Last Articles

DuckDuckGo launches email service to get rid of trackers in emails

The developers of the search engine DuckDuckGo  have created an email service that removes any trackers from incoming messages, which, for example, help create user profiles for targeted advertising. Service users receive a free address at @ duck.com, where emails are cleared of trackers and then sent to a regular mailbox. The service is currently running in a closed beta test. So far, you...

Microsoft has released its own Linux distribution

This week Microsoft posted on GitHub the first stable build of its own Linux distribution,  CBL-Mariner (Common Base Linux), which was published under the open source MIT license. It is an internal distribution designed for Microsoft cloud infrastructure, edge products and services. The description of the distribution says that it was created for the purpose of unification, as a base platform for various...

1 TB of data stolen from oil company Saudi Aramco

Attackers stole 1 TB of confidential data from the Saudi Arabian Oil Company, the national oil company of Saudi Arabia, which is now being sold on the darknet, according to Bleeping Computer . Interestingly, this time the leak was not due to a ransomware attack. Saudi Aramco attributes this incident to a leak from one of the third-party contractors and reports that the...

HelloKitty Cryptographer Attacks Vulnerable SonicWall Devices

The Department of Homeland Security (DHS CISA) Cybersecurity and Infrastructure Protection Agency (DHS CISA) has warned that attackers are attacking a "known, previously patched vulnerability" in SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products with outdated firmware. The experts add that attackers can exploit this vulnerability for targeted ransomware attacks. As a reminder, last week SonicWall issued an urgent warning...

Chrome 0-day vulnerability – 8th Vulnerability this year

Google developers have released an updated version of the Chrome browser for Windows, Mac and Linux ( 91.0.4472.164 ), which eliminated a zero-day vulnerability in the V8 engine, which is responsible for running and interpreting JavaScript. The vulnerability has been assigned the identifier CVE-2021-30563 and is of type confusion. It is reported that this problem has already been used by hackers for attacks,...

Vulnerability in Cloudflare CDN puts almost 13% of sites on the Internet at risk of being hacked

The issue affects CDNJS, a content delivery network designed to accelerate the delivery of JavaScript libraries. The company Cloudflare, which provides CDN services, has fixed a dangerous vulnerability that threatened to compromise about 12.7% of all sites on the Internet. According to cybersecurity researcher RyotaK, the problem affects CDNJS, a content delivery network designed to accelerate the delivery of JavaScript libraries, and...

D-Link removed hardcoded credentials from its router

D-Link developers have eliminated several vulnerabilities by releasing new firmware for the DIR-3040 AC3000 router. Thanks to these bugs, attackers could execute arbitrary code, gain access to confidential information, or disable a device through a denial of service. The vulnerabilities were discovered by Cisco Talos experts, and among them are hard-coded credentials, command injection issues and information disclosure: CVE-2021-21816: Syslog DisclosureCVE-2021-21817: Zebra IP Routing...

CVE-2021-3452 – Lenovo patches a vulnerability affecting dozens of ThinkPad models

Lenovo has released information on three BIOS vulnerabilities in two desktop models and approximately 60 different notebook computers. The first issue, identified as CVE-2021-3452, threatens dozens of ThinkPad models. It is associated with the SMI callback function at system shutdown and can be used by a local attacker who already has elevated privileges on the device to execute arbitrary code. BIOS updates for more...

Recently fixed issue in Serv-U was attacked by Chinese hack group DEV-0322

Earlier this week, SolarWinds developers  patched an RCE vulnerability (CVE-2021-35211) in Serv-U and warned that hackers were already exploiting the problem. According to the company, the vulnerability was exploited by only one attacker in attacks aimed at a limited number of victims. This vulnerability only affects Serv-U Managed File Transfer and Serv-U Secure FTP. All Serv-U versions up to the updated 15.2.3 HF2, released...

TrickBot is back with a new user tracking module

Despite attempts to disable the infrastructure of the TrickBot botnet, there are no signs that the malware will go away any time soon. Bitdefender cybersecurity researchers have unveiled the ongoing resurgence of TrickBot malware, making it clear that the cybercriminals behind it are constantly working to improve their infrastructure. "These new capabilities are being used to monitor and collect information from...

The Ransomwhere project creates a database of ransomware payments

Project  Ransomwhere , created by a student at Stanford University and a researcher at the IB-Krebs Stamos Group Jack Cable, creates a free and open database of payments, which have been translated to various extortionate hack groups. This database, devoid of any personal information, will be available to information security specialists and law enforcement officers for free download. Unfortunately, such a database can...

Financial company Morgan Stanley reports customer data breach

The American financial giant Morgan Stanley has notified the authorities that a third-party vendor has leaked data on the company's clients. Personal information fell into the hands of third parties due to an attack on the outdated file-sharing service Accellion FTA (File Transfer Application). Attacks on it have been observed since December 2020, and even then FireEye analysts linked this activity with the...

The official patch for the PrintNightmare vulnerability was ineffective

Earlier this week, the company released an emergency patch for a critical PrintNightmare bug recently discovered in Windows Print Spooler (spoolsv.exe). Microsoft  assigned  the bug ID CVE-2021-34527, and also confirmed that the problem allows arbitrary code to be executed remotely with SYSTEM privileges and allows an attacker to install programs, view, modify or delete data, and create new accounts with user rights. Currently, patches are...

Due to a bug, Kaspersky Password Manager allowed generating weak passwords

Last year, the developers of Kaspersky Password Manager (KPM) asked users to update their passwords to stronger ones. Now the specialists of Ledger Donjon (the information security division of the Ledger company, which develops crypto wallets), talked about why this happened, and what problems they discovered in KPM some time ago. Experts remind that in March 2019, Kaspersky Lab  released an update for KPM, promising...

93,000 people paid for fake mining apps

Lookout found that around 93,000 users were paying for 172 Android cloud mining apps that didn't work. Researchers split the applications into two separate families Bitam (83,800 installations) and Cloudcam (9,600 installations). 25 fake apps were available on the official Google Play Store, while others were distributed through third-party app stores. As it turned out, contrary to the advertised functions, the applications simply did...

“break” Wi-Fi on iPhone

Researcher Carl Schou discovered  a bug in the iPhone last month that disrupts wireless connectivity when connected to an access point with a specific name. Worse, Wi-Fi won't work even after a device reboot or if the hotspot is renamed. The problem was encountered while connecting to an access point named "% p% s% s% s% s% n". When trying to connect to this network, Wi-Fi...

Microsoft releases unscheduled patch for PrintNightmare vulnerability

Microsoft has prepared an emergency patch for a critical PrintNightmare bug recently discovered in Windows Print Spooler (spoolsv.exe). A lot of confusion has arisen around the PrintNightmare issue, as Microsoft initially combined two vulnerabilities under one identifier (CVE-2021-1675). But the official patch released in June only fixed part of the problem, leaving a critical RCE bug unpatched. Because of this, at the...

Hackers hacked e-mails of dozens of Polish parliament members

The attacks were carried out as part of a broader malicious campaign called Ghostwriter. The emails of about a dozen members of the Polish parliament have been hacked, which has become one of the largest cyberattacks in the country in the past few years. News of the hack emerged two weeks after members of the Polish government were hit by a cyberattack that...

Unofficial patch for PrintNightmare vulnerability

Last week, we reported  that a PoC exploit appeared on the network for the dangerous vulnerability CVE-2021-34527 in Windows Print Spooler (spoolsv.exe), which the researchers named PrintNightmare. The problem affects all versions of Windows, can even affect XP and Vista, and helps remotely execute arbitrary code with SYSTEM privileges, which allows an attacker to install programs, view, modify or delete data, and create new...

TrickBot developers is linked with Diavol ransomware

Fortinet specialists published a report in which they report that the creators of the well-known malware TrickBot (this hack group is usually called the Wizard Spider) may be involved in the development of a new ransomware Diavol. Payloads of ransomware Diavol and Conti were deployed on various systems in early June 2021. It is noted that these ransomware are very similar and have...

PrintNightmare got a new CVE ID but not a patch

Earlier this week, we reported that a PoC exploit for a dangerous vulnerability in Windows Print Spooler (spoolsv.exe) appeared on the network, which the researchers dubbed PrintNightmare. This bug was originally identified as  CVE-2021-1675   and was fixed by Microsoft a couple of weeks ago as part of June Patch Tuesday. As it turned out, PrintNightmare's problem was much more dangerous than originally anticipated. For example,...

CVE-2021-34527 : PrintNightmare Vulnerability, Exploit and Remediation

Vulnerability A PoC exploit for a dangerous vulnerability in Windows Print Spooler (spoolsv.exe) has been published online. This bug has ID CVE-2021-1675  or is named PrintNightmare. It was patched by Microsoft just a couple of weeks ago as part of June's Patch Tuesday. Windows Print Spooler Service is a universal interface between OS, applications, and local or network printers, allowing application developers to submit print...