Facebook virus – a modern spam campaign.

Facebook virus - a modern spam campaign.

Facebook virus is a common name for spam which is sent massively nowadays through Facebook. These messages contain dubious links, which leads to malware downloads. In this post, you will see the full information about the Facebook virus, and the description of its mechanism. Facebook virus spam messages – what are they? While chatting on Facebook, you may get strange …

Read More »

The most copied piece of Java code on StackOverflow contains an error

StackOverflow Java code error

As it turned out, the most copied piece of Java code on StackOverflow contains an error that no one has noticed for nine years. Now the snippet author Andreas Lundblad, a Java developer at Palantir and one of the most influential members of the StackOverflow community, has discovered the bug. Back in a 2018 scientific article, the Lundblad snippet was …

Read More »

CallerSpy spyware masks as an Android chat application

Android Spyware CallerSpy

Trend Micro experts discovered the malware CallerSpy, which masks as an Android chat application and, according to researchers, could be part of a larger spyware campaign. Malware targeted at Android users, designed to track calls, text messages and so on. “We found a new spyware family disguised as chat apps on a phishing website. We believe that the apps, which …

Read More »

Vulnerability in Microsoft Authorization System Allows Hacking Accounts

Microsoft Authorization System Vulnerability

Security researchers from the Israeli company CyberArk discovered a vulnerability in the Microsoft authorization system, which allows hacking accounts. This vulnerability is located in the Microsoft Azure cloud service. The problem affects certain applications that use the Microsoft OAuth 2.0 authorization protocol, and its operation allows creating tokens for entering the system. In this way, attackers can take control of …

Read More »

Vulnerability in Android allows attackers to mask malware as official applications

Vulnerability in Android mask malware

Security researchers at Promon Information Security Company have discovered a dangerous vulnerability in Android software that could allow cybercriminals to mask malware as official applications to steal logins and passwords for bank accounts. The vulnerability, called StrandHogg, affects all versions of Android, including Android 10. What’s the impact? All top 500 most popular apps are at risk Real-life malware is …

Read More »

Experts have doubts in the effectiveness of the CVE database

Experts doubts in the effectiveness of CVE

Experts have doubts in the effectiveness of the CVE database and advised researchers not to rely solely on this threat database when scanning for vulnerabilities in the system. As stated in the report of the company Risk Based Security, such a solution will make IT professionals miss almost a third of all vulnerabilities. “If your organization is currently relying on …

Read More »

Microsoft experts talked about Dexphot malware, which infected more than 80,000 machines

Microsoft talked about Dexphot malware

Microsoft experts talked about the Dexphot malware, which has been attacking Windows machines since the fall of 2018. In June 2019, the activity of the malware reached its peak, when more than 80,000 systems became victims of the botnet. Now experts say that Dexphot’s activity is declining, including because of the countermeasures they are taking. The main goal of Dexphot …

Read More »

Trojan Stantinko acquired a module for mining Monero

Monero mining module in Stantinko

Stantinko botnet operators have enhanced their toolkit by adding a new means of making profit from computers under their control. Namely, the Stantinko Trojan acquired a module for mining Monero. In 2017, ESET experts reported the discovery of the Stantinko botnet, which then specialized in advertising fraud. At that time, about 500,000 computers have been infected with this malware. Researchers …

Read More »

IS specialists published an exploit for the RCE problem in Apache Solr

Exploit for RCE in Apache Solr

In the summer this year, an information security researcher known as jnyryan discovered a problem in Apache Solr. Now, security professionals have published an exploit for the RCE problem in Apache Solr. The vulnerability was hidden in the configuration file, which by default is included in all versions of Solr. So, the default configuration implies the included option ENABLE_REMOTE_JMX_OPTS, …

Read More »

The expert created a PoC exploit that bypasses PatchGuard protection

PoC exploit PatchGuard protection

Turkish security specialist Can Bölük has created a PoC exploit that bypasses the Microsoft Kernel Patch Protection (KPP) security features, better known as PatchGuard. His tool is named ByePg, and the exploit concerns HalPrivateDispatchTable, which ultimately allows the malicious application to interfere with the kernel. The Microsoft Kernel Patch Protection (KPP) feature, better known as PatchGuard, was introduced back in …

Read More »

Roboto botnet attacks Webmin vulnerability on Linux servers

Roboto attacks Webmin vulnerability

Qihoo 360 Netlab specialists studied the Roboto botnet, which emerged this summer. Botnet Roboto attacks Webmin vulnerability on Linux servers. In August 2019, information security experts reported that a backdoor was discovered in Webmin, a popular system administration solution for Unix systems (such as Linux, FreeBSD, or OpenBSD). The vulnerability CVE-2019-15107 allowed an attacker to execute arbitrary code on the …

Read More »

Phoenix keylogger disables more than 80 security products

Phoenix disables 80 security products

Cybereason specialists studied the Phoenix malware, which arrived this summer and presents a hybrid of a keylogger and an infostealer. Researchers have found that Phoenix can disable more than 80 security products. The malware spreads according to the MaaS model (“malware as a service”) and is already responsible for 10,000 infections. Since Phoenix is sold as a subscription product, prices …

Read More »

Mispadu banking Trojan masks itself under McDonald’s ad

Mispadu masks itself as McDonald’s ad

ESET experts talked about a banking Trojan Mispadu from Latin America that masks under McDonald’s ad for distribution. The main goal of the Trojan is stealing money and credentials. It is interesting that in Brazil, the malware also spreads as a malicious extension for Google Chrome and is trying to steal bank card data and online banking, and also threatens …

Read More »

The famous infostealer “Agent Tesla” has an unusual dropper

Unusual dropper of Agent Tesla

Cisco Talos discussed a malicious campaign aimed at stealing user credentials and other important information. They reported that the Agent Tesla infostealer had an unusual dropper. The malware, whose attacks began in January, uses the original bootloader to bypass anti-virus protection and inject its code into a legitimate process on an infected machine. The payload is Agent Tesla, a well-known …

Read More »

NextCry ransomware attacks NextCloud cloud storage

NextCry attacks NextCloud storage

NextCloud users faced a serious problem. New NextCry ransomware attacks NextCloud cloud storage and destroys saved backups. According to security experts, the malware penetrates systems through a recently discovered vulnerability in the PHP-FPM engine. About the threat reported visitors of the BleepingComputer forum who were looking for a way to regain access of their data. As the user under the …

Read More »

Qualcomm chip vulnerabilities endanger millions of Android devices

Vulnerabilities in Qualcomm endanger Android devices

Check Point experts found that vulnerabilities in the Qualcomm Secure Execution Environment endanger millions of Android devices. Vulnerabilities allow attackers to steal critical data stored in protected parts of the device. Qualcomm Secure Execution Environment (QSEE) is an implementation of the Trusted Execution Environment (TEE) based on ARM TrustZone technology. In fact, it is a hardware-isolated area of the processor …

Read More »

Researchers found dangerous bug in McAfee antivirus products

Bug in McAfee antivirus products

SafeBreach specialists discovered a dangerous bug in McAfee antivirus products. The vulnerability CVE-2019-3648 affects McAfee Total Protection (MTP), McAfee Anti-Virus Plus (AVP), and McAfee Internet Security (MIS) security solutions. The cause of the problem is that McAfee products are trying to load the DLL file (wbemcomn.dll) using the wrong file path. “In our exploration, we found that multiple services of …

Read More »

Trojan Predator The Thief attacks easy money lovers and cryptocurrency hunters

Trojan Predator the thief

An independent IS researcher discovered a fraudulent campaign on YouTube, which spreads the spyware Trojan Predator the Thief (also known as Predator). The Trojan attacks easy-earners and cryptocurrency hunters. Attackers masks the malware as cryptocurrency mining, trading and financial management programs, and even promise users access to other people’s BTC wallets. The first video appeared on the channel in December …

Read More »

ZoneAlarm forums hacked due to vBulletin vulnerability

ZoneAlarm hacked with vBulletin vulnerability

The forums at ZoneAlarm, which is owned by Check Point and whose products are used by over 100 million people, have been hacked because of a vulnerability in vBulletin. As a result, users’ data fell into the hands of attackers. Fortunately, despite the considerable user base of ZoneAlarm, the leak affected the forum hosted on (currently unavailable because the …

Read More »

Criminals give links to RAT trojan in WebEx invitations

RAT Trojan in WebEx Invitations

Information security specialist Alex Lanstein discovered an original vector for the distribution of the RAT trojan. Criminals give links to the RAT trojan in WebEx invitations. Cybercriminals deliver malware by redirecting the victim through an open redirect from the Cisco website to the infected page that hosts the fake WebEx client, an online conferencing software. “Using open redirects add legitimacy …

Read More »

Participants of the hacking tournament Pwn2Own Tokyo 2019 hacked Samsung Galaxy S10, Xiaomi Mi9, Amazon Echo and not only

Hacking tournament Pwn2Own Tokyo

The hacking tournament Pwn2Own Tokyo 2019, traditionally held as part of the PacSec conference and organized by the Trend Micro Zero Day Initiative (ZDI), has come to an end. This is one of two annual Pwn2Own hacking competitions. The first is held in North America in the spring and focuses exclusively on hacking browsers, operating systems, server solutions, and virtual …

Read More »

Vulnerability in Libarchive Threatens Many Linux Distributions

Vulnerability in Libarchive Threatens Linux

In the summer this year, Google experts, using the ClusterFuzz and OSS-Fuzz tools, discovered a dangerous bug in the Libarchive library. This vulnerability in Libarchive threatens many Linux distributions. The vulnerability impacts Libarchive, a library for reading and creating compressed files. It is a powerful all-in-one toolkit for working with archive files that also bundles other Linux/BSD utilities like tar, …

Read More »

New MegaCortex version changes passwords in Windows and threatens to publish stolen data

Megacortex changes passwords in Windows

The new version of the MegaCortex ransomware not only encrypts files, but also changes passwords in Windows, and threatens to disclose the victim’s information if it does not pay the ransom. Recall that this ransomware has been famous to specialists for a while. It is distributed using another malware, such as Emotet, and cryptographic operators try to get to the …

Read More »

Malware in popular Android keyboard could cost users $18 million

Keyboard malware for Android

Secure-D and Upstream Systems experts found that ai.type, a popular Android keyboard, was infected with malicious code, and users could lose about $18 million because of this. Recalling, discovery of malware as part of the application was first reprorted last summer. Then, experts revealed on Google Play many applications infected with a clicker trojan, among which was ai.type installed more …

Read More »

Ransomware attacked two Spanish companies: the local Internet is in panic as during the WannaCry days

Ransomware attacked Spanish companies

Recently ransomware attacked two large Spanish companies. Both infections occurred on the same day, causing a short-term panic in the Spanish Internet segment due to memoriess of the WannaCry epidemic two years ago. In Spain, on May 12, 2017, one of the first WannaCry ransomware viruses was discovered. Then under an attack got Spanish newspaper El Mundo and Internet service …

Read More »

Chinese hackers create Messagetap malware that can steal SMS from operator networks

Messagetap can steal SMS

FireEye experts discovered the messagetap malware, which can steal sms and mobile networks. Chinese government hackers created it. The malware is designed for Linux machines and was created to be hosted on SMSC (Short Message Service Center) servers, which are responsible for the operation of the short message service in the networks of telecom operators. Malware helps to “listen” to …

Read More »

Indian nuclear power plant was attacked by North Korean virus

Virus at an Indian nuclear plant

Earlier this week, on social media arrived rumors at the Kudankulam nuclear power plant in India was detected a malware. North Korean virus attacked nuclear power plant. Now representatives of the Indian Atomic Energy Corporation (Nuclear Power Corporation of India Ltd, NPCIL) have officially confirmed this information. All started with the fact that the Indian information security researcher Pukhraj Singh …

Read More »

xHelper “undeletable” Trojan infected 45,000 Android devices

XHelper Trojan for Android devices

The xHelper Trojan, created for Android devices, was first noticed by experts in the spring of this year, but the first detailed report on the problem appeared in August, when Malwarebytes experts reported that the malware had already infected 35,000 devices. Symantec experts published a review on the malware and claim that the number of infected devices has already exceeded …

Read More »