Last Articles

Firefox extension used to hack Gmail

Proofpoint has discovered a campaign associated with the Chinese group TA413. According to the researchers, the campaign was active from January to February 2021. Hackers attacked Tibetan organizations around the world using a malicious Firefox extension that steals Gmail and Firefox data and then downloads malware onto infected systems. The researchers say that cybercriminals attacked Tibetan organizations with targeted phishing emails that lured victims...

LastPass for Android found seven built-in trackers

German cybersecurity expert Mike Kuketz noticed that there are seven trackers in the LastPass app for Android that monitor users. The researcher builds his findings on the report of the non-profit organization Exodus , which is described as an initiative "led by hacktivists, the goal of which is to help people understand the problems of tracking in Android applications." Seven trackers were found in the...

More than 400 phishing campaigns per week were associated with Valentine’s Day

Check Point experts report that hackers "celebrated" Valentine's Day in a big way. The company's analysts recorded more than 400 phishing campaigns dedicated to the holiday every week. At the same time, the number of new domains increased by 29% compared to last year and reached 23,000. About 2.3% of them (523) turned out to be malicious or suspicious. Traditionally, February is the month...

Proofpoint sues Facebook over phishing domains

Edition ZDNet reports that this week Proofpoint filed a lawsuit against Facebook, as the social network is trying to seize the domain names, which the company uses information security within the framework of the preparation of the study, designed to increase awareness about phishing. The counterclaim to Facebook stems from the fact that on November 30, 2020, the social network created a...

Researcher compromised 35 companies through new supply chain attack

nformation security expert Alex Birsan talked about a new problem , which is a variation of the attack on the supply chain, called the dependency confusion (confusion of dependencies) or substitution attack (substitution attack). For detecting this method of attacks, the researcher has already received more than $ 130,000 from various companies through bug bounty programs. The fact is that, using this problem,...

Popular The Great Suspender Chrome Extension Contains Malware

The Great Suspender extension has been removed from the Chrome Web Store, which suspends unused tabs in the browser and forcibly unloads their resources to free up memory. This simple tool has enjoyed immense popularity and has been installed over 2,000,000 times. According to Bleeping Computer , in the summer of 2020, the developer of The Great Suspender sold his brainchild to an...

SonicWall has released a patch for a 0-day bug under attack

At the end of January 2021, it became known that the SonicWall company suffered in the course of a "coordinated hacker attack" that exploited a certain vulnerability in the company's own products. Soon after, experts reported that a mysterious zero-day vulnerability in SonicWall's network devices was already under "indiscriminate" attacks. At the same time, analysts were convinced that they had discovered the very same 0-day...

Fortinet has fixed vulnerabilities discovered by Positive Technologies

Fortinet has closed four vulnerabilities in FortiWeb identified by Positive Technologies expert Andrey Medov. FortiWeb is a family of firewalls for protecting web applications. The first vulnerability ( CVE-2020-29015 , score 6.4 on the CVSS v3.1 scale) allows blind SQL injection through the FortiWeb user interface. An unauthorized attacker could execute arbitrary SQL queries remotely by sending a request with an Authorization header containing...

macOS sudo bug – CVE-2021-3156

Last week, Qualys  released information on the issue in sudo, which was assigned the identifier CVE-2021-3156 and the name Baron Samedit. At the time, it was reported that the heap overflow bug affected most Linux distributions and could be used by an attacker (who already has at least low-privilege access to the system) to gain root access. However, Qualys' experts have tested the problem only...

Attacks on 0-day vulnerability found in SonicWall products

Information security specialists of the NCC Group have discovered that a mysterious zero-day vulnerability in SonicWall's network devices is already under "indiscriminate" attacks. Since there is still no patch, details of the nature of the bug are not disclosed to prevent other hackers from joining the attacks. SonicWall developers were notified of what was happening last weekend.

Double extortion strategy is gaining popularity among cybercriminals

In 2020, ransomware operators resorted to a double ransomware strategy, in which attackers steal victims' unencrypted files and then threaten to publish them if the ransom is not paid. Using data collected through automated channels, Digital Shadows recorded 550 double ransomware reports on data breach sites supported by more than a dozen ransomware groups. Ransomware is now the standard approach for monetizing compromised...

ProtonVPN conflicts with antivirus software and causes BSOD on Windows

Late last week, engineers at Proton Technologies, the company behind ProtonMail and ProtonVPN, announced that they are working to resolve a blue screen of death issue in the latest client version for Windows users. It is known that not all users experience BSOD, since the root of the problem is a conflict with an unnamed antivirus software. There are no patches for this...

Data from 77 million Nitro PDF users published by hackers

Last fall, the developer of the well-known PDF tool, Nitro, leaked their customers' data. Then the company representatives assured that the incident did not have a serious impact on the work of Nitro PDF, and user data was not affected. However, information security experts reported that hackers are selling user databases and databases with documents stolen from the company at a private auction,...

Chinese hack group steals data from air passengers

The NCC Group and its subsidiary Fox-IT have published a joint report on the activities of the Chinese hacker group Chimera. For the first time, experts from cybersecurity firm CyCraft spoke about this group last year and presented their findings at the Black Hat 2020 conference . As analysts from the NCC Group and Fox-IT, who watched the hackers from October 2019 to April 2020, now...

OpenWRT Forum Suffered by Hack and Data Leakage

The open source project OpenWRT, known for its firmware for routers, has reported a compromise. Last weekend (January 16, 2021), the forum administrator account (forum.openwrt.org) was hacked as a result of an attack. At the same time, it is emphasized that the wiki of the project, where the official download links are posted, has not been damaged. "It is not known how access to...

Malwarebytes get Hacked by hackers who hacked SolarWinds

The list of companies affected by hackers who compromised SolarWinds continues to grow. Representatives of the information security company Malwarebytes said that although the company did not use SolarWinds products, the same attackers managed to gain access to its internal emails. Let me remind you that the attack on SolarWinds is attributed to an allegedly Russian-speaking hack group, which information security experts track...

Chrome will restrict access to its API for third-party browsers

Google developers have announced that they will prevent third-party Chromium browsers from using Google's private APIs. The fact is that many of the APIs included in the Chromium code are intended exclusively for Google Chrome, however, it was found that third-party manufacturers use them successfully. “In a recent audit, we discovered that some third-party Chromium-based browsers may use Google features, including Chrome Sync...

Crash Windows 10 into BSOD using path in Chrome bar

A new bug in the Windows 10 operating system can lead to a blue screen of death (BSOD) if the user enters a specific path into the browser address bar. Also BSOD can cause the use of Windows commands. This is the second vulnerability reported by Jonas Luckgard, a cybersecurity researcher specializing in Windows , in the past few...

Pentagon blacklisted Xiaomi for linking with the Chinese army

The US Department of Defense has added several new organizations to the list of companies allegedly associated with the PRC military sector, including the manufacturer of mobile devices Xiaomi. “The Ministry is committed to identifying and countering the development strategy of the People's Republic of China (PRC) civil-military synthesis, which aims to modernize the People's Liberation Army (PLA) by providing...

A website has appeared on the network, which allegedly sells data stolen as a result of the SolarWinds hack

Bleeping Computer writes that SolarLeaks (solarleaks Net) has appeared on the network, where unknown persons sell data that was allegedly stolen from Microsoft, Cisco, FireEye and SolarWinds during a recent attack on the supply chain . Let me remind you that in December 2020 it became known that unknown attackers attacked SolarWinds and infected its Orion platform with malware. Of the 300,000 SolarWinds...

Microsoft patches 83 vulnerabilities, including a 0-day bug in Defender

The first Patch Tuesday in 2021 brought fixes for 83 vulnerabilities in Microsoft products, 10 of which were classified as critical. Various patches have been released for Windows, Edge Browser, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Windows Codecs Library, Visual Studio, SQL Server, Microsoft Malware Protection Engine, .NET Core, .NET Repository, ASP .NET, and Azure. The biggest issue this...

The SolarWinds attack used a third malware: Sunspot

CrowdStrike experts investigating the recent attack on SolarWinds and its customers said they had discovered the third malware involved in this operation. The malware was named Sunspot. The Crowdstrike report states that although Sunspot malware was the last detected, hackers used it first: it was deployed back in September 2019, when attackers first entered SolarWinds' internal network. Then Sunspot was installed on the company's build...