Home » News


Scripts for clickjacking detected on sites with a total audience of 43 million users per day

Scripts for clickjacking detected on sites with a audience of 43 million users

For the first time clickjacking attracted the attention of information security experts more than ten years ago, and since that time it continues to be very popular with cybercriminals. Now scripts for clickjacking detected on many sites. Despite the constant improvement of protection mechanisms against this threat by browser developers, it is not possible to destroy it. A team of …

Read More »

Vulnerability in Trend Micro Password Manager endangers Windows users

Vulnerability in Trend Micro

SafeBreach researchers found a vulnerability in the Trend Micro Password Manager. Using this security issue, an attacker can strengthen his presence in an attacked Windows system. The attack vector exists due to the fact that the Trend Micro Password Manager Central Control Service (PwmSvc.exe file) is launched with the rights of the most privileged Windows account – NT Authority\System. “This …

Read More »

Android Banker Cerberus Uses Pedometer to Avoid Detection

Android Banker Cerberus

Recently, many popular Android Trojans (such as Anubis, Red Alert 2.0, GM-bot and Exobot) have stopped their activities in the field of malware-as-a-service. However, new players are already taking their place. For example Android Banker Cerberus. Experts from the Amsterdam-based company ThreatFabric discovered the new Android malware Cerberus. Cerberus does not exploit any vulnerabilities and is distributed exclusively through social …

Read More »

Researchers introduced a system for assessing the probability of exploiting vulnerabilities in real attacks

Exploit Prediction Scoring System

As you probably know, all systems are vulnerable. Annually, CVE identifiers are assigned to thousands of discovered vulnerabilities, and it’s almost impossible to monitor every new one. Exploit Prediction Scoring System maybe solve these problems How to understand which companies correct immediately, and which ones can be put on hold, specialists tried to figure out at the Black Hat USA …

Read More »

Experts infected Canon DSLR with ransomware via Wi-Fi

Vulnerabilities in Canon cameras

Check Point analysts found six vulnerabilities in the implementation of the Picture Transfer Protocol (PTP) used in Canon cameras. The exploitation of these problems ultimately enables intercepting control over the device and allows the attacker to install any malware on the DSLR (including “over the air” path if the camera supports wireless connections). “Our research shows how an attacker in …

Read More »

Trojan Varenyky spies on porn sites users

Varenyky spies on porn users

ESET experts warned that since May 2019, French users have been attacked by Windows malware Varenyky, which not only sends spam from infected machines, but also records everything that happens on victims’ computers when they visit porn sites — Varenyky spies on porn sites users. Varenyky spreads according to the classical scheme – through malicious emails that supposedly contain some …

Read More »

Clipsa Windows malware steals cryptocurrency and applies brute forces for WordPress sites

Clipsa malware attack wordpress

Avast specialists discovered Clipsa, the strange malware, which not only steals cryptocurrency, substitutes wallet addresses in the users’ buffers and installs miners on infected machines, but also launches brute-force attacks against WordPress sites on compromised hosts. The main source of infections are codec packs for media players that users download on the Internet themselves. According to researchers, Clipsa has been …

Read More »

Password-stealing malware LokiBot started hiding its code in pictures

LokiBot malware uses steganography

The famous LokiBot malware now uses steganography as an extra layer of obfuscation. Researchers at Trend Micro have recorded a new variant of the malware and conducted its analysis. Apparently, the authors are now actively finalizing and improving LokiBot. “Our analysis of a new LokiBot variant shows that it has improved its capabilities for staying undetected within a system via …

Read More »

Gwmndy botnet turns Fiberhome routers into nodes for SSH tunneling

Gwmndy attack Fiberhome routers

360 Netlab experts have discovered a new, very unusual botnet Gwmndy that attack Fiberhome routers. The botnet is growing quite slowly – in just one day, only 200 devices are added to it. “Unlike typical botnets that are trying to infect as many victims as possible, this one stops searching for new bots, gaining 200 per day. It seems that …

Read More »

New Dragonblood Vulnerabilities Affect WPA3 and Reveal Wi-Fi Passwords

DragonBlood problems of vulnerable WPA3

In April this year, information security experts Mathy Vanhoef and Eyal Ronen published new DragonBlood vulnerabilities of WPA3. This is information on a set of problems called DragonBlood – “in honor of” the vulnerable Dragonfly, the mechanism by which clients authenticate on devices that support the new WPA3 standard. Although it was previously thought that this “handshake” mechanism was safe, …

Read More »

Rocke’s new cyberminer removes competitors and uses GitHub to communicate with C2

Malicious crypto mining by Rocke

Specialists at Palo Alto Networks have discovered a new technique for malicious crypto mining by Rocke group. The malware not only removes all other competing miners in the system, but also uses the GitHub and Pastebin services as part of the C2 command center infrastructure. “Cybercriminals write malicious components in Python, while Pastebin and GitHub are used as code repositories”, …

Read More »

Crowdstrike study: threats to mobile devices have become much more sophisticated and dangerous

Mobile threats more dangerous

Crowdstrike researchers have prepared a report that analyzes malware and other cyber threats for mobile devices. According to experts, attacks on smartphones have recently become significantly more complicated and dangerous. Previously, the main problem for smartphone and tablet users was clickjacking. However, now people are increasingly connecting their lives with mobile devices – they store important data, billing information etc. …

Read More »

Researchers estimate that 1.2 billion of Apple’s devices are not protected from MitM attacks

AWDL vulnerability in Apple devices

Researchers at Darmstadt Technical University claim that the Apple Wireless Direct Link Protocol (AWDL) contains vulnerabilities that endangers more than 1.2 billion devices. Using these gaps, an attacker can track users, disable devices, or intercept files transferred between devices (man-in-the-middle, MitM). Experts from Darmstadt Technical University began analyzing the Apple Wireless Direct Link protocol last year. Though Apple launched AWDL …

Read More »

The new version of the banking Trojan TrickBot “kicks off” Windows Defender

TrickBot turn off Windows defender

The developers of the famous banking Trojan TrickBot are constantly improving their program.This time, the cybercriminals taught the TrickBot to turn off Windows Defender. Many users rely on Windows Defender, since it is an antivirus built into Windows 10. MalwareHunter Team investigated this process. After launching this version of TrickBot, the Trojan performs the following steps: Disables and then deletes …

Read More »

MyDoom worm is already 15 years old, but it is still active

MyDoom worm still active

Experts from Palo Alto Networks published a report, according to which 15-year-old MyDoom worm (aka Novarg, Mimail and Shimg) is not just still “alive”, but even increases its activity. MyDoom appeared in 2004 and is considered one of the most famous threats in the entire history of observations. “While not as prominent as other malware families, MyDoom has remained relatively …

Read More »

Attackers spread Sodinokibi ransomware on behalf of German intelligence service

Sodinokibi Ransomware

Attackers distribute Sodinokibi ransomware (also known as REvil and Sodin) by email, posing as employees of the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik). Using the “Warning about compromised user data” message (“Warnmeldung kompromittierter Benutzerdaten”) as the subject, attackers urge their victims to open an attachment with a malicious PDF document, says the BSI message. …

Read More »

Vulnerability in ProFTPD allows coping files without permission and executing arbitrary code

ProFTPD servers are vulnerable

German researcher Tobias Mädel discovered that, under certain conditions, ProFTPD servers are vulnerable to remote code execution and information disclosure attacks. The root of the problem lies in the mod_copy module bug, which allows arbitrary files copying. Most often, this module is enabled by default. “All versions of ProFTPd up to and including 1.3.6 (the problem extends to 1.3.6 only …

Read More »

On GitHub published a detailed analysis of BlueKeep vulnerability that simplifies creation of exploits

As part of the May “Tuesday updates”, Microsoft fixed the critical vulnerability CVE-2019-0708 (also known as BlueKeep) related to the operation of Remote Desktop Services (RDS) and RDP. Although the technical details of the problem were not disclosed due to its high level of threat, it is known that with the help of this bug attackers can execute arbitrary code …

Read More »

Hackers attack Jira and Exim servers to install Watchbog Linux Trojan

Trojan Watchbog

Cybercriminals attack vulnerable Jira and Exim servers in order to infect them with the new version of Linux-Trojan Watchbog and Monero cryptocurrency mining. Watchbog is a malicious software for infecting Linux-based servers by operating vulnerable software, such as Jenkins, Nexus Repository Manager 3, ThinkPHP or Linux Supervisord. According to a researcher from Intezer Labs, the latest version of the malware …

Read More »

Iranian hackers APT34 use LinkedIn to deliver a backdoor

APT34 using LinkedIn for deliver a backdoor

The cybercrime group APT34, which is associated with the Iranian government, continues its espionage campaigns, using LinkedIn for deliver a backdoor. According to the report of FireEye experts, criminals appear to be a researcher from Cambridge and ask the victims to join their group. A malicious xls file is sent along with these users. “In late June, FireEye researchers discovered …

Read More »

Extenbro Trojan replaces DNS and blocks access to antivirus sites

Extenbro Trojan

Malwarebytes Labs specialists discovered Extenbro Trojan, which not only replaces DNS for displaying advertisements, but also does not allow the user to visit anti-virus and other security products. With this feature, user cannot download and install any protective program and get rid of malware. Researchers warn that by doing so, malware puts infected machines at risk from other types of …

Read More »

FBI released master keys to decrypt all Gandcrab versions

GandCrab master keys

The FBI has released master keys to decrypt files affected by Gandcrab ransomware versions 4, 5, 5.0.4, 5.1 and 5.2. Using these keys, any user will be able to create and release his own GandCrab decoder. A document published by the FBI entitled “Master Decryption Keys for GandCrab, versions 4 through 5.2” describes how GandCrab works. Recall that in June, …

Read More »

Global Threat Index: Emotet botnet suspended its activities

Emotet trojan

Check Point Research team (a division of Check Point Software Technologies) published a Global Threat Index report with the most active threats in June 2019. The researchers report that Emotet (currently the largest botnet) is not working yet – almost all June there were no new campaigns. During the first half of 2019, Emotet was ranked among the top five …

Read More »

Vulnerability in the plugin for WordPress allowed to execute PHP-code remotely


Information security specialists from Wordfence have found the vulnerability of the Ad Inserter plugin for WordPress installed on more than 200,000 websites. The bug allows attackers remotely execute PHP code on the site. The vulnerability affects all WordPress websites with installed Ad Inserter 2.4.21 or lower. “The weakness allowed authenticated users (Subscribers and above) to execute arbitrary PHP code on …

Read More »

Banking Trojan TrickBot learned to spam and has already collected 250 million email addresses


Malicious program TrickBot, designed to steal credentials and contacts of victims, received an additional module “TrickBooster”. This module allows sending malicious emails on behalf of an infected user. “TrickBooster gives TrickBot a highly-effective way to spread infection. By sending emails from trusted addresses within an organization TrickBot increases the odds that a would-be victim will open one of its trojanized …

Read More »

eCh0raix ransomware attacks QNAP NAS network storage

eCh0raix ransomware

Researchers at Anomali Threat Research have discovered a new eCh0raix encryptor written in Go. The malware attacks the QNAP NAS devices and encrypts the victims files. Unfortunately, by now there is no way to decrypt the data without paying the ransom to the attackers. Experts report that compromise of devices is mainly carried out by brute force weak credentials and …

Read More »

RIG exploit recruitment operators began to distribute the ERIS coder over the network

Security experts have long spoken about reducing the activity of exploit kits, many of them still remain “in service”, continue to improve and change the payload. One of these long-known players’ researchers is the RIG exploit kit. Recently, experts noticed that RIG began to distribute Eris encrypter, first seen in May 2019. Researcher Michael Gillespie was first to discovere an …

Read More »

Operators of Trickbot and IcedID Trojans combined efforts and technology

Banking Trojans

Banking Trojan Trickbot received a module for intercepting the traffic of an infected machine. Now, the malware is able to inject its own injections into the data transmitted between the website of the financial institution and the client device. Experts suggest that the expansion of opportunities was the result of cooperation of the authors of the program with developers of …

Read More »

Microsoft warns of Astaroth fileless Trojan attacks

Astaroth Trojan

Microsoft experts warned users about an active malicious campaign to infect computers with Astaroth malware, which is difficult to detect with familiar security solutions. The Windows Defender ATP development team, a commercial version of the Windows Defender antivirus product, discovered the campaign. “Our experts suspected something was wrong after the discovery of a sharp surge in the use of the …

Read More »

Was released new Debian 10 “Buster” with new security features

Debian 10 Buster

The Debian project has released a new version of the Linux distribution called Debian 10 “Buster”. As unlike other distributions, Debian is not developed by the company, but by the community members themselves and plays the role of a key OS for Ubuntu, each new release is an important event. Debian developers prioritize stability instead of pursuing the latest technology. …

Read More »