News Picks

Chinese hack group GhostEmperor uses new rootkit against Windows 10

At the SAS 2021 conference, Kaspersky Lab analysts spoke about the tools of the new Chinese cyber-espionage group GhostEmperor, which has been attacking large organizations in Southeast Asia...

Google developers told how they will implement Manifest V3

This week, Google revealed exactly how it plans to phase out Manifest V2, which defines the capabilities and limitations for extensions in Chrome. The developers also shared...

DDoS service operator DownThem faces up to 35 years in prison

A California jury found a former DDoS service administrator (DownThem and Ampnode) guilty. Paid users of these services have carried out over 200,000 DDoS attacks both on...

Cyberattack suspends banks in New Zealand

At the moment, it is unclear who is behind the cyberattack and whether it resulted in a data breach. On Wednesday, September 8, a cyberattack...

Attackers scan the network looking for Microsoft Exchange servers vulnerable to ProxyShell

Recently at the Black Hat conference, they talked about the remote code execution vulnerabilities in Microsoft Exchange, collectively known as ProxyShell. Now experts are warning...

Kaseya now has a decryptor for REvil

Representatives of the Kaseya company, whose clients have recently suffered from attacks by the ransomware REvil, said that the company now has a universal tool for...

Microsoft has released its own Linux distribution

This week Microsoft posted on GitHub the first stable build of its own Linux distribution,  CBL-Mariner (Common Base Linux), which was published under the open source...

Mercedes-Benz reports data breaches of 1.6 million customers

The American division of Mercedes-Benz has reported a data breach affecting some of the company's customers. The incident affected 1.6 million records that included customer names, addresses,...

Advertising of ransomware was banned on the XSS hacker forum

The administration of the popular hacker forum XSS (formerly DaMaGeLab) has banned the advertising and sale of any ransomware on the site. Although groups such...

Microsoft Edge browser will warn users about “leaked” passwords

The browser will constantly check the information against databases of information about declassified logins and passwords. Continuous monitoring of passwords will allow users to receive...

Last Articles

226 vulnerabilities found in popular router models

Researchers at IoT Inspector, in collaboration with Chip, have verified the security of many popular routers from Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology and Linksys that are used by millions of people. Alas, as a result, 226 potential vulnerabilities were identified.  “For the evaluation of the routers, the vendors provided the Chip with up-to-date models that were updated to the latest firmware. These...

Conti ransomware operators have “earned” at least $ 25.5 million since July 2021

Experts at the Swiss information security company Prodaft have calculated that over the past five months, Conti ransomware  operators have earned at least $ 25.5 million from their attacks. The company said it has partnered with blockchain analysts at Elliptic to track 113 cryptocurrency addresses and over 500 bitcoins that Conti operators have collected from their victims over the past five months. This data is...

Emergency patches for Chrome address multiple 0-day vulnerabilities

Google has released Chrome 95.0.4638.69 for Windows, Mac and Linux. Two zero-day vulnerabilities that were actively exploited by cybercriminals have been fixed in the browser. The developers warn that exploits have already been created for the vulnerabilities CVE-2021-38000 and CVE-2021-38003, which are used by hackers, but the company has not yet disclosed the details of these attacks. This is a normal practice for Google,...

Fresh Apache Vulnerability May Lead to Remote Code Execution

Earlier this week, the Apache Software Foundation released a patch  to address the 0-day vulnerability CVE-2021-41773 in its HTTP web server. Already at the time of the release of the patches, the bug was actively exploited by hackers, and it was reported that the vulnerability allows attackers to carry out a path traversal attack by matching URLs to files outside the expected...

Fresh bug in VMware vCenter is already under attack

An exploit for the recently fixed RCE vulnerability in VMware vCenter (CVE-2021-22005) has been published online. Experts warned that hackers had already adopted the exploit. The issue CVE-2021-22005 became known last week. Then VMware engineers reported that they fixed the bug and recommended that users install updates as soon as possible, because the vulnerability is classified as critical and received 9.8 points out of...

Google developers told how they will implement Manifest V3

This week, Google revealed exactly how it plans to phase out Manifest V2, which defines the capabilities and limitations for extensions in Chrome. The developers also shared their plans to bring the infamous Manifest V3 to full functionality, which became available in the beta version of Chrome 88. Background Let me remind you that for the first time they started talking about Manifest V3 back in 2018. Then the developers...

Microsoft Announces Large-Scale Operation BulletProofLink Offering Phishing As A Service

Microsoft experts said BulletProofLink (aka BulletProftLink or Anthrax), a Phishing-as-a-Service (PHaaS), is responsible for many of the recent phishing campaigns targeting companies and organizations. It should be noted that BulletProofLink was first discovered back in October 2020 by OSINT Fans researchers, who published a series of articles ( 1 , 2 , 3 ) describing some of the mechanisms of the PHaaS platform. Researchers now report that the attackers...

New vulnerability in macOS allows an attacker to remotely execute commands

The researcher found a bug in the macOS Finder that allows an attacker to run commands on Mac computers with any version of macOS (up to the latest Big Sur). There is no patch for this problem yet. The vulnerability was discovered by independent information security expert Park Minchan, and it is related to the way macOS handles .inetloc files (Internet...

DDoS service operator DownThem faces up to 35 years in prison

A California jury found a former DDoS service administrator (DownThem and Ampnode) guilty. Paid users of these services have carried out over 200,000 DDoS attacks both on individuals and organizations around the world. Matthew Gatrel, 32, has been running DownThem and Ampnode since at least October 2014, according to court documents. The former offered DDoS attack capacity per subscription, while AmpNode provided bulletproof hosting...

Exploit for 0-day vulnerability in Windows MSHTML published

Researchers warn that cybercriminals are already sharing tutorials and exploits for the CVE-2021-40444 vulnerability on hacker forums, allowing more hackers to exploit the new vulnerability in their attacks. Let me remind you that last week Microsoft  issued a warning  about a new zero-day vulnerability in Microsoft MHTML (aka Trident), the proprietary Internet Explorer browser engine. It has been reported that the issue is...

The number of attacks on Microsoft Exchange Server grew by 170% in a month

Kaspersky Lab researchers report that in August 2021, the company's products blocked 19,839 attacks on users of Microsoft Exchange servers. The surge in malicious activity in the company is associated, for example, with recently discovered ProxyShell vulnerabilities. Compared to July, the number of attacks on Microsoft Exchange increased by 170%. According to experts, the growth is due to the fact that many...

Babuk ransomware sources published on the hacker forum

A group of vx-Underground researchers noticed that the full source code of the Babuk ransomware has been published on the Russian-language hack forum. A member of the hack group who published the source claims that he was diagnosed with stage 4 lung cancer, and he wants to have time to "live like a person." Let me remind you that Babuk (aka Babuk Locker...

Researchers have learned to bypass PIN codes for Mastercard and Maestro cards

A group of scientists from the Swiss Higher Technical School of Zurich has found a way to bypass PIN codes on Mastercard and Maestro contactless cards. In essence, this vulnerability allowed stolen Mastercard and Maestro cards to be used to pay for expensive products. And you don't need a PIN. The main idea of ​​the attack developed by the researchers is that an attacker...

Cloudflare coped with DDoS attack with a capacity of 17.2 million HTTP requests per second

Cloudflare announced the prevention of the largest DDoS attack to date, reaching 17.2 million HTTP requests per second, three times the power of other known attacks. The incident happened last month and targeted one of Cloudflare's financial customers. According to the company, an unknown attacker used a botnet of 28,000 infected devices to send HTTP requests to a client's network. Based on the IP...

Morse code Phishing attacks

Microsoft experts  talked about a malicious campaign that has been going on for about a year. According to them, hackers change obfuscation and encryption mechanisms on average every 37 days, including using Morse code to hide their tracks and steal user credentials. Typically, phishers' lures are disguised as invoices related to financial business transactions, and the emails contain an HTML file (“XLS.HTML”). The ultimate...

Lists of Companies Affected by the SolarWinds Hack has Published

Several information security companies have published lists of SolarWinds customers who have been affected by the hacking of the company  and the infection of the Orion...

Automation Of Penetration Testing With Machine Learning

Penetration Testing in Simple Words, is to identify and indicate a vulnerability and perform set of actions to test if the Target is Exploitable...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It aims for the following goals: Provide a collaborative platform to share samples among malware researchers.Acts as...

SocialFish – Let’s Go Phishing

SocialFish is an open-source phishing tool, integrated with another open source tool – Ngrok, which allows you to easily create a phishing page of most...

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party extensions for Google Chrome and Microsoft Edge. All of these extensions were associated with popular platforms:...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues, prioritizes the most important (such as network security, network integrity, and network performance), and then...

Threat Intelligence Automation

Cyber Threat Intelligence (CTI) is a framework and technology that generates intelligence that can, or will respond to cyber threat attacks that are now...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting malware that has the functionality of a worm. The analysis showed that Gitpaste-12, as Juniper...