Last Articles

Ransomware attacks Microsoft SharePoint servers

Microsoft SharePoint servers have joined a long list of devices that ransomware uses to infiltrate corporate networks. This list also includes Citrix gateways, F5 BIG-IP balancers, Microsoft Exchange mail servers, VPN Pulse Secure, Fortinet and Palo Alto Network products. Trend Micro experts write that the SharePoint servers are being attacked by a hack group known as Hello or WickrMe Ransomware (using Wickr accounts...

Pareto botnet claims jailbroken devices are TVs

Experts from Human Security (formerly White Ops) have discovered the Pareto botnet that infects Android devices and uses them to scam the television advertising ecosystem. Currently, Pareto has infected more than a million devices and impersonates millions of people watching ads on smart TVs and other devices. Human Security reports that the botnet has used dozens of mobile apps to mimic or tamper...

Vulnerable Microsoft Exchange Servers Attacked by Prometei Botnet

Since the patches for ProxyLogon problems were still not fully installed, attackers continue to attack vulnerable Microsoft Exchange servers. Now researchers from Cybereason Nocturnus have discovered the Prometei botnet, which mines Monero cryptocurrency on vulnerable machines.

A patch for another 0-day vulnerability in Google Chrome has been released

Google developers released Chrome version 90.0.4430.85 (for Windows, Mac and Linux), eliminating a zero-day vulnerability that hackers have already actively exploited. The issue is identified as CVE-2021-21224 and was reported by security analyst Jose Martinez of VerSprite Inc. The vulnerability is also known to be related to a type confusion bug in the V8 engine. Martinez himself writes that the vulnerability is related to a PoC...

760$ million stolen from Bitfinex in 2016 transferred to other wallets

Edition of The Record reports that, according to the Whale Alert and BTCparsers, Bitcoins, stolen in 2016  from Bitfinex Exchange were transferred to other purses   dozens of transactions in the range from 1 to 1200 Bitcoins at a time. At the same time, the funds that came into motion account for only about 10% of the amount stolen from Bitfinex, because then hackers stole 119,756...

NAME: WRECK vulnerabilities threaten millions of IoT devices

Forescout experts presented a report on nine vulnerabilities in TCP / IP stacks, collectively named NAME: WRECK . These problems affect hundreds of millions of servers, smart devices, and industrial equipment. NAME: WRECK is the fifth set of vulnerabilities affecting TCP / IP libraries found in the past three years. Suffice it to recall at least such "findings" of experts as  Ripple20 , URGENT / 11 and Amnesia: 33 . But...

Pwn2Own ended 2021. Windows 10, Ubuntu, Safari, Chrome, Zoom and more were successfully jailbroken

The largest hacking competition - the spring Pwn2Own 2021 - has ended. This time it all ended in a three-way draw between Team Devcore and OV, as well as the duo of cybersecurity experts Daan Keuper and Thijs Alkemade from Computest. All three teams finished the competition with 20 points each. In total, over three days, Pwn2Own members earned $ 1,210,000. Detailed...

Attackers use the GitHub server infrastructure for cryptomining

The web service for hosting IT projects GitHub is investigating a series of attacks on its cloud infrastructure, in which cybercriminals use the company's servers for illegal cryptocurrency mining operations. The first attacks were recorded by a French programmer using the alias Tib in the fall of 2020. During the campaign, criminals use the GitHub Actions feature to automatically execute tasks and workflows...

The Coinhive domain is used to warn users about hacked resources

The creator of Have I Been Pwned, Troy Hunt, uses the domains of Coinhive, a cryptojacking service that was closed in 2019, to alert users to sites that are still mining hidden. Let me remind you that Coinhive  appeared  in the fall of 2017 and was then positioned as an alternative to classic banner advertising. As a result, Coinhive only spawned a large-scale...

Privacy-focused ClearURLs extension removed from Chrome Web Store

Edition Bleeping Computer Note that the browser-based extension ClearURLs, clearing URL-addresses from any tracker, designed for surveillance and intelligence, has been removed from Chrome Web Store. ClearURLs are provided for both Google Chrome and Firefox and Edge. Journalists explain that many sites have long URLs with additional parameters that do not provide any functional value, but are used to track users. This may especially...

Hackers began to exploit a serious vulnerability in F5 BIG-IP

Earlier this month, F5 Networks released patches to fix four critical bugs in BIG-IP and BIG-IQ. Then the developers wrote that these vulnerabilities can lead to denial of service (DoS) attacks and even to remote execution of arbitrary code without authentication. One of the most serious fixed vulnerabilities has the identifier  CVE-2021-22986   and affects various devices with F5 iControl REST on board. This RCE issue...

Critical bug fixed in Apache OFBiz

The developers of the Apache Software Foundation have fixed a vulnerability in Apache OFBiz that could allow an unauthenticated attacker to remotely take control of a vulnerable open source ERP system (Enterprise Resource Planning). OFBiz is a Java-based platform designed to automate various corporate processes. The platform offers a wide range of functions including, for example, accounting, customer relationship management, manufacturing...

Avast Analysts Examined OnionCrypter

Avast Threat Labs researchers report on the OnionCrypter cryptor, which has been widely used by many malware families since 2016, including Ursnif, Lokibot, Zeus, AgentTesla, and Smokeloader. It helps hide malicious pieces of code using encryption to make it harder to detect and analyze. According to the company, over the past three years, Avast has protected nearly 400,000 users worldwide from malware that...

Firefox extension used to hack Gmail

Proofpoint has discovered a campaign associated with the Chinese group TA413. According to the researchers, the campaign was active from January to February 2021. Hackers attacked Tibetan organizations around the world using a malicious Firefox extension that steals Gmail and Firefox data and then downloads malware onto infected systems. The researchers say that cybercriminals attacked Tibetan organizations with targeted phishing emails that lured victims...

LastPass for Android found seven built-in trackers

German cybersecurity expert Mike Kuketz noticed that there are seven trackers in the LastPass app for Android that monitor users. The researcher builds his findings on the report of the non-profit organization Exodus , which is described as an initiative "led by hacktivists, the goal of which is to help people understand the problems of tracking in Android applications." Seven trackers were found in the...

More than 400 phishing campaigns per week were associated with Valentine’s Day

Check Point experts report that hackers "celebrated" Valentine's Day in a big way. The company's analysts recorded more than 400 phishing campaigns dedicated to the holiday every week. At the same time, the number of new domains increased by 29% compared to last year and reached 23,000. About 2.3% of them (523) turned out to be malicious or suspicious. Traditionally, February is the month...

Proofpoint sues Facebook over phishing domains

Edition ZDNet reports that this week Proofpoint filed a lawsuit against Facebook, as the social network is trying to seize the domain names, which the company uses information security within the framework of the preparation of the study, designed to increase awareness about phishing. The counterclaim to Facebook stems from the fact that on November 30, 2020, the social network created a...

Researcher compromised 35 companies through new supply chain attack

nformation security expert Alex Birsan talked about a new problem , which is a variation of the attack on the supply chain, called the dependency confusion (confusion of dependencies) or substitution attack (substitution attack). For detecting this method of attacks, the researcher has already received more than $ 130,000 from various companies through bug bounty programs. The fact is that, using this problem,...

Popular The Great Suspender Chrome Extension Contains Malware

The Great Suspender extension has been removed from the Chrome Web Store, which suspends unused tabs in the browser and forcibly unloads their resources to free up memory. This simple tool has enjoyed immense popularity and has been installed over 2,000,000 times. According to Bleeping Computer , in the summer of 2020, the developer of The Great Suspender sold his brainchild to an...

SonicWall has released a patch for a 0-day bug under attack

At the end of January 2021, it became known that the SonicWall company suffered in the course of a "coordinated hacker attack" that exploited a certain vulnerability in the company's own products. Soon after, experts reported that a mysterious zero-day vulnerability in SonicWall's network devices was already under "indiscriminate" attacks. At the same time, analysts were convinced that they had discovered the very same 0-day...

Fortinet has fixed vulnerabilities discovered by Positive Technologies

Fortinet has closed four vulnerabilities in FortiWeb identified by Positive Technologies expert Andrey Medov. FortiWeb is a family of firewalls for protecting web applications. The first vulnerability ( CVE-2020-29015 , score 6.4 on the CVSS v3.1 scale) allows blind SQL injection through the FortiWeb user interface. An unauthorized attacker could execute arbitrary SQL queries remotely by sending a request with an Authorization header containing...

macOS sudo bug – CVE-2021-3156

Last week, Qualys  released information on the issue in sudo, which was assigned the identifier CVE-2021-3156 and the name Baron Samedit. At the time, it was reported that the heap overflow bug affected most Linux distributions and could be used by an attacker (who already has at least low-privilege access to the system) to gain root access. However, Qualys' experts have tested the problem only...