Home » News (page 4)


MyDoom worm is already 15 years old, but it is still active

MyDoom worm still active

Experts from Palo Alto Networks published a report, according to which 15-year-old MyDoom worm (aka Novarg, Mimail and Shimg) is not just still “alive”, but even increases its activity. MyDoom appeared in 2004 and is considered one of the most famous threats in the entire history of observations. “While not as prominent as other malware families, MyDoom has remained relatively …

Read More »

Attackers spread Sodinokibi ransomware on behalf of German intelligence service

Sodinokibi Ransomware

Attackers distribute Sodinokibi ransomware (also known as REvil and Sodin) by email, posing as employees of the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik). Using the “Warning about compromised user data” message (“Warnmeldung kompromittierter Benutzerdaten”) as the subject, attackers urge their victims to open an attachment with a malicious PDF document, says the BSI message. …

Read More »

Vulnerability in ProFTPD allows coping files without permission and executing arbitrary code

ProFTPD servers are vulnerable

German researcher Tobias Mädel discovered that, under certain conditions, ProFTPD servers are vulnerable to remote code execution and information disclosure attacks. The root of the problem lies in the mod_copy module bug, which allows arbitrary files copying. Most often, this module is enabled by default. “All versions of ProFTPd up to and including 1.3.6 (the problem extends to 1.3.6 only …

Read More »

On GitHub published a detailed analysis of BlueKeep vulnerability that simplifies creation of exploits

As part of the May “Tuesday updates”, Microsoft fixed the critical vulnerability CVE-2019-0708 (also known as BlueKeep) related to the operation of Remote Desktop Services (RDS) and RDP. Although the technical details of the problem were not disclosed due to its high level of threat, it is known that with the help of this bug attackers can execute arbitrary code …

Read More »

Hackers attack Jira and Exim servers to install Watchbog Linux Trojan

Trojan Watchbog

Cybercriminals attack vulnerable Jira and Exim servers in order to infect them with the new version of Linux-Trojan Watchbog and Monero cryptocurrency mining. Watchbog is a malicious software for infecting Linux-based servers by operating vulnerable software, such as Jenkins, Nexus Repository Manager 3, ThinkPHP or Linux Supervisord. According to a researcher from Intezer Labs, the latest version of the malware …

Read More »

Iranian hackers APT34 use LinkedIn to deliver a backdoor

APT34 using LinkedIn for deliver a backdoor

The cybercrime group APT34, which is associated with the Iranian government, continues its espionage campaigns, using LinkedIn for deliver a backdoor. According to the report of FireEye experts, criminals appear to be a researcher from Cambridge and ask the victims to join their group. A malicious xls file is sent along with these users. “In late June, FireEye researchers discovered …

Read More »

Extenbro Trojan replaces DNS and blocks access to antivirus sites

Extenbro Trojan

Malwarebytes Labs specialists discovered Extenbro Trojan, which not only replaces DNS for displaying advertisements, but also does not allow the user to visit anti-virus and other security products. With this feature, user cannot download and install any protective program and get rid of malware. Researchers warn that by doing so, malware puts infected machines at risk from other types of …

Read More »

FBI released master keys to decrypt all Gandcrab versions

GandCrab master keys

The FBI has released master keys to decrypt files affected by Gandcrab ransomware versions 4, 5, 5.0.4, 5.1 and 5.2. Using these keys, any user will be able to create and release his own GandCrab decoder. A document published by the FBI entitled “Master Decryption Keys for GandCrab, versions 4 through 5.2” describes how GandCrab works. Recall that in June, …

Read More »

Global Threat Index: Emotet botnet suspended its activities

Emotet trojan

Check Point Research team (a division of Check Point Software Technologies) published a Global Threat Index report with the most active threats in June 2019. The researchers report that Emotet (currently the largest botnet) is not working yet – almost all June there were no new campaigns. During the first half of 2019, Emotet was ranked among the top five …

Read More »

Vulnerability in the plugin for WordPress allowed to execute PHP-code remotely


Information security specialists from Wordfence have found the vulnerability of the Ad Inserter plugin for WordPress installed on more than 200,000 websites. The bug allows attackers remotely execute PHP code on the site. The vulnerability affects all WordPress websites with installed Ad Inserter 2.4.21 or lower. “The weakness allowed authenticated users (Subscribers and above) to execute arbitrary PHP code on …

Read More »

Banking Trojan TrickBot learned to spam and has already collected 250 million email addresses


Malicious program TrickBot, designed to steal credentials and contacts of victims, received an additional module “TrickBooster”. This module allows sending malicious emails on behalf of an infected user. “TrickBooster gives TrickBot a highly-effective way to spread infection. By sending emails from trusted addresses within an organization TrickBot increases the odds that a would-be victim will open one of its trojanized …

Read More »

eCh0raix ransomware attacks QNAP NAS network storage

eCh0raix ransomware

Researchers at Anomali Threat Research have discovered a new eCh0raix encryptor written in Go. The malware attacks the QNAP NAS devices and encrypts the victims files. Unfortunately, by now there is no way to decrypt the data without paying the ransom to the attackers. Experts report that compromise of devices is mainly carried out by brute force weak credentials and …

Read More »

RIG exploit recruitment operators began to distribute the ERIS coder over the network

Security experts have long spoken about reducing the activity of exploit kits, many of them still remain “in service”, continue to improve and change the payload. One of these long-known players’ researchers is the RIG exploit kit. Recently, experts noticed that RIG began to distribute Eris encrypter, first seen in May 2019. Researcher Michael Gillespie was first to discovere an …

Read More »

Operators of Trickbot and IcedID Trojans combined efforts and technology

Banking Trojans

Banking Trojan Trickbot received a module for intercepting the traffic of an infected machine. Now, the malware is able to inject its own injections into the data transmitted between the website of the financial institution and the client device. Experts suggest that the expansion of opportunities was the result of cooperation of the authors of the program with developers of …

Read More »

Microsoft warns of Astaroth fileless Trojan attacks

Astaroth Trojan

Microsoft experts warned users about an active malicious campaign to infect computers with Astaroth malware, which is difficult to detect with familiar security solutions. The Windows Defender ATP development team, a commercial version of the Windows Defender antivirus product, discovered the campaign. “Our experts suspected something was wrong after the discovery of a sharp surge in the use of the …

Read More »

Was released new Debian 10 “Buster” with new security features

Debian 10 Buster

The Debian project has released a new version of the Linux distribution called Debian 10 “Buster”. As unlike other distributions, Debian is not developed by the company, but by the community members themselves and plays the role of a key OS for Ubuntu, each new release is an important event. Debian developers prioritize stability instead of pursuing the latest technology. …

Read More »

New BianLian Trojan spies on data entry in Android banking applications

In the arsenal of criminal groups arrived a new version of the BianLian malware. Cybercriminals modified the Trojan, equipping it with additional attack capabilities on banking applications. Experts of the Fortinet company investigated in detail a new copy of the malware. According to experts, BianLian can now save the screen of an Android device, which helps cybercriminals steal credentials of …

Read More »

In Ruby password checking library discovered a backdoor

Ruby Library

Developer Tute Costa found a backdoor in the Ruby library “strong_password”, with which attackers could execute any code in applications containing this library. As Costa found out, malicious code checked in which environment the library is located – in test or production. If in production, the code downloaded from Pastebin an additional malicious module that serves as a backdoor in …

Read More »

Operators of Dridex and Locky Trojans use new AndroMut loader


Experts of the Proofpoint company found that the Russian-speaking hack group TA505 switched to using the new loader, AndroMut. It is believed that this grouping existed at least since 2014 and is associated with such large-scale malicious campaigns as the distribution of Drirex and Shifu bankers, Locky cryptographer, as well as the extortionists Philadelphia and GlobeImposter, ServHelper backdoors and FlawedAmmyy. …

Read More »

The new version of the Dridex banker slipping from antiviruses


Information security professionals were aware about Dridex banking trojan since 2014 and it is still one of the most sophisticated malware in its category. Development of this malware continues to this day: new versions of the Trojan appear regularly, with periodical release of large updates. In early June 2019, independent security expert Brad Duncan discovered a new version of Dridex, …

Read More »

OceanLotus Cybercriminal Group Uses New RAT Ratsnif


Analysts from Blackberry Cylance described APT32 (aka OceanLotus, CobaltKitty, SeaLotus, APT-C-00) group weapons. It is worth reminding this group attacks mainly foreign companies that invest in the development of production in Vietnam. The main industries are retailing, consulting and hospitality sector According to information security specialists, APT32 acts in the interests of the Vietnamese government, and attacks can be carried …

Read More »

Microsoft Teams allows downloading and executing malicious files

Current implementation of the update mechanism in the desktop application Microsoft Teams allows downloading to the system and executing arbitrary files. Problem also affects the desktop software GitHub, WhatApp and UiPath, but allows only loading the payload. “Squirrel”, in its turn uses package manager NuGet to download necessary files. As security researchers have discovered, using the update command in vulnerable …

Read More »

Researchers discovered a Silex malware terrorist that destroys IoT devices

Light Leafon

A new malware that disables IoT devices appeared on the Internet. According to the testimony of a ZDNet reporter, in an hour of observation, the malware, called Silex, increased the number of its victims from 350 to 2000, turning their devices into useless bricks. Firstly new attack discovered by Akamai expert Larry Cashdollar, His analysis showed that Silex achieves its …

Read More »

Sites with cheats for games distribute users to the load Trojan crypto miner

Trojan MonsterInstall

A new modular trojan downloader in JavaScript has appeared on the Internet. Currently, it can be obtained along with the crypto miner ad the load to the cheats for video games. Windows malware, code-named MonsterInstall, is notable for using Node.js as the runtime environment. Doctor Web specialists discovered and analyzed an unusual sample. As it turned out, attackers distribute MonsterInstall …

Read More »

Oracle has released an urgent patch to eliminate critical vulnerabilities in WebLogic Server

Oracle WebLogic Vulnerability

The company said that an unknown group of cybercriminals in real attacks is already actively exploiting this security problem. The vulnerability received an identifier CVE-2019-27296, and, according to the CVSS scale, it received 9.8 points out of 10. “Due to the severity of this vulnerability, Oracle strongly recommends customers to apply updates as soon as possible”, — warn in Oracle. …

Read More »

Vulnerabilities in MMC allow taking control over the system

The Microsoft Management Console (MMC), used by system administrators to configure and track system performance, contains a number of vulnerabilities, using which attackers can implement malware or intercept control on the attacked machine. The vulnerability group, which includes XSS and XXE bugs, received a common identifier CVE-2019-0948. Attackers can exploit problems using the snap-in mechanism in the MMC. Snap-ins are …

Read More »

Linux and FreeBSD TCP Stacks Revealed DoS Vulnerabilities

FreeBSD 10 Bootloader

A number of vulnerabilities have been identified in the Linux and FreeBSD TCP stacks that potentially allow remotely causing a denial of service or cause excessive resource consumption while processing specially crafted TCP packets. Problems exist due to errors in the handler of the maximum data block size in the TCP packet (MSS, Maximum segment size) and the mechanism for …

Read More »

Malware Echobot attacks IoT devices, Oracle applications, VMware and exploits old vulnerabilities


Echobot IoT malware is another variation of well-known Mirai malware, detected by security specialists from Palo Alto Networks in early June 2019. Last week, Akamai experts presented a more detailed report on the new threat, from which it becomes clear that Echobot was following a general trend: the authors of malware did not change the basis but added new, additional …

Read More »

Security experts finally defeated the GandCrab encryption

GandCrab Died

On the portal No More Ransom arrived decryptor to the latest version of GandCrab ransomware The utility can save from data destruction many thousands users who have suffered from attacks of the coder. Representatives of Europol reported the appearance of a new decryptor on its website. They thanked for the help in the development of law enforcement services of nine …

Read More »