News

Vulnerability of the macOS integrated protections allows attackers start side application on victim’s computer

macOS vulnurability

Apparently Apple faced another vulnerability of Gatekeeper technology that allows runing only trusted software on Mac computers. Security researcher Filippo Cavallarin discovered and in details described new vulnerability in macOS. “On macOS X version 10.14.5 (Mojave) and below, it is possible to “easily bypass Gatekeeper in order to execute untrusted code without any warning or user’s explicit permission”, — Filippo …

Read More »

Mysterious and angry SandboxEscaper in two days posted some more 0-day exploits for Windows in open access

women hacker

Just a day after publication of PoC-code for bug exploitation in Windows Task Planner specialist in cybersecurity that uses nickname SandboxEscaper, published two more working exploits. First one for vulnerability in Windows Error Reporting Service and second for the bug in the Internet Explorer browser. Vulnerability in Windows Error Reporting Service that was named AngryPolarBearBug2, can be exploited through the …

Read More »

Great part of malware on VirusTotal had Comodo certificate

comodo ca

Comodo center of certification (known now as Sectigo) released the greatest number of certificates that were used for signing of the malware program samples, found on VirusTotal. It discovered Chronicle specialists during the conducted research. “Unfortunately, system of certificates is built on a problematic core tenet: Trust”, — argue Chronicle experts. The chain of trust is relatively straight-forward: certificates are …

Read More »

Infected by WannyCry and MyDoom laptop costs more than $1 million

WannaCry laptop

Infected by six famous malware programs laptop played out on a public auction. Historically these six malwares in total brought financial loss of $95 billion. Laptop cost exceeded $1 million. In the frames of «The Persistence of Chaos» project Deep Instinct company infected Samsung NC10-14GB 10.2-Inch Blue Netbook (2008) device with Windows XP SP3, with malware programs. Among malware programs …

Read More »

Researchers told about new instruments of MuddyWater cybercriminal group

muddywater-apt-group-upgrading-tactics-to-avoid-detection

Specializing on espionage Muddywater group, also known as SeedWorm and TEMP.Zagros, included in its set of techniques, tactics and procedures new methods that allow having remote access to infected systems and remain unnoticed at the same time. First time group became famous in 2017, when it attacked Middle Eastern organizations, however, later it included governmental and military companies in Central …

Read More »

Mysterious woman-hacker published exploit for increasing vulnerability of rights increase in Windows 10

angelina jolie hackers

On GitHub published PoC-code for vulnerability of privileges increase in Windows 10 that affects Windows Task Scheduler. Despite vulnerabilities of rights’ shift do not allow hacking the system, attackers can use them on further stages to rise privileges from low level to level of administrator. According to vulnerability description, published on GitHub, this bug is linked with the way Task …

Read More »

Experts told about Linux-variant of Winnti Trojan

Winnti Trojan

Chronicle experts from Alphabet cybersecurity holding discovered Linux version on Winnie backdoor that is popular among Chinese hackers for many years. Linux-version of a backdoor was discovered after a recent news that Chinese hackers that applied Winnti attacked Bayer (one of the world largest pharmaceutical companies). Chronicle analysts conducted additional research on Winnti on VirusTotal and fond variant for Linu …

Read More »

AMD argues that Zombieload and other MDS-vulnerabilities not endanger their processors

Zombieload

According to AMD company statement, discovered in Intel processors new class of MDS-vulnerabilities does not affect processors of their production. Previously this month was reported about discovery in Intel chips vulnerabilities as Zombieliad, RIDL, Fallout and Store-to-Leak Forwarding, linked with the mechanism of speculative execution. With their use attacker can get access to your data in different inner buffers of …

Read More »

Ransomware Unistellar destroyed 12 thousand databases in MongoDB

mongodb

Independent Internet-security specialist Sanyam Jain discovered more than 12 thousand MongoDB databases that destroyed cybercriminals. Attackers delete all notes from the storage and propose victim to contact them for information restoration. Experts link attacks with earlier unknown Unistellar band. “First I noticed the attacks on April 24, when initially discovered a wiped MongoDB database which, instead of the huge quantities …

Read More »

Researchers discovered vulnerability in Windows-client of Slack messenger

slack logo

Specialists from Tenable company disovered vulnerability in Windows-version of corporate Slack messenger (version 3.3.7) that enables changing file upload destination and steal files, change them or add malware programs. The problem is in implementation of the protocol handler “slack://” in the application. With the use of specially formed link, published in Slack-channel, attacker can modify client’s setting, for example, change …

Read More »

Indicted creators and participants of international cybercriminal network on Trojan GozNym spread

GozNym FBI

Europol reported about success of cross-border operation on cessation of cybercriminal group activity that is responsible for creation and spread of bank Trojan malware GozNym. As assessed, operators tried to steal with its help more than $100 million from 41 thousand of victims of infection, the bulk of which were legal entities. Criminals worked by the scheme “cybercrime as a …

Read More »

Microsoft published list of dangerous legitimate applications

Microsoft blacklist

Microsoft composed and published a list of legitimate applications that can be used by attackers for bypassing Windows Defender security rules. Corporation notifies that attackers can penetrate organization’s network by using this legitimate programs. Microsoft refers to a special method that use cybercriminals – Living off. Living off suggests exploitation of OS functions or legitimate administrating tools in compromising corporate …

Read More »

Researchers discovered serious vulnerability in WP Live Chat Support plugin

wordpress vulnerability

Analysts from Sucuri company found in WP Live Chat Support-plugin dangerous bug. Vulnerability allows to unauthorized attackers perform XSS-attack and implement malware on all pages of the website that use this extension. “An XSS flaw is pretty serious in itself. It allows hackers to inject malicious code in websites or web apps and compromise visitors’ accounts or expose them to …

Read More »

Microsoft released new version of Attack Surface Analyzer utility

Attack Surface Analyzer

Version 1.0 was released seven years ago, and now technical giant announced Attack Surface Analyzer 2.0. This instrument fixes changes in Windows system in the process of side applications installation. In the last seven years a bulk of system administrators and researchers routinely used years Attack Surface Analyzer that became practically indispensable tool. Possibility of tracing changes in configuration of …

Read More »

Intel tried to buy silence of researchers that discovered MDS vulnerabilities

zombieload intel

One of the most resonant news of the last days is discovery of new vulnerability class on MDS (Microarchitectural Data Sampling). It is peculiar that owners of PCs, equipped with competing with Inter AMD processors, are out of risk; producer confirmed that his product is not affected by new vulnerabilities. Read about this in our article: Zombieload and company: researcher …

Read More »

Zombieload and company: researcher discovered new class of vulnerabilities in Intel processors

zombieload

Combined group of scientists and IS-experts discovered new class of vulnerabilities in Intel processors, which, similarly to Meltdown, Spectre and Foreshadow, allow distracting data that is processed inside the chips. As in previous cases, new attacks are based on Microarchitectural Data Sampling (MDS) and use advantages of speculative execution mechanism that is realized in Intel processors for increasing data processing …

Read More »

For protection from similar to WannaCry worm Microsoft released updates for old Windows versions

microsoft patch

Microsoft highly recommends users of old Microsoft versions (Windows XP, Windows 7, Windows Server 2003, Windows Server 2008 R2 and Windows Server 2008) update their systems with the use of yesterday released update. Corporation fixed quickly spreading malware program that resembles WannaCry. Exploit that use attackers involves vulnerability of the remote code execution (RCE) in Remote Desktop Services. Seriousness of …

Read More »

Thrangrycat vulnerability can be used for malware invasion in Cisco equipment

ciscos thrangrycat

IT-security experts discovered dangerous bug in Cisco protected load mechanism that affected a wide range of products that used in governmental and corporate networks, including routers, commutators and firewalls. Vulnerability named Thrangrycat (CVE-2019-1649) linked to the range of disadvantages in the design of TAm module (Trust Anchor module) that is function of protected trusted download Secure Boot. This function allows …

Read More »

Named three American antivirus producers, hacked by Fxmsp band

Cybercriminal or cybercriminals under the nick Fxmsp, have stolen and put on sale source codes of antivirus products and other confidential information. About it recently reported Trojan–Killer. Because of security reasons, names of affected vendors were not disclosed. Nevertheless, BleepingComputer portal managed to get from Internet-security company AdvIntel exclusive unedited evidence that disclosed Fxmsp victims. AdvIntel collected information about Fxmsp …

Read More »

Fearing repetition of scandal with Cambridge Analytica, Facebook sued Korean company Rankwave

Facebook vs Rankwave

Obviously, Facebook tries to avoid repeating of scandal with Cambridge Analytica, when social network was extensively critiqued for unsanctioned usage of users’ data. Recently is became known that Zukerberg’s corporation sued South Korean analytical company Rankwave. The essence of the claim is misuse of users’ data. As Facebook lawyers say, Rankwave representatives abused with platform’s for developers data and refused …

Read More »

Cybercriminal stolen data from 3 Major US antivirus developers

Fxmsp

Cybercriminal band of the allegedly Russian origin put up for sale information that was stolen from three American antivirus software producers. The case is linked to Exmsp band that for a long time specializes of sales of original corporate data. As reports IT-company Advanced Intelligence (AdvIntel), criminals earned with their illegal business about $1 million. Fmsp exists since 2017 and …

Read More »

Alpine’s Docker-images were supplied with empty password of “root” user

Docker Alpine

Security researches from Cisco company disclosed data about vulnerability CVE-2019-5021 in the assemblies of Alpine distributive for Docker container isolation system. The essence of identified problem is that for “root” user was by default set by empty password without blocking of direct entrance under “root”. “Due to the nature of this issue, systems deployed using affected versions of the Alpine …

Read More »

Researchers from Cisco Talos found vulnerability in DBMS SQLite

SQLite

In DBMS SQLite detected vulnerability CVE-2019-5018 that allows performing code in the system if it is possible to execute a SQL query, prepared by an attacker. Problem arises from the SQLite 3.26 branch. “SQLite implements the Window Functions feature of SQL, which allows queries over a subset, or “window,” of rows. This specific vulnerability lies in that “window” function”, — …

Read More »

Dharma Bum Ransomware learned how to parasite on legal antivirus programs

Researchers discovered new version of Dharma Ransomware that uses legal antivirus tools for victims’ attention redirection while all types of files on PC encrypted at the background mode. Dharma Ransomware is famous since 2016, but it still moves through the Internet and chases organizations worldwide. Famous Dharma’s action took place in November 2018, when extorters infected hospital in Texas and …

Read More »

Discovered complex backdoor that group of cybercriminals Turla uses since 2014

nake is another name for Turla.

ESET specialists discovered in the Turla arsenal new powerful instrument that hackers managed to hide for five years, at least since 2014. Backdoor named LightNeuron compromises Microsoft mailing servers and functions as mail transfer agent, (MTA) that is not typical for such malware. Researchers note, that, according to their data, LightNeuron is a fisrt backdoor that is specially orientated on …

Read More »

Group of Chinese hackers used NSA tools much earlier their leakage into network

Symantec analysts shared interesting observations. As it discovered, some Chinese cybercriminal group used NSA tools a year before hackers from Shadow Brokers leaked it into network. This Chinese group is traced under several names, including Buckeye, APT3, UPS Team, Gothic Panda and TG-0110. Researchers link its activity with PRC’s Ministry of State Security. Buckeye was noted with cyberattacks on such …

Read More »

Google announced adding two new functions in Chrome browser

Google Chrome

Google plans to add in its browser two new functions – support of cookie-files from same websites and protection from taking digital fingerprints. Company announced both functions on the annual I/O 2019 conference. In what version of Chrome will arrive additional protection, is not reported. The most significant change will touch cookies-files processing and will base on IETF standard that …

Read More »

Ransomware MegaCortex attacks companies in Europe and North America

megacortex

Sophos specialists published a report, dedicated to increased activity of MegaCortex cryptographer. This extortionist is orientated majorly of corporate sector and used in the carefully planned targeted attacks. Such incidents are a real trend in the latest time, and many big companies suffered from targeted attacks: it is worth remembering LockerGoga “heroic actions”. Its victim was one of the world’s …

Read More »

Critical vulnerabilities are found in PrinterLogic Print Management

printerlogic

Vulnerabilities in PrinterLogic Print Management software allow attackers remotely perform code on the final points with system privileges. Specialists from Software Engineering Institute from Carnegie Mellon University discovered these vulnerabilities. Issues involve PrinterLogic Print Management versions 18.3.1.96 and earlier. The most dangerous vulnerability is in absent of checks for SSL-certificates and certificates with signed updates for software, so attackers can …

Read More »

In more than hounded of Jenkins’ plugins are discovered vulnerabilities

jenkins

Great number of plugins for open instrument of uninterrupted integration by Jenkins software contain different bugs and vulnerabilities. Vulnerabilities mainly connected with storing of passwords in non-encrypted form. Additionally, in Jenkins’ soft found CSRF-bugs that allow steaking credentials and committing CSRF-attacks. Viktor Gazdag, specialist of NCC Group that tested great number of Jenkins’ plugins, revealed these problems. “These tests resulted …

Read More »