News

Program for data theft Raccoon settled on 100 thousand PCs and is gaining popularity

Raccoon data theft program

In criminal circles, the new data-stealing program, Raccoon, is rapidly gaining popularity. For several months, this information stealer, according to Cybereason, managed to infect more than 100 thousand Windows machines in North America, Western Europe and Asia. The malware is not particularly complicated and does not use innovative techniques, but the business model of its creators – MaaS – allows …

Read More »

Malware turns Discord messenger into backdoor and forces to steal data

Malware turns Discord into a backdoor

Information security specialist MalwareHunterTeam discovered the Spidey Bot malware, which turns Discord for Windows into a backdoor and a tool for spying and stealing information. Since Discord is an Electron application, almost all of its functionality is based on HTML, CSS and JavaScript, which allows attackers to modify key files and force the client to engage in malicious activity. “Saying …

Read More »

Experts found a connection between Carbanak and one of the MageCart groups

Connection between Carbanak and MageCart

Researchers at Malwarebytes reported that they found a connection between the MageCart 5 group and the famous criminal group Carbanak and the banking Trojan Dridex. RiskIQ experts, who have been observing MageCart groups for a long time, wrote that MageCart 5 is one of the most professional and serious groups in this area. Recalling, in 2018, RiskIQ researchers identified 12 …

Read More »

Chinese hackers create a new backdoor for MSSQL servers

New backdoor for MSSQL servers

ESET specialists discovered a new tool that created Chinese hackers from the Winnti group and that was designed to make changes to Microsoft SQL Server (MSSQL) databases in order to create a backdoor. As an added benefit, a backdoor hides sessions in database connection logs every time hackers use a “magic password”, which helps attackers go unnoticed. “Such a backdoor …

Read More »

Researchers found vulnerabilities in eRosary smart rosaries from Vatican developers

ERosary smart rosary vulnerabilities

Researchers found vulnerabilities in the eRosary smart rosary, which the Vatican developers had previously introduced. The creators of the product did not protect user accounts from third-party interference and left attackers with access to private information. “It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app. Vatican coders exorcise API gremlins but, we must …

Read More »

KRACK Vulnerability Threats Millions of Amazon Echo and Kindle Devices

KRACK for Amazon Echo and Kindle

Millions of 1st generation Amazon Echo smartphones and 8th generation Amazon Kindle e-books have been affected by two dangerous vulnerabilities (CVE-2017-13077 and CVE-2017-13078) that allow for attacks with key reinstallation (Key Reinstallation Attack, KRACK). KRACK is a replay attack on any Wi-Fi network with WPA2 encryption. All secure Wi-Fi networks use a 4-step “handshake” scheme to generate a cryptographic key. …

Read More »

Graboid mining worm spreads through Docker containers

Graboid Spreads Through Docker Containers

Palo Alto Networks experts have discovered the strange crypto-jacking worm Graboid, which spreads through the containers of the Docker Engine (Community Edition). Through a Shodan search engine, researchers at Palo Alto Networks discovered over 2,000 unsafe Docker Engine (Community Edition) installations available to everyone on the Internet. Graboid parasitizes on them. “Unit 42 researchers identified a new cryptojacking worm we’ve …

Read More »

Attackers actively use the fresh Checkm8 jailbreak for their own purposes

Attackers use Checkm8 jailbreak

Cisco Talos experts warned users that attackers are actively using Checkm8 jailbreak. At the end of September 2019, an information security researcher known as axi0mX published an exploit, suitable for jailbreaking of virtually any Apple device with A5 to A11 chips released between 2011 and 2017. The development was called Checkm8 and is very significant, as it exploits a vulnerability …

Read More »

Tarmac malware attacks MacOS users

Tarmac Malware MacOS attacks

Confiant found that malicious ad campaigns in the US, Italy and Japan were spreading the Tarmac malware, targeted at MacOS users. The goals of the wrecker, as well as its functionality, have not yet been fully studied. “Cyber criminals, APT groups, nation state actors, are extensively targeting Apple iOS/MacOS devices for various reasons: continuous innovation and development of Apple platforms …

Read More »

Attackers exploited a 0-day iTunes vulnerability to spread ransomware

0-day ransomware iTunes vulnerability

MorphiSec specialists found that BitPaymer ransomware operators use the 0-day vulnerability in iTunes for Windows to distribute their malware, which allows them to trick anti-virus solutions on infected hosts. The problem was discovered after studying the attack on an unnamed automobile industry enterprise that suffered from BitPaymer in August this year. “We have identified the abuse of an Apple zero-day …

Read More »

Casbaneiro banking Trojan used YouTube to steal cryptocurrency

Trojan Casbaneiro used YouTube

Eset studied the new Casbaneiro family of banking Trojans. A malicious program hunted for cryptocurrency from Brazilian and Mexican users and used YouTube to hide traces in the video descriptions. During the study, Eset experts found that Casbaneiro has functionality similar to another family of banking Trojans – Amavaldo. Malicious programs use the same cryptographic algorithm and distribute a similar …

Read More »

Hackers attacked Volusion cloud-based e-commerce platform

Hackers attacked Volusion Platform

Attackers compromised Volusion’s cloud-based e-commerce platform infrastructure. Hackers attacked it and injected a malicious code that steals bancard data entered by users into online forms. Currently, the malicious code has not yet been removed from the Volusion servers, and it still compromises the company’s client stores. It is already known that 6,500 stores were affected by this attack, but in …

Read More »

Due to vulnerability in Twitter API, thousands of iOS apps are under attack

Twitter API iOS Vulnerability

The outdated API, which many iOS applications still use for authorization via Twitter, contains a vulnerability that could allow the user to get an OAuth access token from the “middle position” position and perform various actions on the social network on behalf of the victim. According to experts from the German company Fraunhofer SIT, the vulnerability CVE-2019-16263 linked to the …

Read More »

Previously unknown governmental group Avivore attacked airbus

Avivore attacked Airbus

Researchers at Context Information Security have identified a new cybercriminal group Avivore, which has attacked Airbus several times over the past few months. Attackers carried out cyber attacks on Airbus through the networks of French consulting company Expleo, British engine manufacturer Rolls Royce, and two unnamed Airbus suppliers. Cybercriminals target large multinational and small engineering and consulting firms in supply …

Read More »

Vulnerability in WhatsApp allows access to the device using a gif-picture

WhatsApp vulnerability gif access

A security researcher with the pseudonym Awakened discovered a vulnerability in the popular WhatsApp messenger that could allow attackers to access files and messages of a victim using a malicious GIF image. The problem is the double-free memory vulnerability — an anomaly in memory corruption that could cause an application to crash or, even worse, provide an attacker with a …

Read More »

Criminals attacked US oil companies using Adwind Trojan

Adwind attacked oil companies

Unknown cybercriminals attacked companies related to the US oil industry using the Adwind Trojan (other names jRAT, AlienSpy, JSocket and Sockrat). RAT Adwind, which was used as part of a malicious data theft campaign, was previously used against companies in the electricity sector. According to researchers from Netskope, attacks are carried out from a domain belonging to Australian Internet provider …

Read More »

Exim developers fixed a new critical vulnerability

New Exim Critical Vulnerability

The developers updated Exim to version 4.92.3, fixing a new critical DoS vulnerability, which theoretically allowed an attacker to execute malicious code on the target server. The problem affected all versions of the mail server, starting from 4.92 to the latest version 4.92.2. The vulnerability was identified by CVE-2019-16928 and was discovered by QAX-A-TEAM. The problem is with the heap …

Read More »

Echobot botnet launched large-scale attacks on iOT devices

Echobot botnet attacks iOT devices

Check Point experts prepared a Global Threat Index report on the most active threats in August 2019. Analysts note the activity of the Echobot botnet – it launched large-scale attacks on iOT devices, as well as the “return to life” of the Emotet botnet. In a report, a research team warns of a new variation of the Mirai botnet – …

Read More »

Nodersok’s new malware (aka Divergent) infected thousands of Windows-based computers

New Nodersok or Divergent malware

Thousands of Windows-based computers around the world over the past few weeks have been infected with a new type of malware. A new malware called Nodersok (in a Microsoft report) and Divergent (in a Cisco Talos report) was first detected this summer. The malware downloads and installs a copy of the Node.js infrastructure to convert infected systems to proxies and …

Read More »

Developers released a patch for the 0-day bug in vBulletin, but it turned out that the vulnerability had been exploited for years.

vBulletin vulnerability exploited for years

Yesterday it was reported that a certain anonymous researcher published in the public domain details of the dangerous zero-day vulnerability in the vBulletin forum engine, as well as an exploit for it. Now it turned out that this vulnerability has been exploited for years. The bug allows an attacker to execute shell commands on a vulnerable server. Moreover, an attacker …

Read More »

Anonymous publishes exploit for 0-day vulnerability in vBulletin

Exploit for 0-day vulnerability in vBulletin

An anonymous researcher unveiled an open-source exploit for the dangerous 0-day vulnerability in the vBulletin forum engine. Now, information security experts fear that the publication of detailed information about the problem and the Python exploit for it could provoke a massive wave of forum hacks. Details on the 0–day bug can be found on the Full Disclosure mailing list. “This …

Read More »

Researchers found a link between Sodinokibi and GandCrab ransomware

Sodinokibi and GandCrab Ransomware link

A new campaign using the REvil ransomware (also known as Sodinokibi) linked and has similarities with the GandCrab malware. According to researchers from the Secureworks Counter Counter Unit team, both malware can be the work of the same author. “Analysis suggests that REvil is likely associated with the GandCrab ransomware due to similar code and the emergence of REvil as …

Read More »

Users are afraid to talk about the “STOP” — one of the most active ransomwares of this year

STOP the most active ransomware

The Bleeping Computer publication drew attention to the STOP ransomware, which according to the ID Ransomware service, created by the famous information security expert Michael Gillespie, is one of the most active threats this year, along with Ryuk, GandCrab and Sodinkibi. The prevalence of STOP is also confirmed by the extremely active forum Bleeping Computer, where victims seek help. However, …

Read More »

GitHub can now assign CVE identifiers to vulnerabilities

GitHub can assign CVE

This week, representatives of GitHub immediately announced a number of innovation, including the fact that GitHub has completed certification as a CVE Numbering Authority, the company can now independently assign CVE identifiers to vulnerabilities. First, Dependency Graph will add support for PHP projects on Composer. This means that users will be able to receive automatic security warnings for any vulnerabilities …

Read More »

Smominru botnet quickly spreads and hacks over 90 thousand computers every month

Smominru Botnet Quickly Spreads Quickly

Cryptocurrency mining and identity theft botnet Smominru (also known as Ismo) began to spread incredibly quickly. According to researchers from the Guardicore Labs team, the botnet infects more than 90 thousand computers every month around the world. “The attack compromises Windows machines using an EternalBlue exploit and brute-force on various services, including MS-SQL, RDP, Telnet and more. In its post-infection …

Read More »

Researchers say about growing activity of TFlower, another ransomware that uses RDP

TFlower ransomware uses RDP

According to Bleeping Computer, the activity of TFlower, a ransomware that uses RDP and is focused on corporate networks, has begun to gain momentum. The malware arrived in late July and installs into the system after a hacker attack aimed gaining access to the Remote Desktop service. “With the huge payments being earned by ransomware developers as they target businesses …

Read More »

Emotet botnet is back and attacks users

Emotet botnet is back and attacks

After a long absence, the botnet, built basing on the Emotet Trojan program, returned to the Internet arena and attacks: it began to generate spam aiming further spreading the malware. Malicious mailings are seen in Germany, Poland, the UK, Italy and the USA. According to observations, Emotet C&C servers did not manifest themselves for three months – according to the …

Read More »

Nemty ransomware developers continue to improve their malware

Nemty ransomware developing

Nemty ransomware developers continue to actively work on their malware, developing it in an effort to increase interest to the product on underground forums. Attackers made changes to the nature of their actions in the victim’s system. Now the program can not only encrypt files, but also terminate processes and services that interfere with this task. For the first time, …

Read More »

Metasploit developers publish exploit for BlueKeep vulnerability

Metasploit published an exploit for BlueKeep

Metasploit developers published an exploit for the BlueKeep vulnerability. It allows code execution and it is easy to use. Recalling, the critical vulnerability CVE-2019-0708 (aka BlueKeep) associated with the operation of Remote Desktop Services (RDS) and RDP was fixed by Microsoft back in May of this year. “Using this bug, attackers can execute arbitrary code without authorization and spread their …

Read More »