News

Vulnerabilities in some D-Link and Comba routers reveal credentials in format of plain text

Vulnerabilities in D-Link and Comba Routers

Trustwave specialists discovered a number of vulnerabilities in D-Link and Comba Telecom routers. Bugs allow extracting data from Internet providers and access passwords from devices without authentication. After examining the D-Link DSL-2875AL router, the researchers found out that it is affected by the same problem that other devices of the manufacturer are vulnerable to: they give access to all router …

Read More »

Researchers discover second critical vulnerability in Exim servers in two months

Second Exim Critical Vulnerability

The second critical vulnerability has been discovered in the popular Exim mail server software that allows remote code execution and access to a system with superuser privileges. An open source contributor and security researcher with online nick Zerons discovered the vulnerability that later was analyzed by cybersecurity experts at Qualys. A fix for the vulnerability, as well as a detailed …

Read More »

Another 0-day vulnerability discovered in Android

Android 0-day Vulnerability

Participants in the Google project Zero Day Initiative (ZDI) published details of a 0-day vulnerability that could allow local privilege escalation in Android. According to the description in the ZDI blog, a dangerous vulnerability is present in the v4l2 driver (Video4Linux 2), which provides the possibility of audio and video capture for a Linux family of OS. As it turned …

Read More »

Zerodium first rated exploits for Android more expensive than for iOS

Android more expensive than iOS

The well-known vulnerability broker, Zerodium, has updated its price list, and now for the first time in history exploits for Android are more expensive than exploits for iOS. IS researchers have the opportunity to earn on 0-day bugs for Android, the operation of which does not require user’s interaction, up to $2,500,000. Similar exploits for iOS cost $2,000,000. Thus, Zerodium …

Read More »

Sodinokibi ransomware spreads through fake forums on WordPress sites

Sodinokibi spreads through fake forums

Sodinokibi spreads through fake forums. Its operators hack WordPress sites and embed JavaScript code that displays posts from the fake Q&A forum on top of the original site’s content. Messages contain an alleged “response from the administrator” of the site with an active link to the installer of the ransomware program. According to the recent publication in BleepingComputer, attackers hack …

Read More »

Hackers exploit vulnerabilities in more than 10 WordPress plugins in one campaign

Hackers exploit 10 WordPress Plugins

Defiant experts have warned that a group of hackers exploits vulnerabilities in more than 10 WordPress plugins to create new admin accounts on other people’s sites. Then, these accounts serve as backdoors for attackers. According to researchers, occurs natural continuation of the malicious campaign that began in July 2019. That time the same hack group used vulnerabilities in the same …

Read More »

Fancy Bear cybercriminals launch new backdoor to bypass AI-based defense

New Fancy Bear backdoor

Researchers at Cylance analyzed a new implant developed by the cybercrime group Fancy Bear (also known as APT28). The new backdoor that launched the Fancy Bear is created with the goal of defeating defense based on AI and machine learning. According to the researchers, the criminals removed most of the malicious functions from their original backdoor, hiding it in a …

Read More »

TrickBot malware now steals PINs and account credentials from Verizon, T-Mobile, and Sprint accounts

TrickBot steals PINs and accounts

Secureworks found that the operators of the TrickBot Trojan seem to have decided to tackle SIM swap attacks. To do this, the TrickBot operators steals users’ PINs and their accounts on the networks of large mobile operators, including Sprint, T-Mobile and Verizon Wireless. It is emphasized that TrickBot with its functionality is not a separate strain; all active versions of …

Read More »

After discovering vulnerabilities at the Black Hat conference, began attacks on Fortigate and Pulse Secure VPN solutions

Vulnerabilities in Fortigate and Pulse Secure

At a recent Black Hat conference in Las Vegas, was presented Infiltrating Corporate Intranet Like NSA: Pre-auth RCE on Leading SSL VPNs report, addressing many vulnerabilities in corporate VPN products, including Fortigate and Pulse Secure. Although the report features many different solutions, two of them are already under attack by cybercriminals – these are Pulse Secure VPN and FortiGate VPN …

Read More »

Emotet botnet resumed its activity

Emotet botnet resumed its activity

After a pause, management servers of the Emotet botnet resumed its activity. Researchers at Cofense Labs were the first to discover a resurgence of the botnet infrastructure. “The Emotet botnet arose from a grave yesterday and began serving up new binaries. We noticed that the C2 servers began delivering responses to POST requests around 3PM EST on Aug 21. Stay …

Read More »

In free Bitdefender antivirus fixed vulnerability, which led to escalation of privileges

Vulnerability in Free Bitdefender Antivirus

SafeBreach specialists discovered a vulnerability in the free antivirus Bitdefender Antivirus Free 2020 (up to version 1.0.15.138 that fixes the problem). The bug received the identifier CVE-2019-15295 and scored 5.9 points on the CVSS vulnerability rating scale. The vulnerability could be used by attackers to elevate privileges to the SYSTEM level. The problem is related to the lack of proper …

Read More »

Free Windows Rat Trojan NanoCore May Cause Outbreak

Free Windows NanoCore Trojan

In the darkweb was recently seen new powerful NanoCore Trojan for Windows systems, distributed absolutely free. Experts believe that this finding can lead to a sharp jump in attacks, purpose of which is to steal passwords, bank data and other personal information. The talk is about a new version of the NanoCore RAT Trojan, which the authors equipped with new …

Read More »

RAT Trojan Adwind attacks US energy sector

Adwind attacks energy sector

Unknown attackers targeted infrastructure of the US electricity industry. With the help of malicious emails, employees of the energy enterprises were delivered the Adwind RAT Trojan, which specializes in attacks on the electricity sector. The malware, also known as JRAT, SockRat, AlienSpy, JSocket, Frutas and Unrecom, is used to steal information. It can take screenshots, collect credentials from Chrome, Internet …

Read More »

Bank Bolik Trojan masks itself under NordVPN

Trojan Bolik masks under NordVPN

Doctor Web experts warned that attackers use copies of popular services sites to distribute Bolik banker (Win32.Bolik.2). For example, the Bolik Trojan is very effectively masked under NordVPN. One of these resources, discovered by experts, copies this famous VPN service, while others are disguised as corporate office software sites. The company’s experts found a copy of the site of the …

Read More »

DDoS attacks that slow Tor network performance are quite cheap

Tor DDoS Attacks are Cheap

Experts from Georgetown University and the US Navy Research Laboratory presented an interesting report at the USENIX conference on the degradation of Tor network performance. DDoS attacks on Tor can be quite cheap. Researchers claim that Tor can be significantly damaged by simple DDoS attacks on TorFlow, Tor bridges, and specific nodes. Worse, such attacks can cost thousands or tens …

Read More »

Scripts for clickjacking detected on sites with a total audience of 43 million users per day

Scripts for clickjacking detected on sites with a audience of 43 million users

For the first time clickjacking attracted the attention of information security experts more than ten years ago, and since that time it continues to be very popular with cybercriminals. Now scripts for clickjacking detected on many sites. Despite the constant improvement of protection mechanisms against this threat by browser developers, it is not possible to destroy it. A team of …

Read More »

Vulnerability in Trend Micro Password Manager endangers Windows users

Vulnerability in Trend Micro

SafeBreach researchers found a vulnerability in the Trend Micro Password Manager. Using this security issue, an attacker can strengthen his presence in an attacked Windows system. The attack vector exists due to the fact that the Trend Micro Password Manager Central Control Service (PwmSvc.exe file) is launched with the rights of the most privileged Windows account – NT Authority\System. “This …

Read More »

Android Banker Cerberus Uses Pedometer to Avoid Detection

Android Banker Cerberus

Recently, many popular Android Trojans (such as Anubis, Red Alert 2.0, GM-bot and Exobot) have stopped their activities in the field of malware-as-a-service. However, new players are already taking their place. For example Android Banker Cerberus. Experts from the Amsterdam-based company ThreatFabric discovered the new Android malware Cerberus. Cerberus does not exploit any vulnerabilities and is distributed exclusively through social …

Read More »

Researchers introduced a system for assessing the probability of exploiting vulnerabilities in real attacks

Exploit Prediction Scoring System

As you probably know, all systems are vulnerable. Annually, CVE identifiers are assigned to thousands of discovered vulnerabilities, and it’s almost impossible to monitor every new one. Exploit Prediction Scoring System maybe solve these problems How to understand which companies correct immediately, and which ones can be put on hold, specialists tried to figure out at the Black Hat USA …

Read More »

Experts infected Canon DSLR with ransomware via Wi-Fi

Vulnerabilities in Canon cameras

Check Point analysts found six vulnerabilities in the implementation of the Picture Transfer Protocol (PTP) used in Canon cameras. The exploitation of these problems ultimately enables intercepting control over the device and allows the attacker to install any malware on the DSLR (including “over the air” path if the camera supports wireless connections). “Our research shows how an attacker in …

Read More »

Trojan Varenyky spies on porn sites users

Varenyky spies on porn users

ESET experts warned that since May 2019, French users have been attacked by Windows malware Varenyky, which not only sends spam from infected machines, but also records everything that happens on victims’ computers when they visit porn sites — Varenyky spies on porn sites users. Varenyky spreads according to the classical scheme – through malicious emails that supposedly contain some …

Read More »

Clipsa Windows malware steals cryptocurrency and applies brute forces for WordPress sites

Clipsa malware attack wordpress

Avast specialists discovered Clipsa, the strange malware, which not only steals cryptocurrency, substitutes wallet addresses in the users’ buffers and installs miners on infected machines, but also launches brute-force attacks against WordPress sites on compromised hosts. The main source of infections are codec packs for media players that users download on the Internet themselves. According to researchers, Clipsa has been …

Read More »

Password-stealing malware LokiBot started hiding its code in pictures

LokiBot malware uses steganography

The famous LokiBot malware now uses steganography as an extra layer of obfuscation. Researchers at Trend Micro have recorded a new variant of the malware and conducted its analysis. Apparently, the authors are now actively finalizing and improving LokiBot. “Our analysis of a new LokiBot variant shows that it has improved its capabilities for staying undetected within a system via …

Read More »

Gwmndy botnet turns Fiberhome routers into nodes for SSH tunneling

Gwmndy attack Fiberhome routers

360 Netlab experts have discovered a new, very unusual botnet Gwmndy that attack Fiberhome routers. The botnet is growing quite slowly – in just one day, only 200 devices are added to it. “Unlike typical botnets that are trying to infect as many victims as possible, this one stops searching for new bots, gaining 200 per day. It seems that …

Read More »

New Dragonblood Vulnerabilities Affect WPA3 and Reveal Wi-Fi Passwords

DragonBlood problems of vulnerable WPA3

In April this year, information security experts Mathy Vanhoef and Eyal Ronen published new DragonBlood vulnerabilities of WPA3. This is information on a set of problems called DragonBlood – “in honor of” the vulnerable Dragonfly, the mechanism by which clients authenticate on devices that support the new WPA3 standard. Although it was previously thought that this “handshake” mechanism was safe, …

Read More »

Rocke’s new cyberminer removes competitors and uses GitHub to communicate with C2

Malicious crypto mining by Rocke

Specialists at Palo Alto Networks have discovered a new technique for malicious crypto mining by Rocke group. The malware not only removes all other competing miners in the system, but also uses the GitHub and Pastebin services as part of the C2 command center infrastructure. “Cybercriminals write malicious components in Python, while Pastebin and GitHub are used as code repositories”, …

Read More »

Crowdstrike study: threats to mobile devices have become much more sophisticated and dangerous

Mobile threats more dangerous

Crowdstrike researchers have prepared a report that analyzes malware and other cyber threats for mobile devices. According to experts, attacks on smartphones have recently become significantly more complicated and dangerous. Previously, the main problem for smartphone and tablet users was clickjacking. However, now people are increasingly connecting their lives with mobile devices – they store important data, billing information etc. …

Read More »

Researchers estimate that 1.2 billion of Apple’s devices are not protected from MitM attacks

AWDL vulnerability in Apple devices

Researchers at Darmstadt Technical University claim that the Apple Wireless Direct Link Protocol (AWDL) contains vulnerabilities that endangers more than 1.2 billion devices. Using these gaps, an attacker can track users, disable devices, or intercept files transferred between devices (man-in-the-middle, MitM). Experts from Darmstadt Technical University began analyzing the Apple Wireless Direct Link protocol last year. Though Apple launched AWDL …

Read More »

The new version of the banking Trojan TrickBot “kicks off” Windows Defender

TrickBot turn off Windows defender

The developers of the famous banking Trojan TrickBot are constantly improving their program.This time, the cybercriminals taught the TrickBot to turn off Windows Defender. Many users rely on Windows Defender, since it is an antivirus built into Windows 10. MalwareHunter Team investigated this process. After launching this version of TrickBot, the Trojan performs the following steps: Disables and then deletes …

Read More »