Nieuws

In Oracle assessed seriousness of emerged issue and launched unplanned patch for WebLogic server

oracle weblogic under attack

By the end of last week, experts from Chinese KnownSec 404 company that stands behind IoT-searcher ZoomEye development, discovered dangerous issue in Oralce WebLogic. Bug presented a threat for all Oracle WebLogic servers with running components WLS9_ASYNC and WLS-WSAT. First component is necessary for performing asynchronous operations while the second is protective solution. Vulnerability is linked with deserialization and allows

Lees verder »

Hackers kregen toegang tot 190 duizenden Docker Hub accounts

docker hub under attack

Unknown intruders received access to data of world’s biggest library of images for containers that caused leaking of more than 190 thousands users’ credentials. Docker Hub developers detected that third persons got unauthorized access to one of project databases that stored non-financial users’ details. “On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a

Lees verder »

In Oracle WebLogic is found vulnerability: specialist confirm that attacks through are ongoing

oracle weblogic under attack

Experts of Chinese company KnownSec 404 that developed IoT-searching engine ZoomEye, discovered dangerous vulnerability in Oracle WebLogic. According to ZoomEye, on the Internet can be found more than 36 000 available WebLogic Servers that are vulnerable behind the new problem. Majority of them are located in US and China. Researchers explain,that bug is dangerous for all servers Oracle WebLogic with

Lees verder »

Indringers hebben Trojan Qbot geleerd zich te verbergen in takken van bestaande berichtenuitwisseling

Qbot banker verspreider die sindsdien bekend is 2009 een nieuwe e-mailcampagne gelanceerd, maar met enkele innovaties. Experts of command for special operations from American JASK company established that intruders are now masking malware messages by using existing electronic correspondence. Hyperlink bij downloaden voor Trojan-virus voor Windows ingevoegd in echt antwoord op e-mail die al door mogelijk slachtoffer is verzonden. volgens …

Lees verder »

Hacker broke out Android application for GPS-monitoring and took control over several thousands of cars

snel&Furious 8, carhacking

Journalists from Vice Motherboard told that hacker, known as L&M, reported them about a crash of nearly 30 000 accounts in two Android-applications for GPS-monitoring: iTrack (7000 accounts) and ProTrack (20 000 accounts). Als gevolg, hacker got not only access to information about cars’ location, but also opportunity to control their functions. Bijvoorbeeld, he could turn off engines

Lees verder »

Number of attacks on WordPress-websites through the vulnerability Social Warfare critically grew

wordpress under attack

Attacks on WordPress sites are passing as an avalanche, warn experts from Palo Alto Networks. It is possible due to vulnerable plugin Social Warfare that now threatens nearly 40 000 websites. Social Warfare contains XSS-vulnerability that can also lead to remote code performing. “An attacker can use these vulnerabilities to run arbitrary PHP code and control the website and the

Lees verder »

Cybercriminelen dat DNSpoinage campagne gevoerd, nu gewapend met nieuwe malware-software

DNSpionage

Cybercriminal group that is responsible for DNSpionage operation became more selective in choosing victims and armed themselves with new malware Karkoff to improve effectiveness of their cyberattacks. Volgens FireEye, DNSpionage campaing began in the end of April 2017 and for it responsible cybercriminals that act in interests of Iranian government. In the previous attacks, with the use of fake

Lees verder »

Russisch-sprekende cybercriminelen begaan een reeks van de visserij aanslagen op ambassades van Europese landen.

Russische hackers

Cybercriminals attacked embassies of European countries in Italia, Liberia, Kenia and other countries after sending its employees fishing letters. As report Check Point researchers, malware letters contained Microsoft Excel documents with headings «Military Financing Program» and “top secret” mark. After activation of malware’s macros from the document were extracted two files. Met name, on the attacked system was downloaded malware

Lees verder »

Google Play Protect bleek de minst effectieve Android-bescherming te zijn

Google Play Protect

Zoals de resultaten laten zien van recente testen van antivirusoplossingen voor Android, alleen het gebruik van Google Play Protect is onvoldoende om de veiligheid tegen cyberdreigingen te waarborgen. Onderzoekers van AV-TEST geanalyseerd 19 antivirusproducten op hun effectiviteit, functionaliteit en gebruiksgemak. Op elk van deze drie parameters werden applicaties gescoord met een maximum van 6 punten voor effectiviteit en gemak en 1 punt voor …

Lees verder »

Superman-fans zijn in gevaar: NSSC-specialisten hebben een lijst gemaakt met de meest voorkomende wachtwoorden

Change your password

"123456" is de meest voorkomende onder gehackte wachtwoorden. Deze conclusie maakten specialisten van het Britse National Cyber ​​Security Center, NCSC, hun eerste cyberbeveiligingsonderzoek doen. NCSC analysts took as a basis Hanter Troj’s base «Have I Been Pwned» and extracted 100 000 meest gebruikte wachtwoorden. Resultaten kunnen mensen verrassen die ervaring hebben met cyberbeveiliging. Meest populaire wachtwoorden waren "123456", …

Lees verder »

Microsoft IE11 kwetsbaarheid is gevaarlijker dan het leek browser Edge is ook gevoelig voor

Researchers noted strange behavior in Windows 10 that can allow intruders remotely steal files that are stored on hard disks after user opens malware file in Microsoft Edge. For the first time problem was reported when cybersecurity researcher John Page published information about vulnerability in Microsoft Internet Explorer 11 that allows opening access to files on Microsoft OS. Page also

Lees verder »

Berouwvolle cybercrimineel gelekt instrumenten van de Iraanse hackers in Telegram

Iran APT34

Half maart 2019 hacker die bekend staat als Lab Dookhtengan gepubliceerd in Telegram-tools van de Iraanse APT34-groep (aka Oilrig en HelixKitten) evenals informatie over hackers en hun vermeende toezichthouders van het Ministerie van Informatie en Nationale Veiligheid van Iran. Journalisten van ZDNet communiceerden met Lab Dookhtegan en melden dat hij deelname aan DNSpionage-campagne bevestigt …

Lees verder »

Evernote een patch een gat dat indringers toegestaan ​​dat één code op MacOS

Evernote

Specialists in cybersecurity detected an error that allows hackers run malware code from Evernote. EEN[,dropcap]s a result, intruders can use specially created URI in a note that would lead to the attack. Through file:/// link they offer user to open any malware file, Bijvoorbeeld, “../../../../malware.app“. Such vulnerabilities united under the term “path traversal”. While Evernote provides technical opportunity to

Lees verder »

Vulnerability in EA Origin client allows intruders to control gamers’ PCs

EA Origin

For convenience of millions of users Origin supports URL that begins with «origin://». Such links make possible to open application quickly and download a game, following a simple link from the website. Researchers of Undergo Security found that using this bag intruders could make linksorigin://../malware”, that would enable attackers to use any application with the rights of current user. …

Lees verder »

Belgian Foreign Ministry suspended work of its services because of hackers’ attacks

Belgian Foreign Ministry

Op dinsdag, 16 april, cyberattack forced Belgian Foreign Ministry to turn off its electronic services, including passports’ issue and documents legalization. Diplobel network that connects Ministry with embassies and consultants around the word that completely switched off. Restoration of its work will take about 72 uur. “We noticed an attempt to penetrate the Foreign Affairs network and decided, als een …

Lees verder »

Via kwetsbaarheden in Chrome voor iOS leidt verkeer rechtstreeks naar commerciële websites

Chrome voor iOS

Experts van het Confiant-bedrijf dat gespecialiseerd is in het traceren van advertentiecampagnes voor malware, zeggen dat hackers kwetsbaarheid in Chrome voor iOS vaak gebruiken om iPhone- en iPad-gebruikers om te leiden naar frauduleuze websites. Onderzoekers hebben Google al gerapporteerd over het probleem en de ontwikkelaars analyseren deze informatie. Waarschijnlijk, dat ze binnenkort een patch zullen uitgeven. Bestaande bug stelt aanvallers in staat malwarecode te gebruiken …

Lees verder »

Rookit Scranos verliet China en zoekt slachtoffers over de hele wereld

Scranos wereldeffect

Multifunctionele rootkit-operators breiden hun werkterrein buiten China uit en vallen nu gebruikers over de hele wereld aan. Zoals de specialisten van het Bitdefender-bedrijf zeggen, het hoogste aantal slachtoffers wordt genoteerd in Roemenië, Frankrijk, India, Brazilië en Indonesië. Scranos combineert functies van achterdeur, infostealer en advertentiesoftware en kan alle Windows-versies gebruiken, inclusief Windows 10. Ondanks dat Scranos aan staat …

Lees verder »

Hackers kunnen Adblock Plus filters gebruiken voor de opslag van malware code

Adblock Plus

In popular advertisement blocker Adblock Plus is found vulnerability that allows organization of JavaScript-code performance. JS-code can be executed in case of usage unchecked filter, adopted by intruders (Bijvoorbeeld, while connection to list side rules or through the substitution of rules in MITM-attack). Authors of lists with filter sets can organize performance of their code in context of web-sites

Lees verder »

ASF launched new versions of Apache Tomcat web-server to close hazardous vulnerability

ApacheTomcat

Apache Software Foundation (ASF) issued new version of Apache Tomcat web-server for elimination of dangerous vulnerability that enables remote code performance and interception of control over server. Vulnerability CVE-2019-0232 contains in Common Gateway Interface (CGI) Servlet and manifests on Windows with turned parameter «enableCmdLineArguments». Issue linked with mechanism of Java Runtime Environment (JRE) transition arguments of command line. As in

Lees verder »

Hackers more than half a year had access to correspondence of Microsoft mailing services users

Microsoft mail hacked

According to Microsoft report, tussen januari 1, 2019 till March 28, 2019, third parties had access to data, connected with foreign email-accounts. Company explains that unknown intruders compromised account details of unnamed technical service employee and got access to folders, email themes, email-accounts and other correspondence details. Although initially Microsoft denied that hackers had access to letters and attachments, Spoedig …

Lees verder »

Gmail was een eerste mailservice dat de veiligheidsnormen MTA-STS en TLS rapportage ondersteuning gelanceerd

Gmail

According to Google message, Gmail became first big mailing service that supports new safety standards MTA-STS and TLS Reporting. Both standards are extensions for Simple Mail Transfer Protocol (SMTP) that is a protocol used for sending of all emails today. MTA-STS and TLS Reporting assist email-services in establishing cryptographically protected connections with each other. In some kind, it is prevention

Lees verder »

Microsoft report: in March hackers actively used WinRAR vulnerabilities

WinRar hacked

Microsoft published details of Windows-managed attacks on computers in media companies that took place in March. In the attacks, criminals utilized famous WinRAR vulnerability that gained popularity within criminal groups in the latest months. Hackers armed themselves with it immediately after publication by Check Point company, on February 20. That time researchers demonstrated how through this vulnerability code with the

Lees verder »

Hackers gebruikt fout in Yuzo Related Posts plugin voor een massale aanval op WordPress aangedreven websites

Maildienst Mailgun is woensdag samen met meer dan duizend sites van andere bedrijven aangevallen, april 10. During the attack hackers exploited vulnerability in Yuzo Related Posts plugin that allows establishment of scripting between web-sites (XSS). Met zijn hulp implementeerden aanvallers op kwetsbare websites een code die gebruikers omleidt naar malwarebronnen, inclusief valse technische serviceportals, kwaadaardig …

Lees verder »

Onderzoekers vinden kwetsbaarheden in WPA3 protocol die het mogelijk maken het verkrijgen van Wi-Fi-wachtwoorden

dragonblood

Though Wi-Fi Protected Access III (WPA3) standard released less than a year ago, researchers found significant vulnerabilities in a standard that enable Wi-Fi extraction and network access. WPA3 was created to improve flaws in WPA2 protocol that for a long time was considered unsafe and vulnerable to Key Reinstallation Attack (KRACK). Despite WPA3 protocol relies on safer handshake SAE (Simultaneous

Lees verder »

In de nieuwe patch gecorrigeerd Microsoft 74 bugs, waaronder twee 0-day kwetsbaarheden

Microsoft Corporation issued update package that treats 74 bugs, including two zero-day (0-dag) vulnerabilities in different products. Two recently discovered issues as CVE-2019-0803 and CVE-2019-0859 are vulnerabilities of privilege shift that involve Win32k component. According to Microsoft description, bug exists due to incorrect procession of memory volumes, and its exportation allows using a code in a kernel mode. als een …

Lees verder »

PoC-code for vulnerability in Apache HTTP-server published on GitHub

Developer Charles Fol discovered Carpe Diem (CVE-2019-0211) vulnerability in Apache HTTP Server 2.4. In certain conditions, it allows implementing side code which gives rights of administrator and capturing server management. Charles Fol published PoC-code on GitHub website. In the accompanying comments engineer explained that code has intermediate meaning between demonstrative PoC and valid exploit and has educational purposes. Echter, intruders

Lees verder »

Exodus Spyware Gevonden in Apple iOS-apparaten

De Exodus-spyware is ondertekend met legitieme Apple-ontwikkelaarscertificaten. De overheid spyware Exodus, die eerder werd gevonden in 25 verschillende applicaties op Google Play, wordt nu ook naar iOS geporteerd. Dit is een waarschuwing voor onderzoekers Lookout Security. Spy Exodus kan gebruikerscontacten extraheren, gesprekken opnemen, onderschep foto's en volg de locatie. Volgens experts, de iOS-versie hiervan …

Lees verder »