Home » News

News

Sites with cheats for games distribute users to the load Trojan crypto miner

Trojan MonsterInstall

A new modular trojan downloader in JavaScript has appeared on the Internet. Currently, it can be obtained along with the crypto miner ad the load to the cheats for video games. Windows malware, code-named MonsterInstall, is notable for using Node.js as the runtime environment. Doctor Web specialists discovered and analyzed an unusual sample. As it turned out, attackers distribute MonsterInstall …

Read More »

Oracle has released an urgent patch to eliminate critical vulnerabilities in WebLogic Server

Oracle WebLogic Vulnerability

The company said that an unknown group of cybercriminals in real attacks is already actively exploiting this security problem. The vulnerability received an identifier CVE-2019-27296, and, according to the CVSS scale, it received 9.8 points out of 10. “Due to the severity of this vulnerability, Oracle strongly recommends customers to apply updates as soon as possible”, — warn in Oracle. …

Read More »

Vulnerabilities in MMC allow taking control over the system

The Microsoft Management Console (MMC), used by system administrators to configure and track system performance, contains a number of vulnerabilities, using which attackers can implement malware or intercept control on the attacked machine. The vulnerability group, which includes XSS and XXE bugs, received a common identifier CVE-2019-0948. Attackers can exploit problems using the snap-in mechanism in the MMC. Snap-ins are …

Read More »

Linux and FreeBSD TCP Stacks Revealed DoS Vulnerabilities

FreeBSD 10 Bootloader

A number of vulnerabilities have been identified in the Linux and FreeBSD TCP stacks that potentially allow remotely causing a denial of service or cause excessive resource consumption while processing specially crafted TCP packets. Problems exist due to errors in the handler of the maximum data block size in the TCP packet (MSS, Maximum segment size) and the mechanism for …

Read More »

Malware Echobot attacks IoT devices, Oracle applications, VMware and exploits old vulnerabilities

Echobot

Echobot IoT malware is another variation of well-known Mirai malware, detected by security specialists from Palo Alto Networks in early June 2019. Last week, Akamai experts presented a more detailed report on the new threat, from which it becomes clear that Echobot was following a general trend: the authors of malware did not change the basis but added new, additional …

Read More »

Security experts finally defeated the GandCrab encryption

GandCrab Died

On the portal No More Ransom arrived decryptor to the latest version of GandCrab ransomware The utility can save from data destruction many thousands users who have suffered from attacks of the coder. Representatives of Europol reported the appearance of a new decryptor on its website. They thanked for the help in the development of law enforcement services of nine …

Read More »

Linux worm infects Azure installations through Exim vulnerability

Azure under attack

Microsoft warned users about a new worm for Linux that spreads through Exim mail servers. According to experts, malware has already compromised a number of Azure installations. As it was discovered last week, cybercriminals are attacking millions of mail servers with an Exim client installed through CVE-2019-10149 vulnerability. The problem affects Exim versions from 4.87 to 4.91 and allows an …

Read More »

XSS vulnerability allowed penetrating Google’s internal systems

google xss bug

Back in February of this year, 16-year-old bug-hunter from their Czech Republic, Thomas Orlita, discovered a dangerous vulnerability in a Google backend application. Discovered bug allowed stealing cookies from company’s internal applications and user’s cookies, and with their help organize phishing attacks and access other parts of Google internal network. The problem was fixed in April, and, after waiting some …

Read More »

Critical bug in the Evernote extension has put millions of users at risk

evernote hacking

At the end of May 2019, Guardio company specialists found dangerous vulnerability in the Evernote Web Clipper extension for Chrome. Researchers warned that due to the high popularity of Evernote bug may affect has at least 4,600,000 users. Vulnerability received an identifier CVE-2019-12592 and critical status. The bug is UXSS (universal cross-site scripting), which allows bypassing the Same Origin Policy …

Read More »

Millions of unpatched Exim mail servers are now under active attack

Exim server under attack

Cybercriminals are now actively attacking mail servers that use Exim for their work to exploit a vulnerability recently discovered in software. As of June 2019, Exim was set at nearly 57% (507,389) of all mail servers that were visible on the Internet (according to some data, in fact, the number of Exim installations exceeds this figure by ten times and …

Read More »

Researchers taught Rowhammer to steal data

A team of researchers from the United States, Australia and Austria developed a new version of Rowhammer attack. Unlike previous versions, a new attack called RAMBleed allows not only modifing data and increase privileges, but also steal data stored on the device. Rowhammer is an exploit class for hardware vulnerability (CVE-2019-0174) in modern memory cards. By default, data in memory …

Read More »

Vulnerability in Vim and Neovim editors leads to code execution while opening a malicious file

Linux under attack

In text editors Vim and Neovim was found a vulnerability (CVE-2019-12735), which allows to execute arbitrary code while opening a specially designed file. The problem manifests itself with the activity of the modeline enabled by default (“: set modeline“), which allows defining editing options in the file being processed. Vulnerability eliminated in Vim 8.1.1365 and Neovim 0.3.6 releases. Through modeline, …

Read More »

Austrian scientists created method of tracing browsers with the use of JavaScript

javascript-laptop

Group of researchers from Graz Technical University (Austria) developed an automated system for creating browser profiles using two new attacks on third-party channels, which provide information about used software and hardware and more effectively track browser on the Internet. Specialists under the title presented the results of the study “JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits”. According …

Read More »

Vulnerability in WP Live Chat Support plugin allows stealing logs and insert messages in chats

WP Live Chat Support

Developers of WP Live Chat Support plugin, which has more than 50,000 installations, report that users should immediately upgrade plugin to version 8.0.33 or later. The fact is that in plugin was detected critical vulnerability that allows an attacker who does not have valid credentials to bypass authentication mechanism. WP Live Chat Support allows adding to the website free chat …

Read More »

Attackers actively exploit previously discovered vulnerability in Oracle WebLogic

Vulnerability in Oracle WebLogic

A recently fixed vulnerability in Oracle WebLogic is actively exploited by cybercriminals for installation on vulnerable servers of cryptocurrency miners. This is a deserialization vulnerability (CVE-2019-2725) that allows an unauthorized attacker to remotely execute commands. Problem was discovered in April this year, when cybercriminals had already shown interest in it. Oracle fixed vulnerability at the end of the same month, …

Read More »

In Diebold Nixdorf ATMs detected RCE-vulnerability

Diebold Nixdorf

On Monday, June 10, 2019, one of the world’s largest ATM manufacturers Diebold Nixdorf began to warn its customers about vulnerabilities in Opteva ATMs. The bug allows remotely execute an arbitrary code. NightSt0rm, a group of Vietnamese experts, published information about this vulnerability last week. According to the researchers, they were able to find an external OS service in old …

Read More »

APT group MuddyWater expanded its arsenal and uses new attack vectors

MuddyWater

The Iranian APT group MuddyWater began using new attack vectors on telecommunications and governmental organizations. According to the information security company Clearsky Security, MuddyWater has replenished its tactics, techniques and procedures (TTP) with new Microsoft Word documents that download malicious files through compromised servers, as well as documents that exploit CVE-2017-0199. “The TTP includes decoy documents exploiting CVE-2017-0199 as the …

Read More »

Cybercriminal with nick Achilles has put up for sale access to the internal networks of Symantec, Comodo and UNICEF

achilles attack

Someone with nick Achilles sells access to the internal networks of a number of organizations, including UNICEF, Symantec and Comodo, in cybercrime forums. Depending on the organization, the cost of access ranges from two to five thousand dollars. Earlier, Trojan-killer reported about cybercriminal or a group of cybercriminals with pseudonym Fxmsp that were selling source codes and other data from …

Read More »

57% of mail-servers have critical vulnerability

Exim vulnurability

Qualys researchers discovered a critical vulnerability that affects more than half of mail servers. The problem was detected in the Exim Mail Transfer Agent (MTA) software, which is installed on mail servers for delivering emails from the sender to the addressee. According to data for June 2019, Exim is set at 57% (507,389) of all servers found on the Internet. …

Read More »

0patch experts fixed one of the holes that legendary SandboxEscaper left in Windows security

0path

0patch experts have released an unofficial patch designed to fix a 0-day vulnerability in Windows 10 affecting Task Scheduler. An exploit for this security issue was published at the end of May by an extravagant specialist known by the online pseudonym “SandboxEscaper”. SandboxEscaper demonstrated exploiting this vulnerability with a malicious .JOB file. According to 0patch experts, only previous versions of …

Read More »

Participant in the Metasploit project created a working module for exploiting the BlueKeep vulnerability

bluekeep

A security researcher under the nick Zerosum0x0 created module for the Metasploit framework that exploits the BlueKeep vulnerability on Windows XP, 7 and Server 2008. BlueKeep (CVE-2019-0708) is a “worm-like” vulnerability that allows causing a wave of mass malware infections, similar to WannaCry attacks in 2017. The problem affects Remote Desktop Services in Windows 7, Server 2008, Windows XP and …

Read More »

Cisco Talos: Cybercriminals like Dr. Frankenstein collect malware for attacks from disparate components

Cisco Talos Frankenstein

The cybercrime group that stands behind series of targeted attacks in January-April 2019 uses malicious tools collected from accessible, free components to steal credentials. Researchers at Cisco Talos called this malware campaign “Frankenstein” because the group skillfully puts together unrelated components and used four different techniques during the operation. “We assess that this activity was hyper-targeted given that there was …

Read More »

Vulnerabilities in rkt allow bypassing the container and get root permissions on the host

rkt

Security researcher Yuval Avrahami discovered rkt vulnerabilities in the container environment (container runtime) that allowed him to bypass the container and get root permissions on the host. The problems are assigned the identifiers CVE-2019-10144, CVE-2019-10145 and CVE-2019-10147. An attacker can exploit vulnerabilities in order to compromise a host when a user enters the ‘rkt enter’ command (equivalent to the ‘docker …

Read More »

Microsoft Azure turned out to be an excellent service for storing malware and cybercriminal infrastructure

Azure malware

Microsoft Azure cloud services have become an excellent choice for cybercriminals who need to store somewhere malicious content. From fishing templates to malware and C&C command servers, it looks like the attackers have found suitable storage for all of this. “Not only is Azure hosting malware, it is also functioning as the command and control infrastructure for the malicious files”, …

Read More »

GandCrab malware operators are winding down their activity

Almost a year and a half after the release of the GandCrab malware, its operators decided to close down their business and instructed their partners to stop spreading the program. GandCrab arrived in the cybercriminal world on January 28, 2018. This ransomware replaced such infamous cryptographers as TeslaCrypt, CryptoWall and Spora, and became one of the dominant, if not the …

Read More »

Researchers discovered a backdoor in Slick Popup WordPress-plugin

Wordpress Vulnerable

Experts from Defiant company discovered a problem in WordPress-plugin Slick Popup, from which attackers can get into vulnerable websites and create backdoor-accounts. Issue affects all plugins’ versions, including the newest 1.7.1. Plugin Slick Popup accounts about 7000 installations and was developed by Om Ak Solutions. Slick Popup created for working in conjunction with other popular WordPress solution – Contact Form …

Read More »

Cybercriminals infect Docker hosts with an open API, and then look for similar ones using Shodan service

Attackers scan the Internet for Docker installations with open APIs and use them to distribute malicious Docker images infected by mining Monero cryptocurrency and scripts that use Shodan for search of new victims. A new campaign was noticed by Trend Micro researchers after a malicious image with a crypto miner was loaded onto one of their trap installations. “By analyzing …

Read More »

The researcher found a bulk of malware among Firefox add-ons that hide behind the name of Adobe and other well-known companies

Firefox Alert

The catalog of add-ons for Firefox (AMO) noted a massive publication of malicious add-ons hiding behind well-known projects. Researcher Martin Brinkmann discovered and it tested on examples. For instance, in the catalogue posted malware add-ons “Adobe Flash Player“, “ublock origin Pro“, “Adblock Flash Player” etc. As these add-ons are removed from the catalog, the attackers immediately create a new account …

Read More »