Home » News

News

KRACK Vulnerability Threats Millions of Amazon Echo and Kindle Devices

KRACK for Amazon Echo and Kindle

Millions of 1st generation Amazon Echo smartphones and 8th generation Amazon Kindle e-books have been affected by two dangerous vulnerabilities (CVE-2017-13077 and CVE-2017-13078) that allow for attacks with key reinstallation (Key Reinstallation Attack, KRACK). KRACK is a replay attack on any Wi-Fi network with WPA2 encryption. All secure Wi-Fi networks use a 4-step “handshake” scheme to generate a cryptographic key. …

Read More »

Graboid mining worm spreads through Docker containers

Graboid Spreads Through Docker Containers

Palo Alto Networks experts have discovered the strange crypto-jacking worm Graboid, which spreads through the containers of the Docker Engine (Community Edition). Through a Shodan search engine, researchers at Palo Alto Networks discovered over 2,000 unsafe Docker Engine (Community Edition) installations available to everyone on the Internet. Graboid parasitizes on them. “Unit 42 researchers identified a new cryptojacking worm we’ve …

Read More »

Attackers actively use the fresh Checkm8 jailbreak for their own purposes

Attackers use Checkm8 jailbreak

Cisco Talos experts warned users that attackers are actively using Checkm8 jailbreak. At the end of September 2019, an information security researcher known as axi0mX published an exploit, suitable for jailbreaking of virtually any Apple device with A5 to A11 chips released between 2011 and 2017. The development was called Checkm8 and is very significant, as it exploits a vulnerability …

Read More »

Tarmac malware attacks MacOS users

Tarmac Malware MacOS attacks

Confiant found that malicious ad campaigns in the US, Italy and Japan were spreading the Tarmac malware, targeted at MacOS users. The goals of the wrecker, as well as its functionality, have not yet been fully studied. “Cyber criminals, APT groups, nation state actors, are extensively targeting Apple iOS/MacOS devices for various reasons: continuous innovation and development of Apple platforms …

Read More »

Attackers exploited a 0-day iTunes vulnerability to spread ransomware

0-day ransomware iTunes vulnerability

MorphiSec specialists found that BitPaymer ransomware operators use the 0-day vulnerability in iTunes for Windows to distribute their malware, which allows them to trick anti-virus solutions on infected hosts. The problem was discovered after studying the attack on an unnamed automobile industry enterprise that suffered from BitPaymer in August this year. “We have identified the abuse of an Apple zero-day …

Read More »

Casbaneiro banking Trojan used YouTube to steal cryptocurrency

Trojan Casbaneiro used YouTube

Eset studied the new Casbaneiro family of banking Trojans. A malicious program hunted for cryptocurrency from Brazilian and Mexican users and used YouTube to hide traces in the video descriptions. During the study, Eset experts found that Casbaneiro has functionality similar to another family of banking Trojans – Amavaldo. Malicious programs use the same cryptographic algorithm and distribute a similar …

Read More »

Hackers attacked Volusion cloud-based e-commerce platform

Hackers attacked Volusion Platform

Attackers compromised Volusion’s cloud-based e-commerce platform infrastructure. Hackers attacked it and injected a malicious code that steals bancard data entered by users into online forms. Currently, the malicious code has not yet been removed from the Volusion servers, and it still compromises the company’s client stores. It is already known that 6,500 stores were affected by this attack, but in …

Read More »

Due to vulnerability in Twitter API, thousands of iOS apps are under attack

Twitter API iOS Vulnerability

The outdated API, which many iOS applications still use for authorization via Twitter, contains a vulnerability that could allow the user to get an OAuth access token from the “middle position” position and perform various actions on the social network on behalf of the victim. According to experts from the German company Fraunhofer SIT, the vulnerability CVE-2019-16263 linked to the …

Read More »

Previously unknown governmental group Avivore attacked airbus

Avivore attacked Airbus

Researchers at Context Information Security have identified a new cybercriminal group Avivore, which has attacked Airbus several times over the past few months. Attackers carried out cyber attacks on Airbus through the networks of French consulting company Expleo, British engine manufacturer Rolls Royce, and two unnamed Airbus suppliers. Cybercriminals target large multinational and small engineering and consulting firms in supply …

Read More »

Vulnerability in WhatsApp allows access to the device using a gif-picture

WhatsApp vulnerability gif access

A security researcher with the pseudonym Awakened discovered a vulnerability in the popular WhatsApp messenger that could allow attackers to access files and messages of a victim using a malicious GIF image. The problem is the double-free memory vulnerability — an anomaly in memory corruption that could cause an application to crash or, even worse, provide an attacker with a …

Read More »

Criminals attacked US oil companies using Adwind Trojan

Adwind attacked oil companies

Unknown cybercriminals attacked companies related to the US oil industry using the Adwind Trojan (other names jRAT, AlienSpy, JSocket and Sockrat). RAT Adwind, which was used as part of a malicious data theft campaign, was previously used against companies in the electricity sector. According to researchers from Netskope, attacks are carried out from a domain belonging to Australian Internet provider …

Read More »

Exim developers fixed a new critical vulnerability

New Exim Critical Vulnerability

The developers updated Exim to version 4.92.3, fixing a new critical DoS vulnerability, which theoretically allowed an attacker to execute malicious code on the target server. The problem affected all versions of the mail server, starting from 4.92 to the latest version 4.92.2. The vulnerability was identified by CVE-2019-16928 and was discovered by QAX-A-TEAM. The problem is with the heap …

Read More »

Echobot botnet launched large-scale attacks on iOT devices

Echobot botnet attacks iOT devices

Check Point experts prepared a Global Threat Index report on the most active threats in August 2019. Analysts note the activity of the Echobot botnet – it launched large-scale attacks on iOT devices, as well as the “return to life” of the Emotet botnet. In a report, a research team warns of a new variation of the Mirai botnet – …

Read More »

Developers released a patch for the 0-day bug in vBulletin, but it turned out that the vulnerability had been exploited for years.

vBulletin vulnerability exploited for years

Yesterday it was reported that a certain anonymous researcher published in the public domain details of the dangerous zero-day vulnerability in the vBulletin forum engine, as well as an exploit for it. Now it turned out that this vulnerability has been exploited for years. The bug allows an attacker to execute shell commands on a vulnerable server. Moreover, an attacker …

Read More »

Anonymous publishes exploit for 0-day vulnerability in vBulletin

Exploit for 0-day vulnerability in vBulletin

An anonymous researcher unveiled an open-source exploit for the dangerous 0-day vulnerability in the vBulletin forum engine. Now, information security experts fear that the publication of detailed information about the problem and the Python exploit for it could provoke a massive wave of forum hacks. Details on the 0–day bug can be found on the Full Disclosure mailing list. “This …

Read More »

Researchers found a link between Sodinokibi and GandCrab ransomware

Sodinokibi and GandCrab Ransomware link

A new campaign using the REvil ransomware (also known as Sodinokibi) linked and has similarities with the GandCrab malware. According to researchers from the Secureworks Counter Counter Unit team, both malware can be the work of the same author. “Analysis suggests that REvil is likely associated with the GandCrab ransomware due to similar code and the emergence of REvil as …

Read More »

Users are afraid to talk about the “STOP” — one of the most active ransomwares of this year

STOP the most active ransomware

The Bleeping Computer publication drew attention to the STOP ransomware, which according to the ID Ransomware service, created by the famous information security expert Michael Gillespie, is one of the most active threats this year, along with Ryuk, GandCrab and Sodinkibi. The prevalence of STOP is also confirmed by the extremely active forum Bleeping Computer, where victims seek help. However, …

Read More »

GitHub can now assign CVE identifiers to vulnerabilities

GitHub can assign CVE

This week, representatives of GitHub immediately announced a number of innovation, including the fact that GitHub has completed certification as a CVE Numbering Authority, the company can now independently assign CVE identifiers to vulnerabilities. First, Dependency Graph will add support for PHP projects on Composer. This means that users will be able to receive automatic security warnings for any vulnerabilities …

Read More »

Smominru botnet quickly spreads and hacks over 90 thousand computers every month

Smominru Botnet Quickly Spreads Quickly

Cryptocurrency mining and identity theft botnet Smominru (also known as Ismo) began to spread incredibly quickly. According to researchers from the Guardicore Labs team, the botnet infects more than 90 thousand computers every month around the world. “The attack compromises Windows machines using an EternalBlue exploit and brute-force on various services, including MS-SQL, RDP, Telnet and more. In its post-infection …

Read More »

Researchers say about growing activity of TFlower, another ransomware that uses RDP

TFlower ransomware uses RDP

According to Bleeping Computer, the activity of TFlower, a ransomware that uses RDP and is focused on corporate networks, has begun to gain momentum. The malware arrived in late July and installs into the system after a hacker attack aimed gaining access to the Remote Desktop service. “With the huge payments being earned by ransomware developers as they target businesses …

Read More »

Emotet botnet is back and attacks users

Emotet botnet is back and attacks

After a long absence, the botnet, built basing on the Emotet Trojan program, returned to the Internet arena and attacks: it began to generate spam aiming further spreading the malware. Malicious mailings are seen in Germany, Poland, the UK, Italy and the USA. According to observations, Emotet C&C servers did not manifest themselves for three months – according to the …

Read More »

Nemty ransomware developers continue to improve their malware

Nemty ransomware developing

Nemty ransomware developers continue to actively work on their malware, developing it in an effort to increase interest to the product on underground forums. Attackers made changes to the nature of their actions in the victim’s system. Now the program can not only encrypt files, but also terminate processes and services that interfere with this task. For the first time, …

Read More »

Metasploit developers publish exploit for BlueKeep vulnerability

Metasploit published an exploit for BlueKeep

Metasploit developers published an exploit for the BlueKeep vulnerability. It allows code execution and it is easy to use. Recalling, the critical vulnerability CVE-2019-0708 (aka BlueKeep) associated with the operation of Remote Desktop Services (RDS) and RDP was fixed by Microsoft back in May of this year. “Using this bug, attackers can execute arbitrary code without authorization and spread their …

Read More »

Vulnerabilities in some D-Link and Comba routers reveal credentials in format of plain text

Vulnerabilities in D-Link and Comba Routers

Trustwave specialists discovered a number of vulnerabilities in D-Link and Comba Telecom routers. Bugs allow extracting data from Internet providers and access passwords from devices without authentication. After examining the D-Link DSL-2875AL router, the researchers found out that it is affected by the same problem that other devices of the manufacturer are vulnerable to: they give access to all router …

Read More »

Researchers discover second critical vulnerability in Exim servers in two months

Second Exim Critical Vulnerability

The second critical vulnerability has been discovered in the popular Exim mail server software that allows remote code execution and access to a system with superuser privileges. An open source contributor and security researcher with online nick Zerons discovered the vulnerability that later was analyzed by cybersecurity experts at Qualys. A fix for the vulnerability, as well as a detailed …

Read More »

Another 0-day vulnerability discovered in Android

Android 0-day Vulnerability

Participants in the Google project Zero Day Initiative (ZDI) published details of a 0-day vulnerability that could allow local privilege escalation in Android. According to the description in the ZDI blog, a dangerous vulnerability is present in the v4l2 driver (Video4Linux 2), which provides the possibility of audio and video capture for a Linux family of OS. As it turned …

Read More »

Zerodium first rated exploits for Android more expensive than for iOS

Android more expensive than iOS

The well-known vulnerability broker, Zerodium, has updated its price list, and now for the first time in history exploits for Android are more expensive than exploits for iOS. IS researchers have the opportunity to earn on 0-day bugs for Android, the operation of which does not require user’s interaction, up to $2,500,000. Similar exploits for iOS cost $2,000,000. Thus, Zerodium …

Read More »

Sodinokibi ransomware spreads through fake forums on WordPress sites

Sodinokibi spreads through fake forums

Sodinokibi spreads through fake forums. Its operators hack WordPress sites and embed JavaScript code that displays posts from the fake Q&A forum on top of the original site’s content. Messages contain an alleged “response from the administrator” of the site with an active link to the installer of the ransomware program. According to the recent publication in BleepingComputer, attackers hack …

Read More »