News Picks

Chinese hack group GhostEmperor uses new rootkit against Windows 10

At the SAS 2021 conference, Kaspersky Lab analysts spoke about the tools of the new Chinese cyber-espionage group GhostEmperor, which has been attacking large organizations in Southeast Asia...

Google developers told how they will implement Manifest V3

This week, Google revealed exactly how it plans to phase out Manifest V2, which defines the capabilities and limitations for extensions in Chrome. The developers also shared...

DDoS service operator DownThem faces up to 35 years in prison

A California jury found a former DDoS service administrator (DownThem and Ampnode) guilty. Paid users of these services have carried out over 200,000 DDoS attacks both on...

Cyberattack suspends banks in New Zealand

At the moment, it is unclear who is behind the cyberattack and whether it resulted in a data breach. On Wednesday, September 8, a cyberattack...

Attackers scan the network looking for Microsoft Exchange servers vulnerable to ProxyShell

Recently at the Black Hat conference, they talked about the remote code execution vulnerabilities in Microsoft Exchange, collectively known as ProxyShell. Now experts are warning...

Kaseya now has a decryptor for REvil

Representatives of the Kaseya company, whose clients have recently suffered from attacks by the ransomware REvil, said that the company now has a universal tool for...

Microsoft has released its own Linux distribution

This week Microsoft posted on GitHub the first stable build of its own Linux distribution,  CBL-Mariner (Common Base Linux), which was published under the open source...

Mercedes-Benz reports data breaches of 1.6 million customers

The American division of Mercedes-Benz has reported a data breach affecting some of the company's customers. The incident affected 1.6 million records that included customer names, addresses,...

Advertising of ransomware was banned on the XSS hacker forum

The administration of the popular hacker forum XSS (formerly DaMaGeLab) has banned the advertising and sale of any ransomware on the site. Although groups such...

Microsoft Edge browser will warn users about “leaked” passwords

The browser will constantly check the information against databases of information about declassified logins and passwords. Continuous monitoring of passwords will allow users to receive...

Last Articles

SolarWinds has fixed a vulnerability in Serv-U that was used in attacks on Log4j

Microsoft  discovered a vulnerability in Serv-U that hackers exploited to carry out Log4j attacks on internal devices in the network of victim companies. The bug was discovered by Microsoft experts while monitoring attacks using Log4j . The bug, identified as CVE-2021-35247 , was related to incorrect input validation, which allowed attackers to create requests and send them over the network in an unverified form. SolarWinds, which is responsible...

Vulnerability in macOS Leads to Data Leakage

Microsoft experts said that attackers could use a macOS vulnerability to bypass Transparency, Consent, and Control (TCC) technology and gain access to protected user data. Back in the summer of 2021, a research group informed Apple developers about a vulnerability dubbed powerdir ( CVE-2021-30970 ). The bug is related to the TCC technology, which is designed to block applications from accessing sensitive user...

Microsoft Defender Log4j Problem Scanner finds non-existent bugs

The media reports that Microsoft Defender for Endpoint is showing false warnings about some kind of "sensor tampering" associated with the recently deployed Microsoft 365 Defender scanner for Log4j processes. According to Bleeping Computer , such warnings mostly appear on Windows Server 2016 systems and read: "Microsoft Defender for Endpoint has detected possible sensor tampering with memory." These warnings apply to the OpenHandleCollector.exe...

Abcbot botnet attacks Chinese cloud providers

The Arcbot botnet attacks the infrastructure of Chinese cloud hosting providers, researchers at Cado Security warned . Presumably, the main purpose of malware is cryptocurrency mining. Abcbot attacks the servers of companies such as Alibaba Cloud, Baidu, Tencemt and Huawei Cloud, experts say, confirming the findings of its colleagues at  Trend Micro  and  Qihoo 360 NetLab . "I have a theory that younger providers of cloud-based services, such as...

Log4j 0 Day: Experts are already fixing attacks on the Log4Shell vulnerability

Cybercriminals and cybersecurity researchers are already scanning the network for products vulnerable to a dangerous bug in the Log4j library, which has been named Log4Shell . The vulnerability is already being exploited to deploy miners, Cobalt Strike beacons, and so on. Log4Shell An issue in the popular Log4j logging library included in the Apache Logging Project was reported last week. The 0-day vulnerability received the...

Dark Mirai botnet exploits RCE vulnerability in TP-Link routers

According to Fortinet experts, the Dark Mirai (aka Manga or Dark.IoT) botnet operators are actively abusing a recently discovered vulnerability in TP-Link routers. The attacks began about two weeks ago and exploit the vulnerability  the CVE-2021-41653 , discovered in November of this year, the Hungarian researcher MATEK Camillo, who also unveiled a PoC-exploit. According to Fortinet, Dark Mirai carriers use default passwords to access devices...

0-day in Log4j library poses a threat to many applications and servers

The Apache Software Foundation has released an emergency security update that fixes a 0-day vulnerability ( CVE-2021-44228 ) in the popular Log4j logging library, which is part of the Apache Logging Project. The patch was released as part of the 2.15.0 release . The vulnerability was named Log4Shell and scored 10 out of 10 points on the CVSS vulnerability rating scale. The bug allows remote arbitrary code...

226 vulnerabilities found in popular router models

Researchers at IoT Inspector, in collaboration with Chip, have verified the security of many popular routers from Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology and Linksys that are used by millions of people. Alas, as a result, 226 potential vulnerabilities were identified.  “For the evaluation of the routers, the vendors provided the Chip with up-to-date models that were updated to the latest firmware. These...

Conti ransomware operators have “earned” at least $ 25.5 million since July 2021

Experts at the Swiss information security company Prodaft have calculated that over the past five months, Conti ransomware  operators have earned at least $ 25.5 million from their attacks. The company said it has partnered with blockchain analysts at Elliptic to track 113 cryptocurrency addresses and over 500 bitcoins that Conti operators have collected from their victims over the past five months. This data is...

Emergency patches for Chrome address multiple 0-day vulnerabilities

Google has released Chrome 95.0.4638.69 for Windows, Mac and Linux. Two zero-day vulnerabilities that were actively exploited by cybercriminals have been fixed in the browser. The developers warn that exploits have already been created for the vulnerabilities CVE-2021-38000 and CVE-2021-38003, which are used by hackers, but the company has not yet disclosed the details of these attacks. This is a normal practice for Google,...

Fresh Apache Vulnerability May Lead to Remote Code Execution

Earlier this week, the Apache Software Foundation released a patch  to address the 0-day vulnerability CVE-2021-41773 in its HTTP web server. Already at the time of the release of the patches, the bug was actively exploited by hackers, and it was reported that the vulnerability allows attackers to carry out a path traversal attack by matching URLs to files outside the expected...

Fresh bug in VMware vCenter is already under attack

An exploit for the recently fixed RCE vulnerability in VMware vCenter (CVE-2021-22005) has been published online. Experts warned that hackers had already adopted the exploit. The issue CVE-2021-22005 became known last week. Then VMware engineers reported that they fixed the bug and recommended that users install updates as soon as possible, because the vulnerability is classified as critical and received 9.8 points out of...

Google developers told how they will implement Manifest V3

This week, Google revealed exactly how it plans to phase out Manifest V2, which defines the capabilities and limitations for extensions in Chrome. The developers also shared their plans to bring the infamous Manifest V3 to full functionality, which became available in the beta version of Chrome 88. Background Let me remind you that for the first time they started talking about Manifest V3 back in 2018. Then the developers...

Microsoft Announces Large-Scale Operation BulletProofLink Offering Phishing As A Service

Microsoft experts said BulletProofLink (aka BulletProftLink or Anthrax), a Phishing-as-a-Service (PHaaS), is responsible for many of the recent phishing campaigns targeting companies and organizations. It should be noted that BulletProofLink was first discovered back in October 2020 by OSINT Fans researchers, who published a series of articles ( 1 , 2 , 3 ) describing some of the mechanisms of the PHaaS platform. Researchers now report that the attackers...

New vulnerability in macOS allows an attacker to remotely execute commands

The researcher found a bug in the macOS Finder that allows an attacker to run commands on Mac computers with any version of macOS (up to the latest Big Sur). There is no patch for this problem yet. The vulnerability was discovered by independent information security expert Park Minchan, and it is related to the way macOS handles .inetloc files (Internet...

Lists of Companies Affected by the SolarWinds Hack has Published

Several information security companies have published lists of SolarWinds customers who have been affected by the hacking of the company  and the infection of the Orion...

Automation Of Penetration Testing With Machine Learning

Penetration Testing in Simple Words, is to identify and indicate a vulnerability and perform set of actions to test if the Target is Exploitable...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It aims for the following goals: Provide a collaborative platform to share samples among malware researchers.Acts as...

SocialFish – Let’s Go Phishing

SocialFish is an open-source phishing tool, integrated with another open source tool – Ngrok, which allows you to easily create a phishing page of most...

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party extensions for Google Chrome and Microsoft Edge. All of these extensions were associated with popular platforms:...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues, prioritizes the most important (such as network security, network integrity, and network performance), and then...

Threat Intelligence Automation

Cyber Threat Intelligence (CTI) is a framework and technology that generates intelligence that can, or will respond to cyber threat attacks that are now...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting malware that has the functionality of a worm. The analysis showed that Gitpaste-12, as Juniper...