vulnerabilities. That breaks the record set in March when patches were released to correct 115 vulnerabilities. This month’s update includes patches for 11 critical vulnerabilities, although none are currently being...

Read More
PoC Exploit for SMBGhost Windows 10 RCE Flaw Released and Attacks Identified
Jun09

PoC Exploit for SMBGhost Windows 10 RCE Flaw Released and Attacks Identified

The SMBGhost vulnerability in Windows 10 that was patched by Microsoft in March 2020 is being actively exploited in the wild, according to a recent alert from the Department of Homeland Security Cybersecurity Infrastructure and Security Agency (CISA). The vulnerability, tracked as CVE-2020-0796, is a critical wormable vulnerability that’s as bad as it gets. The flaw was assigned a CVSSv3 score of 10 out of 10, with Microsoft...

Read More
Tycoon Ransomware Uses Rare Java Image File Format to Evade Security Solutions
Jun05

Tycoon Ransomware Uses Rare Java Image File Format to Evade Security Solutions

Researchers at Blackberry Threat intelligence and KPMG have identified a new Java-based ransomware dubbed Tycoon that is being used in highly targeted attacks on educational institutions and small- to medium sized companies. The ransomware is manually deployed after the attackers gain access to their target’s networks, most commonly by attacking vulnerable internet-exposed RDP servers. The ransomware has been in use for at least 6...

Read More
TrickBot Trojan Operators Delivering New BazarBackdoor Malware via Phishing Campaign
Jun04

TrickBot Trojan Operators Delivering New BazarBackdoor Malware via Phishing Campaign

The TrickBot Trojan operators are distributing a new backdoor named BazarBackdoor in targeted phishing attacks on businesses. BazarBackdoor is a stealthy backdoor that gives the attackers full access to corporate networks. The malware is being distributed via spear phishing emails that are well written and convincing. Several different lures are used in the campaign including employee termination lists, customer complaints, and...

Read More
Updated Valek Malware Used in Targeted Attacks on U.S and German Enterprises
May29

Updated Valek Malware Used in Targeted Attacks on U.S and German Enterprises

Enterprises in the United States and Germany are being targeted in a phishing campaign spreading Valek malware, according to researchers at Cybereason Nocturnus. Valek is a popular malware loader that was first identified in 2019. Valek has previously been distributed in phishing campaigns to deliver banking Trojans such as Ursnif and IcedID. Valek is active development and new versions are frequently released. According to a recent...

Read More
StrandHogg 2.0 Android Flaw Allows Hackers to Hijack Legitimate Apps
May28

StrandHogg 2.0 Android Flaw Allows Hackers to Hijack Legitimate Apps

The Norwegian security researchers who identified the StrandHogg vulnerability in the Android platform have identified another vulnerability that is even more dangerous that the original. The vulnerability – tracked as CVE-2020-0096 – is a critical flaw that allows hackers to masquerade as virtually any legitimate app on a targeted device. The vulnerability is present on all versions of Android apart from the latest...

Read More
Turla Hacking Group Tweaks ComRAT Malware to Steal Antivirus Logs and Communicate via Gmail
May27

Turla Hacking Group Tweaks ComRAT Malware to Steal Antivirus Logs and Communicate via Gmail

One of the most advanced state-sponsored hacking groups in Russia – Turla – has tweaked its ComRAT malware to steal antivirus logs and communicate with the malware via Gmail. ComRAT malware was first used by Turla in 2007 and is one of the oldest malware variants used by the Turla Group. The malware was used in the attack on the Pentagon in 2008 and has been regularly updated over the past 13 years. The latest version of ComRAT was...

Read More
Ragnar Locker Ransomware Deploys Virtual Machine to Evade Security Software
May26

Ragnar Locker Ransomware Deploys Virtual Machine to Evade Security Software

A new tactic is being used by the threat actors behind Ragnar Locker ransomware that allows them to evade security measures on the host machine and ensure their ransomware payload is executed. Ragnar Locker ransomware was first detected in 2019 and has been used in several high profile attacks, including the attack on the Portuguese energy company, Energias de Portugal where they demanded payment of $10.9 million for the keys to...

Read More
Another Malware Variant Identified that Targets Air-Gapped Networks
May19

Another Malware Variant Identified that Targets Air-Gapped Networks

In the past week, three cybersecurity firms have announced they have found malware variants that are being used to target air-gapped networks. First came the news that ESET had discovered Ramsay malware, followed by a report from Kaspersky Lab of a variant of COMpfun malware, named Reductor, that was also being used to steal data from air-gapped networks. Trend Micro has now announced that it has identified yet another a malware...

Read More
Ramsay Malware Designed to Steal Data from Air-Gapped Networks
May15

Ramsay Malware Designed to Steal Data from Air-Gapped Networks

A new malware toolkit has been discovered that appears to have been developed to steal sensitive data from air-gapped networks. Researchers at ESET have named the malware Ramsay and report it has a range of advanced features that allow it to keep under the radar and steal highly sensitive data from victims. One of the most effective ways of protecting sensitive data is to ensure that it is not saved on any device accessible through...

Read More
Prioritize Patching and Fix These Commonly Exploited Vulnerabilities
May14

Prioritize Patching and Fix These Commonly Exploited Vulnerabilities

A joint alert has been issued by the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to raise awareness about the most commonly exploited vulnerabilities to help organizations strengthen security and prevent attacks by sophisticated foreign threat actors. Patches should always be applied as soon as possible, but the number of patches now being...

Read More
Hacker Attacks More than 900,000 Vulnerable WordPress Sites in a Week
May07

Hacker Attacks More than 900,000 Vulnerable WordPress Sites in a Week

More than 900,000 WordPress websites have been attacked by a hacker over the space of about a week, according to a recent report from the cybersecurity company Defiant. The attacks were conducted using around 24,000 different IP addresses, but they are all believed to be the work of a single hacker as they were all attempting to insert the same malicious JavaScript backdoor into the websites. While the attacks have been ongoing for...

Read More
Malicious COVID-19 Domains Taken Down and New Blocklists Released
May06

Malicious COVID-19 Domains Taken Down and New Blocklists Released

Cybercriminals have registered large numbers of COVID-19 themed domains which are being used for a variety of scams. Internet service providers are being ordered to take down the websites but given the sheer number of malicious websites that have been set up, that process is taking some time. In the United Kingdom, Her Majesty’s Revenue and Customs (HMRC) has ordered internet service providers to take down 292 COVID-19 themed websites...

Read More
Easily Exploitable RCE Salt Vulnerabilities Discovered that Require Urgent Attention
May01

Easily Exploitable RCE Salt Vulnerabilities Discovered that Require Urgent Attention

Researchers at F-Secure have identified two high severity vulnerabilities in the SaltStack Python-based open source Salt project, which can allow remote code execution as root for a full takeover of vulnerable servers. F-Secure believes the vulnerabilities are likely to be exploited in a matter of hours. Salt is a popular configuration tool that is used for datacenter and cloud server management to monitor the state of servers and...

Read More
Microsoft Offers Advice to Healthcare Organizations on Reducing Risk of Manual Ransomware Attacks
Apr29

Microsoft Offers Advice to Healthcare Organizations on Reducing Risk of Manual Ransomware Attacks

Ransomware attacks on healthcare organizations and others involved in the fight against COVID-19 are continuing. In many cases, the attackers gained access to systems many weeks or months previously and have timed the deployment of the ransomware to cause maximum disruption when COVID-19 cases are about to peak to increase the probability of ransoms being paid. Microsoft has recently reported that there have been dozens of ransomware...

Read More
Sophos Discovers and Patches Actively Exploited Flaw in its XG Firewall
Apr27

Sophos Discovers and Patches Actively Exploited Flaw in its XG Firewall

Sophos has released a patch for a zero-day vulnerability in its XG Firewall which has been exploited in attacks to deliver malware. The flaw was discovered by Sophos on April 22, when an anomalous field value was discovered in the management interface of the Firewall. The investigation uncovered a previously unknown SQL injection vulnerability that had been exploited on some virtual and physical firewalls. Sophos reports that several...

Read More
Actively Exploited Zero-Day Flaws Identified in iOS Mail Application
Apr23

Actively Exploited Zero-Day Flaws Identified in iOS Mail Application

Two critical zero-day vulnerabilities have been identified in the iOS Mail application that have been exploited by threat actors in attacks on high profile targets since at least January 2018. The flaws were identified by the cybersecurity firm ZecOps which traced the flaws back to iOS 6, which was released by Apple in 2012, but it is possible that the flaws were introduced in an earlier Mail app version. The vulnerabilities have been...

Read More
Four Zero Day Vulnerabilities in IBM Data Risk Manager Have Been Publicly Disclosed
Apr22

Four Zero Day Vulnerabilities in IBM Data Risk Manager Have Been Publicly Disclosed

Four zero-day vulnerabilities have been identified in IBM Data Risk Manager (IDRM) which could allow the downloading of arbitrary files and, if chained together, remote code execution. The security researcher who discovered the vulnerabilities, Pedro Ribeiro, Director of Research at Agile Information Security, released details of the flaws on GitHub after IBM refused to acknowledge the vulnerabilities, which were responsibly disclosed...

Read More
Two Zoom Zero-Day Vulnerabilities Being Offered for Sale for $500,000
Apr16

Two Zoom Zero-Day Vulnerabilities Being Offered for Sale for $500,000

Two zero-day flaws in the Zoom videoconferencing platform have allegedly been discovered by hackers who are now offering them for sale. The hackers claim the flaws can be exploited to gain access to both the Windows and MacOS Zoom clients. Use of the Zoom teleconferencing solution has soared during the COVID-19 crisis, with personal and business users turning to the platform to maintain contact with friends, family, and the office...

Read More
Zoom Installers are Being Bundled with Malware
Apr08

Zoom Installers are Being Bundled with Malware

The sheer number of people now working from home to maintain social distancing during the coronavirus lockdown has resulted in huge interest in teleconferencing platforms such as Zoom. Despite the recent Zoom security concerns and privacy issues, Zoom remains one of the most popular teleconferencing platforms. Businesses are using the platform to ensure remote workers can maintain contact with the office, and consumers have started...

Read More
Lokibot Information Stealer Distributed in Spear Phishing ampaign Impersonating WHO
Apr06

Lokibot Information Stealer Distributed in Spear Phishing ampaign Impersonating WHO

Researchers at Fortinet’s FortiGuard Labs have identified a new spear phishing campaign that impersonates the World Health Organization (WHO) to distribute the LokiBot information stealer. The emails incorporate the WHO logo and claim to offer important advice about COVID-19 infection control and give recommendations. The email states that the information in the email attachment is intended to address misinformation about the 2019...

Read More
Beware of New Coronavirus Wiper Malware
Apr03

Beware of New Coronavirus Wiper Malware

A new wiper malware has been detected that uses a similar method to the 2017 NotPetya wiper malware to trash computers by overwriting the Master Boot Record (MBR) to render computers useless. Named Coronavirus, this wiper malware is being used purely for the purpose of sabotage. The malware variant was analyzed by researchers at SonicWall Capture Labs Threat Research. The researchers report that the malware variant is not as...

Read More
Zoom Security Concerns Mount as New Flaws Identified
Apr03

Zoom Security Concerns Mount as New Flaws Identified

The 2019 Novel Coronavirus pandemic has forced many employees into telecommuting with them maintaining contact with the office through videoconferencing apps such as Zoom. Zoom has proven to be one of the most popular choices during the COVID-19 crisis, registering a 535% increase in traffic in the past month, but the number of Zoom security concerns have been mounting. Zoom Security Concerns are Mounting Zoom security concerns have...

Read More
Micropatch Released for Actively Exploited Windows Font Processing Vulnerabilities
Mar31

Micropatch Released for Actively Exploited Windows Font Processing Vulnerabilities

Library were being actively exploited in the wild. The flaws concern how type 1 PostScript fonts are handled. The flaws can be exploited if a user is convinced to open a specially crafted document; however, it is also possible to exploit the flaws if a document is viewed in the Windows preview pane. The flaws affect Windows 10, Windows 8.1, Windows 7, Windows Server 2019, 2016, 2012, 2012 R2, 2008 and 2008 R2. Microsoft reports that...

Read More
Cybercriminals are Changing DNS Settings on Routers to Deliver Malware Through Fake Coronavirus Apps
Mar30

Cybercriminals are Changing DNS Settings on Routers to Deliver Malware Through Fake Coronavirus Apps

A malware distribution campaign has been detected that uses malicious coronavirus apps to deliver the Oski information stealing Trojan. The campaign was detected by Bitdefender which reports that 1,193 individuals have been targeted in just a couple of days from March 18. Attempts have been made to shut down the malware repositories that are being used by the attackers, but it is probable that others will be set up to take their...

Read More
Hacked News Sites Used to Spread Malware Disguised as Google Chrome Update
Mar26

Hacked News Sites Used to Spread Malware Disguised as Google Chrome Update

If you visit a website and are advised that you need to update Google Chrome, do not download the update. A campaign has been identified that is using fake Google Chrome updates to trick web visitors into downloading and installing malware. The hacking group is targeting news websites and corporate sites running WordPress and injecting malicious JavaScript code that redirects visitors to landing pages on malicious websites that claim...

Read More
Database Containing Extensive Information of 200 Million Americans Exposed Online
Mar24

Database Containing Extensive Information of 200 Million Americans Exposed Online

A database on the Google Cloud platform containing 800 gigabytes of data and over 200 million user records has been misconfigured and was exposed online, according to researchers at CyberNews. The database contained a folder that included detailed information on around 200 million Americans, including full names, phone numbers, email addresses, dates of birth, credit ratings, home addresses, mortgaged property addresses, number of...

Read More
All Supported Windows Versions Affected by Two Actively Exploited Zero-Day RCE Flaws
Mar23

All Supported Windows Versions Affected by Two Actively Exploited Zero-Day RCE Flaws

Microsoft has issued a security advisory about two actively exploited zero-day flaws in Windows Adobe Type Manager Library. The critical remote code execution vulnerabilities affect all supported Windows desktop and server versions and Windows 7. If exploited, attackers would be able to take full control of vulnerable computers. The flaws are being exploited in limited targeted attacks. Microsoft is currently working on a patch to...

Read More
New Vulnerabilities Identified in Popular Password Managers
Mar23

New Vulnerabilities Identified in Popular Password Managers

Password managers help you create complex and unique passwords for every application, service, and website but how secure are password managers? Could a password manager actually weaken security? According to a study conducted by researchers at the University of York, password managers are not totally secure. Vulnerabilities in password managers have been found that could potentially be exploited by cybercriminals to gain access to a...

Read More
WHO Director-General Impersonated in Spam Campaign Delivering HawkEye Keylogger and Malware Downloader
Mar20

WHO Director-General Impersonated in Spam Campaign Delivering HawkEye Keylogger and Malware Downloader

Another coronavirus-themed phishing campaign has been detected impersonating the World Health Organization (WHO), or more specifically, the Director-General of WHO, Dr. Tedros Adhanom Ghebreyesus. The campaign was identified by security researchers at IBM X-Force Threat Intelligence who report that several waves of spam have already been delivered. The threat actors behind the campaign are using spam emails to distribute a malware...

Read More
Adobe Releases Out-of-Band Patches for 29 Critical Vulnerabilities
Mar18

Adobe Releases Out-of-Band Patches for 29 Critical Vulnerabilities

Adobe usually releases its software updates on Patch Tuesday, the second Tuesday of the month, but no patches were released on March 10, but the round of updates has come a week later, with fixes issued for 41 vulnerabilities across 6 of its products. 29 critical flaws have been addressed and the remaining 11 patches address vulnerabilities that have been rated important. The six affected products are Adobe Genuine Integrity Service,...

Read More
100,000 Websites Impacted by WordPress Popup Builder Plugin Vulnerabilities
Mar16

100,000 Websites Impacted by WordPress Popup Builder Plugin Vulnerabilities

Two vulnerabilities have been identified in the popular WordPress plugin, Popup Builder, which is used on around 100,000 websites. The plugin was developed by Sygnoos to help website owners create and manage popups for marketing products and services to website visitors. The plugin includes the option of incorporating JavaScript code into popups, which runs when popups are loaded. Researchers at Defiant identified flaws that allow an...

Read More
Critical SMBv3 Vulnerability Leaked: Microsoft Patch and Mitigations
Mar12

Critical SMBv3 Vulnerability Leaked: Microsoft Patch and Mitigations

Update 03/12/20: Microsoft has updated its security advisory and released a patch for CVE-2020-0796 Windows 10 and Windows Server 1903 / Server 1909:  Microsoft released patches for 155 vulnerabilities on March 2020 Patch Tuesday but there was one notable absence. A patch was not released for a critical Server Message Block (SMBv3) vulnerability, tracked as CVE-2020-0796. Both Fortinet and Cisco Talos published blogs summarizing the...

Read More
AMD CPUs Vulnerable to Two New Side Channel Attacks
Mar11

AMD CPUs Vulnerable to Two New Side Channel Attacks

All AMD processor manufactured between 2011 and 2019 are vulnerable to two new side channel attacks, according to researchers at Graz University of Technology, some of whom were responsible for identifying the Spectre and Meltdown vulnerabilities. In their paper, Take A Way: Exploring the Security Implications of AMD’s Cache Way Predictors, the researchers detail two side channel attacks that can be performed exploiting...

Read More
Microsoft Releases Patches for 115 Vulnerabilities Including 26 Critical Flaws
Mar10

Microsoft Releases Patches for 115 Vulnerabilities Including 26 Critical Flaws

Microsoft released a record number of patches on March Patch Tuesday. 115 vulnerabilities have been patched across the entire product range, including 26 vulnerabilities that have been rated critical and 88 that have been rated important. None of the flaws in the March round of updates are believed to have been exploited in the wild and none have been made public prior to the patches being released. 17 of the critical flaws affect...

Read More
Microsoft Exchange RCE Vulnerability Being Actively Exploited in the Wild
Mar10

Microsoft Exchange RCE Vulnerability Being Actively Exploited in the Wild

A post-auth remote code execution vulnerability affecting all supported versions of Microsoft Exchange Server is now being exploited in the wild by multiple advanced persistent threat (APT) groups. The vulnerability, tracked as CVE-2020-0688, is present in the Exchange Control Panel (ECP) component of Microsoft Exchange Server and is the result of the failure to create unique cryptographic keys during installation. That means that all...

Read More
Several New Coronavirus-Themed Phishing Scams and Malspam Campaigns Detected
Mar09

Several New Coronavirus-Themed Phishing Scams and Malspam Campaigns Detected

Further email campaigns have been detected that are using the novel coronavirus (COVID-19) outbreak as a lure to spread malware, phish for sensitive data, and fool people into making donations to fake charities. The World Health Organization has previously issued a warning that cybercriminals were using its logos in malicious email campaigns and those campaigns have continued. Campaigns have also been detected impersonating the...

Read More
TrickBot Trojan Gets Trickier with ActiveX Control to Automatically Run Malicious Macros
Mar06

TrickBot Trojan Gets Trickier with ActiveX Control to Automatically Run Malicious Macros

The TrickBot Trojan is now even trickier now that a Windows 10 ActiveX control has been incorporated to automatically run malicious macros in email Office attachments. Several documents have been intercepted in the past few days that abuse the Windows 10 ActiveX control. Malspam emails using this new delivery technique were intercepted by researchers at Morphisec Labs. The ActiveX control is used to execute an OSTAP JavaScript...

Read More
More than 480 Bluetooth Devices Affected by SweynTooth Vulnerabilities
Mar05

More than 480 Bluetooth Devices Affected by SweynTooth Vulnerabilities

12 vulnerabilities have been identified in Bluetooth Low Energy (BLE) software development kits (SDKs) from at least 7 manufacturers. The SDKs are used for system-on-a-chip (SoC) chipsets that are incorporated devices to support BLE communications. The flaws were discovered by researchers at the Singapore University of Technology and Design who collectively named them SweynTooth after Sweyn Forkbeard, the son of King Bluetooth, after...

Read More
More Than 1 Billion Devices Affected by Kr00k Wi-Fi Encryption Vulnerability
Mar04

More Than 1 Billion Devices Affected by Kr00k Wi-Fi Encryption Vulnerability

A vulnerability has been identified in Wi-Fi chips manufactured by Broadcom and Cypress which are used in more than a billion devices, according to a paper recently published by ESET. Smartphones, tablets, laptops, and IoT devices are all affected, including Apple iPhones, iPads, and MacBooks; Samsung Galaxy and Google Nexus smartphones; Amazon Echo and Kindle; Raspberry Pi3; Asus and Huawei access points and routers; and many IoT...

Read More
High Severity Flaw Patched in NVIDIA GPU Display Driver
Mar02

High Severity Flaw Patched in NVIDIA GPU Display Driver

NVIDIA has released security updates that correct flaws in the NVIDIA GPU Display Driver and NVIDIA VGPU Software. An updated GPU display driver has been released with a fix for two vulnerabilities, both of which reside in the NVIDIA Control Panel. One of the flaws is rated high severity flaw and could lead to local escalation of privileges and a denial of service condition on a vulnerable Windows device by corrupting a system file....

Read More
What is a DNS Filter?
Feb29

What is a DNS Filter?

In this post we explain what a DNS filter is, why DNS filtering is important for cybersecurity, and other advantages of DNS filtering, but first it is useful to explain what the DNS is and why it is essential to the correct functioning of the internet. What is the Domain Name System? The Domain Name System (DNS) is the brainchild of Paul Mockapetris. In 1983, Mockapetris and his team developed the DNS to support the growth of email...

Read More
Micropatch Available to Fix for CVE-2020-0674 Internet Explorer Flaw for Windows 10 1903 and 1909 Users
Feb25

Micropatch Available to Fix for CVE-2020-0674 Internet Explorer Flaw for Windows 10 1903 and 1909 Users

Enterprise users of Windows 10 v1903 and v1909 may have held off patching the CVE-2020-0674 vulnerability in Internet Explorer versions 9-11 due to the problems many have experienced with the temporary patch issued by Microsoft and issues with the buggy KB4532693 cumulative update. Fortunately, 0Patch has released a fix that can be applied as a temporary measure until a permanent solution is released by Microsoft that does not have...

Read More
Q4 2019 Threat Report Reveals Emotet Dominates Threat Landscape
Feb20

Q4 2019 Threat Report Reveals Emotet Dominates Threat Landscape

The Q4, 2019 Threat Report from cybersecurity firm Proofpoint has confirmed Emotet was the biggest malware threat in 2019, accounting for 37% of all malicious payloads in 2019, even though for several months of 2019 Emotet was inactive. Emotet activity is up considerably from 2018, when it accounted for 28% of malicious payloads for the year. In Q4, 2019, Emotet accounted for 31% of all malicious payloads. Banking Trojans also proved...

Read More
LokiBot Trojan Masquerades as Epic Games Software Installer
Feb19

LokiBot Trojan Masquerades as Epic Games Software Installer

Threat actors behind the LokiBot Trojan, an information stealer and a backdoor that gives attackers access to Windows systems, are using a new tactic to install their Trojan: Impersonation of a legitimate software installer used by EPIC Games, the gaming company behind the hugely popular free-to-play game Fortnite. LokiBot was first identified around 5 years ago and it is constantly tweaked and updated. LokiBot can steal sensitive...

Read More
99 Vulnerabilities Patched by Microsoft on February 2020 Patch Tuesday
Feb11

99 Vulnerabilities Patched by Microsoft on February 2020 Patch Tuesday

February 2020 Patch Tuesday has seen Microsoft release patches for 99 vulnerabilities (and one advisory for Adobe Flash), making it one of the largest monthly patch releases in recent months. 12 of the patches correct critical vulnerabilities with the remainder all rated important. Four patches correct vulnerabilities that have previously been disclosed, one of which – CVE-2020-0674 – is an actively exploited vulnerability affecting...

Read More
Emotet Now Spreading by Hacking Nearby WiFi Networks
Feb10

Emotet Now Spreading by Hacking Nearby WiFi Networks

A new variant of Emotet spreads like a worm sending copies of itself to computers connected to WiFi networks within range of an infected device.  This is the first time that this method of propagating the Emotet Trojan has been identified, but it would appear that it is not actually new and has been used for many months. The new Emotet capability was detected by researchers at Binary Defense on January 23, 2019. Their research...

Read More
Malware Campaign Delivers Package of Seven Malware Variants via BitBucket
Feb07

Malware Campaign Delivers Package of Seven Malware Variants via BitBucket

Cybereason’s Nocturnus research team has identified a malware distribution campaign that aims to deliver multiple malware variants via the cloud storage platform BitBucket. The researchers believe more than 500,000 computers have already been infected, with hundreds more infections occurring every hour. Victims are infected with several malware variants including the Azorult backdoor and information stealer, STOP ransomware, the...

Read More
Vulnerable Citrix Servers Targeted by Ransomware Gangs
Jan27

Vulnerable Citrix Servers Targeted by Ransomware Gangs

Multiple threat actors are conducting attacks on Citrix servers that have not had the patch applied to correct the CVE-2019-19781 vulnerability. The flaw affects the Citrix Application Delivery Controller (ADC), Citrix Gateway, and two old versions of Citrix SD-WAN WANOP appliances and was announced on December 17, 2019. Exploits for the vulnerability first started to be published on January 11, 2020. A permanent fix was issued to...

Read More
Urgent Patching Required for Windows Server Flaws Now PoC Exploits Published
Jan27

Urgent Patching Required for Windows Server Flaws Now PoC Exploits Published

On January 2020 Patch Tuesday (01.14.2020) Microsoft released patches to address two vulnerabilities in Remote Desktop Gateway (RD Gateway) that affected Windows Server 2012, 2016, and 2019. The vulnerabilities have been collectively named BlueGate. Exploitation of the vulnerabilities could lead to remote code execution. Microsoft recommended prompt patching to correct the flaws and now the urgency has increased as several...

Read More
CISA Warns of Increase in Emotet Malware Activity
Jan24

CISA Warns of Increase in Emotet Malware Activity

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning over an increase in Emotet malware activity. The Emotet botnet sprung back to life on January 13, 2020 with largescale spamming campaigns detected spreading the Emotet Trojan. The Emotet Trojan is a modular malware that serves as a banking Trojan, information stealer, and malware downloader. The Trojan can move...

Read More
Cisco Patches Critical Vulnerability in Cisco Firepower Management Center
Jan24

Cisco Patches Critical Vulnerability in Cisco Firepower Management Center

Cisco has issued hotfix patches for a critical vulnerability in its network security tool, Cisco Firepower Management Center (FMC). The flaw, tracked as CVE-2019-16028, is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external server. The flaw could be exploited by a remote attacker to bypass authentication and execute arbitrary actions on a vulnerable device with...

Read More
The Emotet Botnet is Back in Action Sending Spam with New Lures to Fool the Unwary
Jan22

The Emotet Botnet is Back in Action Sending Spam with New Lures to Fool the Unwary

There was a welcome Christmas break from the Emotet botnet, but life has returned to normal and it is well and truly back in action. Millions of malspam emails are now being sent spreading the Emotet Trojan in more than 80 countries. The emails contain attachments that are used to install the information stealing Emotet Trojan. Since Emotet is itself a malware downloader, that may not be the only malicious payload that is deployed....

Read More
Critical Zero-Day Internet Explorer Vulnerability Exploited in the Wild
Jan21

Critical Zero-Day Internet Explorer Vulnerability Exploited in the Wild

Microsoft has announced it is developing a patch for a zero-day Internet Explorer vulnerability that is currently being exploited in the wild. In the meantime, a workaround has been released which should be implemented as soon as possible to prevent exploitation of the vulnerability. The vulnerability is present in Internet Explorer 9, 10 and 11 when used on Windows 7, 8.1, and 10, as well as Windows Server 2012, 2016, and 2019. An...

Read More
January 2020 Patch Tuesday Sees Microsoft Patches 49 Vulnerabilities
Jan14

January 2020 Patch Tuesday Sees Microsoft Patches 49 Vulnerabilities

January 2020 Patch Tuesday has seen Microsoft issue patches for 49 vulnerabilities including 7 rated critical, along with a fix for the Crypt32.dll vulnerability discovered and publicly disclosed by the U.S. National Security Agency. Microsoft has also issued its last round of updates for Windows 7, which reached end of life on January 14. None of the vulnerabilities in this month’s updates are being exploited in the wild and details...

Read More
NSA Issues Cybersecurity Advisory on Critical Flaw Affecting Windows 10 and Windows Server
Jan14

NSA Issues Cybersecurity Advisory on Critical Flaw Affecting Windows 10 and Windows Server

The U.S. National Security Agency has taken the unusual step of publicly disclosing a vulnerability to a software vendor. This is the first time that such a disclosure has been attributed to the NSA. The vulnerability, tracked as CVE-2020-0601, affects Windows 10 and Windows Server 2016 and 2019, and has been rated as critical by the NSA, but only important by Microsoft. When the NSA discovers vulnerabilities they are usually kept...

Read More
Critical Citrix Vulnerability Under Active Attack
Jan13

Critical Citrix Vulnerability Under Active Attack

A critical vulnerability in the Citrix Application Delivery Controller and Citrix Gateway is being exploited in real world attacks. The vulnerability was discovered by security researcher Mikhail Klyuchnikov who reported it to Citrix, but more than a month after being notified about the flaw, a firmware upgrade has yet to be released for vulnerable Citrix appliances. The vulnerability, CVE-2019-19781, has been described by some...

Read More
Mozilla Patches Actively Exploited Zero Day Firefox Vulnerability
Jan10

Mozilla Patches Actively Exploited Zero Day Firefox Vulnerability

Mozilla has patched a critical zero-day vulnerability in the Firefox browser which is being actively exploited in the wild. The flaw – tracked as CVE-2019-17026 – is a type confusion vulnerability in the IonMonkey just-in-time (JIT) compiler for the Mozilla SpiderMonkey JavaScript engine with StoreElementHole and FallibleStoreElement. The flaw is present in the Firefox web browser for Windows, Linux, and Mac. The flaw is due to...

Read More
Landry’s Restaurant Chain Discovers POS Malware Infection
Jan07

Landry’s Restaurant Chain Discovers POS Malware Infection

The popular U.S. restaurant chain Landry’s has discovered malware on the point of sale (POS) system used by 63 of the chain’s brands including Aquarium, Atlantic Grill, Bubba Gump Shrimp Co., Mitchell’s Steakhouse, Morton’s, and Rainforest Café. The malware potentially stole track data, which included card numbers, expiry dates, cardholder’s names, and verification codes. Landry’s said in its breach notification that it had installed...

Read More
Critical Flaw Affecting 80,000 Businesses Patched by Citrix
Dec27

Critical Flaw Affecting 80,000 Businesses Patched by Citrix

A critical vulnerability in the Citrix Application Delivery Controller and Citrix Gateway has been patched by Citrix. If exploited, the vulnerability could allow an unauthenticated user to access a company’s applications and remotely execute arbitrary code on a company’s local network.  The vulnerability  – CVE-2019-19781 – affects all versions of the Citrix Application Delivery Controller and Citrix Gateway on all...

Read More
Campaign Identified Delivering Package of 6 Malware Variants
Dec24

Campaign Identified Delivering Package of 6 Malware Variants

A malware distribution campaign has been detected by researchers at Deep Instinct which is delivering a package of 6 malware variants in one hit. The malware includes a backdoor, cryptojacker, cryptocurrency stealer, and information stealing Trojans. Deep Instinct has called the campaign Hornet’s Nest due to the sheer number of threats being delivered. The campaign starts with the delivery of a malware dropper dubbed Legion Loader,...

Read More
Preinstalled Acer and Asus Software Contains Privilege Escalation Flaws
Dec19

Preinstalled Acer and Asus Software Contains Privilege Escalation Flaws

SafeBreach has discovered vulnerabilities in software preinstalled on Acer and Asus laptops and computers which could be exploited by hackers to execute malicious payloads with elevated permissions using a signed service. The first flaw affects Acer Quick Access, a preinstalled application that has system-level privileges. Acer Quick Access allows users to modify USB charge settings, toggle wireless devices on and off, and change...

Read More
New Orleans Recovering from Ransomware Attack
Dec16

New Orleans Recovering from Ransomware Attack

On Friday December 13, 2019, the City of New Orleans suffered a cyberattack which forced it to shut down its servers while the incident was investigated. The attack was discovered around 5am on Friday when suspicious activity was detected on the network. The decision was taken to shut down its servers around 11am and employees were told to turn off their computers in an attempt to contain the attack. The City’s Emergency Operations...

Read More
Zeppelin Ransomware Used to Attack MSPs, Technology, and Healthcare Companies
Dec13

Zeppelin Ransomware Used to Attack MSPs, Technology, and Healthcare Companies

Security researchers at Blackberry Cylance have identified a new variant of Buran ransomware which is being used in targeted attacks on technology and healthcare companies in Europe and the United States. The new ransomware variant was first detected on November 6, 2019. It is written in Delphi and is a member of the VegaLocker and Buran ransomware family. It is believed to be distributed under the ransomware-as-a-service model. The...

Read More
Flaw in Ryuk Ransomware May Make Data Recovery Impossible
Dec10

Flaw in Ryuk Ransomware May Make Data Recovery Impossible

Disaster strikes. Your business has been attacked and ransomware has been deployed. You decide to pay the ransom to ensure a quick recovery, only to discover that the decryption keys supplied by the attackers do not work. This is one of the reasons why the FBI’s advice is never to pay the ransom. It is not in the best interests of cybercriminals to permanently encrypt data. After all, once word spreads that paying a ransom will not...

Read More
Ransomware Attacks on Network Attached Storage (NAS) Devices on the Rise
Dec10

Ransomware Attacks on Network Attached Storage (NAS) Devices on the Rise

A hacker succeeds in gaining access to the computer systems of a business and ransomware is deployed, but there is a fair chance that the business will recover its files from backups and not pay the ransom. However, if backups are not available, there is a high chance that the business will have to pay since data loss is simply not an option. It is therefore no surprise that hackers are now targeting backups and Network Attached...

Read More
Microsoft Issues 37 Updates on December 2019 Patch Tuesday; Adobe Fixes 24
Dec10

Microsoft Issues 37 Updates on December 2019 Patch Tuesday; Adobe Fixes 24

December Patch Tuesday has seen Microsoft release patches for 37 vulnerabilities along with 2 advisories. 7 of the vulnerabilities are rated critical, 27 are rated important, 1 is rated moderate, and another is rated low severity. One of the important updates corrects a Windows zero-day privilege escalation flaw – CVE-2019-1458 – in the Win32k component that handles objects in the memory. An attacker could exploit the flaw and...

Read More
New Highly Destructive Wiper Malware Variant Detected
Dec06

New Highly Destructive Wiper Malware Variant Detected

A new wiper malware has been detected by security researchers at IBM X-Force which is being used in attacks on energy companies and industrial firms in the Middle East. The malware is believed to have been created by two threat groups in Iran that are known to have links to the Iranian government, APT34 and xHunt. The malware, named ZeroCleare, is being used in targeted attacks against specific organizations according to the...

Read More
StrandHogg Android Vulnerability Allows Malicious Apps to Pose as Legitimate Ones
Dec04

StrandHogg Android Vulnerability Allows Malicious Apps to Pose as Legitimate Ones

An Android vulnerability has been discovered that allows malicious apps to disguise themselves as legitimate apps and gain full permissions. The vulnerability is being actively exploited by dozens of malicious apps. In order for the flaw to be exploited, a malicious app must first be downloaded. Once on the device, it can masquerade as any legitimate app on the device. When the app icon of a legitimate app is clicked, the malware is...

Read More
Critical Vulnerability Patched in GoAhead EmbedThis Web Server Software
Dec04

Critical Vulnerability Patched in GoAhead EmbedThis Web Server Software

Two vulnerabilities have been identified in GoAhead’s EmbedThis Web Server software, which is used by hundreds of millions of Internet of Things (IoT) devices, one of which is a critical flaw that could allow an attacker to take full control of a vulnerable device. GoAhead EmbedThis is an embedded web server for embedded devices. The most serious flaw, CVE-2019-5096, is a remote code execution vulnerability that arises when the web...

Read More
Microsoft Reports on New Dexphot Malware That Has Infected 80,000 Devices
Nov27

Microsoft Reports on New Dexphot Malware That Has Infected 80,000 Devices

This week, Microsoft has reported on a ‘new’ malware threat named Dexphot. It is not exactly new, as Microsoft first detected the threat in October 2018, but an announcement has now been made after a year of tracking the threat. Dexphot is one of a breed of polymorphic malware variants that often evade detection by security solutions. In the case of Dexphot, a variety of methods are used to fool security solutions, notably Dexphot...

Read More
Novel Digital Skimming Attack Targets Retailers Using Third-Party Payment Service Platforms
Nov26

Novel Digital Skimming Attack Targets Retailers Using Third-Party Payment Service Platforms

A novel digital skimming attack method has been uncovered by researchers at Malwarebytes, which spoofs third-party secure payment pages used by many online retailers to process their payments combining digital skimming with phishing tactics. When a purchase is made on a website that uses a third-party payment service platform (PSP), the customer is redirected to the PSP which is maintained by the service provider. Their payment is...

Read More
37 Vulnerabilities Identified in Popular Virtual Networking Computing Applications
Nov25

37 Vulnerabilities Identified in Popular Virtual Networking Computing Applications

Researchers at Kaspersky Lab have identified 37 vulnerabilities in popular Virtual Network Computing (VNC) applications, some of which are critical and could allow access to sensitive information, the deployment of malware, and the remote execution of arbitrary code. In the most part, the vulnerabilities could result in malfunction or denial of service although some could result in a full compromise of a vulnerable system. VNC is a...

Read More
Horrific Android Camera Vulnerability Left Millions of Users Vulnerable to Spying
Nov21

Horrific Android Camera Vulnerability Left Millions of Users Vulnerable to Spying

A vulnerability has been identified in the Google Camera and Samsung Camera apps that is easy to exploit and would allow an attacker to take photos on a vulnerable device, record video, obtain the location of the device, record conversations, access stored images and videos, and silence the shutter sound to ensure the user is unaware that pictures are being taken. All recorded information could then be transferred to the attacker’s C2...

Read More
PureLocker Ransomware: A New Ransomware Threat Targeting Enterprise Servers
Nov14

PureLocker Ransomware: A New Ransomware Threat Targeting Enterprise Servers

Security researchers at IBM X-Force and Intezer have identified a new form of ransomware that is being used in targeted attacks on enterprise servers. The new threat has been called PureLocker as it has been written in PureBasic, which is unusual for ransomware. PureLocker represents a serious threat, especially since signature-based security solutions struggle to detect malware written in PureBasic. Researchers at Intezer note that...

Read More
November Patch Tuesday: Microsoft Patches 74 Flaws Including Actively Exploited RCE
Nov13

November Patch Tuesday: Microsoft Patches 74 Flaws Including Actively Exploited RCE

November Patch Tuesday has seen Microsoft patch 74 vulnerabilities across all its products, including 13 critical flaws and one remote code execution vulnerability that is being actively exploited in the wild. The actively exploited flaw – CVE-2019-1429 – is in Internet Explorer and is a Scripting Engine Memory Corruption vulnerability that was identified by Google’s Project Zero team. The flaw can be exploited by convincing a...

Read More
CISA Issues Warning About Holiday Season Scams
Nov12

CISA Issues Warning About Holiday Season Scams

‘Tis the season to be jolly, especially if you are a scammer. In the run up to holiday season, cybercriminals go into overdrive and are ready and waiting to take advantage of the millions of online shoppers looking to secure a bargain. Holiday season scams are plentiful, highly varied, convincing, and often successful. This year, the U.S. government is warning consumers to be on high alert for holiday season scams that aim to obtain...

Read More
Highly Convincing Phishing Scam Uses Fake WebEx Client to Deliver RAT
Nov11

Highly Convincing Phishing Scam Uses Fake WebEx Client to Deliver RAT

A new phishing scam has been detected that uses a WebEx meeting request as a lure to get business users to download a remote access Trojan that masquerades as the WebEx client (WebEx.exe). The campaign was detected by Alex Lanstein and shared on Twitter. The meeting request is a carbon copy of a genuine WebEx meeting notification email. As with the real meeting requests, the email contains a Join Meeting button, which the user needs...

Read More
MegaCortex Ransomware Ups the Ante with Threat of Publication of Stolen Data
Nov08

MegaCortex Ransomware Ups the Ante with Threat of Publication of Stolen Data

The developers of MegaCortex ransomware have released an updated version of their file-encrypting malware. The latest version incorporates a new feature to hamper recovery without paying the ransom along with a new threat. Victims are told that if they do not pay the ransom, their files will be published online. The latest version of MegaCortex ransomware was discovered by MalwareHunterTeam. The new version will change the Windows...

Read More
Targeted Ransomware Attacks Hit Spanish Companies Hard
Nov06

Targeted Ransomware Attacks Hit Spanish Companies Hard

A wave of ransomware attacks has been reported in Spain with several appearing to have been attacked almost simultaneously on Monday. One of the attacked companies was Everis, one of the largest IT consulting companies and managed service providers in Spain. The attack on Everis was targeted, which was made clear by the extension added to files encrypted by the ransomware – .3v3r1s. The dropped ransom note explained that its network...

Read More
Mass BlueKeep RDP Attacks Detected Spreading Cryptcurrency Miners
Nov04

Mass BlueKeep RDP Attacks Detected Spreading Cryptcurrency Miners

The BlueKeep remote code execution vulnerability in Windows Remote Desktop Services is being exploited in real world attacks. The vulnerability – CVE-2019-0708 – can be exploited on vulnerable systems by sending a specially crafted request over RDP. No user interaction is required.  A patch to correct the flaw was issued by Microsoft in May. The flaw is one of the most serious vulnerabilities discovered in 2019. Like the Windows...

Read More
Update Google Chrome: Zero-Day Vulnerability Being Actively Exploited in the Wild
Nov01

Update Google Chrome: Zero-Day Vulnerability Being Actively Exploited in the Wild

A recently discovered vulnerability in Google Chrome is being actively exploited by hackers. The vulnerability was discovered by Kaspersky Lab security researchers Anton Ivanov and Alexey Kulaev who reported the flaw to Google. The flaw – CVE-2019-13720 – is a high-severity use-after-free memory corruption vulnerability in the audio component of the Chrome browser. If exploited the flaw could cause the browser to crash and...

Read More
FBI Issues Warning Following Increase in E-Skimming Attacks
Oct28

FBI Issues Warning Following Increase in E-Skimming Attacks

The FBI has issued a warning following an increase in e-skimming attacks on small and medium sized businesses and government agencies. E-skimming is the term given to the loading of malicious code onto e-commerce websites that captures credit card information when consumers purchase products online. The code sends personal information and credit card details to an attacker-controlled domain in real-time. These attacks are performed on...

Read More
7.5 Million Adobe Creative Cloud Users Warned of Data Breach
Oct28

7.5 Million Adobe Creative Cloud Users Warned of Data Breach

Adobe has announced that a vulnerability has exposed the private information of approximately 7.5 million Adobe Creative Cloud users. The information was contained in an Elasticsearch database, which could be accessed by anyone via a web browser without any authentication required. Fortunately, only basic customer information was exposed. No financial information or passwords were stored in the database, only basic information about...

Read More
NordVPN Discloses 2018 Security Breach
Oct23

NordVPN Discloses 2018 Security Breach

NordVPN is one of the most popular and well-known VPN services on the market. It is used by many people to ensure privacy when using the internet; however, the firm has recently announced that it has suffered a security breach. The announcement came following a post on Twitter by a security researcher who claimed that an unknown individual had stolen private encryption keys that ensure traffic through its servers remain private and...

Read More
Free Decyptor for STOP Ransomware Released
Oct21

Free Decyptor for STOP Ransomware Released

Researchers at New Zealand-based cybersecurity firm Emsisoft have released a free decryptor for STOP ransomware. STOP ransomware is primarily used to attack consumers rather than businesses and is usually delivered via cracked software and adware bundles distributed on websites that offer cracks for legitimate software applications such as Photoshop. The threat actors behind the campaign are highly active. In fact, STOP ransomware is...

Read More
Critical Linux Wi-Fi Bug Could Result in Full System Compromise
Oct21

Critical Linux Wi-Fi Bug Could Result in Full System Compromise

A critical flaw in the Linux rtlwifi driver has been identified which could allow a full system compromise. A patch is being prepared but as not yet been added to the Linux kernel. The rtlwifi driver is used to ensure compatibility of Realtek Wi-Fi chips on Linux devices and allow them to communicate with the Linux operating system. The vulnerability – CVE-2019-17666 – has existed for around 4 years but has only just been...

Read More
Adobe October Update Includes Patches for 45 Critical Vulnerabilities in Acrobat and Reader
Oct16

Adobe October Update Includes Patches for 45 Critical Vulnerabilities in Acrobat and Reader

Adobe usually releases its patches, fixes, and software updates on the same day as Microsoft – The second Tuesday of the month or Patch Tuesday as it has come to be known. No updates were release on Tuesday, October 9, but it turns out that the updates have just been delayed. On October 15, Adobe released a slew of updates to correct vulnerabilities in Adobe Acrobat, Adobe Reader, Adobe Experience Manager, Adobe Experience Manager...

Read More
Many Popular Smartphones Vulnerable to Actively Exploited Zero-Day Android Flaw
Oct15

Many Popular Smartphones Vulnerable to Actively Exploited Zero-Day Android Flaw

A zero-day flaw in the Android operating system used by some of the most popular mobile phones on the market is being exploited in real-world attacks. The zero-day flaw is being exploited by the Israeli surveillance firm NSO Group, which is best known for selling zero-day exploits in operating systems to governments for the purpose of espionage. The flaw is present in the Android Kernel binder driver and is a use-after-free...

Read More
Reductor Malware Allows Hijacking of HTTPS Traffic
Oct11

Reductor Malware Allows Hijacking of HTTPS Traffic

Security researchers at Kaspersky Lab have identified a new form of malware named Reductor that manipulates the random number generator of web browsers allowing decryption of TLS traffic on the fly. The threat actors behind the malware have not been identified, although there are similarities in the code which links it to the COMPfun Trojan, suggesting the authors of both malware variants could be one and the same. Based on...

Read More