Last Articles

A preliminary build of Windows 11 appeared on the network

Officially, the new version of Windows will be announced and presented only next week, June 24, 2021, but the pre-build has already been leaked to the network. The ISO image of Windows 11 (apparently, this is the name the next version of the operating system will bear) originally appeared on the Chinese forum and quickly spread throughout the Internet, since everyone was interested in...

One of the subgroups of Darkside has hacked the supplier of video surveillance systems

Mandiant experts report that a hack group, which previously worked with the ransomware group DarkSide, hacked the website of an unnamed video surveillance system vendor and infected the official Windows application with malware. The attack took place on May 18 and lasted until early June, until the moment when Mandiant specialists discovered the malware and notified the affected company. The malware was hidden...

Avaddon malware operators publish data decryption keys

Operators of the ransomware Avaddon stopped working and provided the Bleeping Computer with the keys to decrypt the victims' data. On the morning of June 11, 2021, journalists received an anonymous tip (allegedly from the FBI) ​​on a password-protected ZIP file (Decryption Keys Ransomware Avaddon), as well as a password from it. The archive contained three files shown in the screenshot below. After showing...

Ransomware attacks SonicWall devices more and more

Back in April this year, Mandiant noted that hackers are increasingly using SonicWall devices to infiltrate corporate networks and deploy ransomware. Now the CrowdStrike researchers have come to exactly the same conclusions . Similar attacks began in 2019-2020 and typically affected enterprise-grade network equipment from Citrix, F5, Pulse Secure, Fortinet, and Palo Alto Networks. This is because corporate VPNs and network gateways have proven to be...

Critical Vulnerability Attacks Detected in VMware vCenter

The experts warned that attackers are already actively scanning the network in search of VMware vCenter servers vulnerable to the recently fixed critical RCE issue CVE-2021-21985, which scored 9.8 out of 10 on the CVSS v3 vulnerability rating scale.

Ethereum miner built into Norton 360 antivirus

According to Bleeping Computer , the developers of NortonLifeLock (formerly Symantec Corporation) equipped their Norton 360 antivirus with an Ethereum cryptocurrency miner in an effort to protect users from malicious miners. The new feature is dubbed Norton Crypto and will be rolled out to early adopters of Norton 360 this week. If Norton Crypto is enabled, the antivirus will use the device's graphics...

FBI says REvil ransomware was behind attack on JBS

As we previously reported , food manufacturing company JBS Foods was forced to suspend production at several sites due to a hacker attack. The incident affected several JBS manufacturing facilities in various countries, including the United States, Australia and Canada. Today, JBS is the world's largest supplier of beef and poultry, as well as the second largest producer of pork. The company operates in the...

Canadian Post has suffered a data breach

Canada Post, the main postal operator in Canada serving more than 16,500,000 residential and business addresses, notified 44 commercial customers that one of its suppliers had been the victim of a ransomware attack. As a result, delivery address data was leaked. It is reported that Commport Communications was compromised, and as a result, attackers gained access to data stored in its systems. The hackers...

Advertising of ransomware was banned on the XSS hacker forum

The administration of the popular hacker forum XSS (formerly DaMaGeLab) has banned the advertising and sale of any ransomware on the site. Although groups such as REvil, LockBit, DarkSide, Netwalker, Nefilim and so on often used the forum to advertise new customer acquisition. “The main purpose of the DaMaGeLab forum is knowledge. We are a technical forum, we learn, research, share knowledge,...

Tor exit nodes are used to attack users

Over the past 16 months, unknown attackers have infiltrated malicious servers into the Tor network, and then used them to intercept cryptocurrency-related traffic and perform SSL stripping attacks. This campaign started back in January 2020, and its essence was to add to the Tor network the servers, which were marked as exit nodes (that is, the servers through which traffic...

New Moriya Rootkit Targeting Windows Discovered

Kaspersky Lab experts have discovered a rare type of malware - the Moriya rootkit . The fact is that after the release of Windows 10, OS security has noticeably increased, so in recent years it has become much more difficult to develop and successfully use rootkits. The researchers write that Moriya is designed for Windows and has existed since at least 2018, but...

Ransomware attacks Microsoft SharePoint servers

Microsoft SharePoint servers have joined a long list of devices that ransomware uses to infiltrate corporate networks. This list also includes Citrix gateways, F5 BIG-IP balancers, Microsoft Exchange mail servers, VPN Pulse Secure, Fortinet and Palo Alto Network products. Trend Micro experts write that the SharePoint servers are being attacked by a hack group known as Hello or WickrMe Ransomware (using Wickr accounts...

Pareto botnet claims jailbroken devices are TVs

Experts from Human Security (formerly White Ops) have discovered the Pareto botnet that infects Android devices and uses them to scam the television advertising ecosystem. Currently, Pareto has infected more than a million devices and impersonates millions of people watching ads on smart TVs and other devices. Human Security reports that the botnet has used dozens of mobile apps to mimic or tamper...

Vulnerable Microsoft Exchange Servers Attacked by Prometei Botnet

Since the patches for ProxyLogon problems were still not fully installed, attackers continue to attack vulnerable Microsoft Exchange servers. Now researchers from Cybereason Nocturnus have discovered the Prometei botnet, which mines Monero cryptocurrency on vulnerable machines.

A patch for another 0-day vulnerability in Google Chrome has been released

Google developers released Chrome version 90.0.4430.85 (for Windows, Mac and Linux), eliminating a zero-day vulnerability that hackers have already actively exploited. The issue is identified as CVE-2021-21224 and was reported by security analyst Jose Martinez of VerSprite Inc. The vulnerability is also known to be related to a type confusion bug in the V8 engine. Martinez himself writes that the vulnerability is related to a PoC...

760$ million stolen from Bitfinex in 2016 transferred to other wallets

Edition of The Record reports that, according to the Whale Alert and BTCparsers, Bitcoins, stolen in 2016  from Bitfinex Exchange were transferred to other purses   dozens of transactions in the range from 1 to 1200 Bitcoins at a time. At the same time, the funds that came into motion account for only about 10% of the amount stolen from Bitfinex, because then hackers stole 119,756...

NAME: WRECK vulnerabilities threaten millions of IoT devices

Forescout experts presented a report on nine vulnerabilities in TCP / IP stacks, collectively named NAME: WRECK . These problems affect hundreds of millions of servers, smart devices, and industrial equipment. NAME: WRECK is the fifth set of vulnerabilities affecting TCP / IP libraries found in the past three years. Suffice it to recall at least such "findings" of experts as  Ripple20 , URGENT / 11 and Amnesia: 33 . But...

Pwn2Own ended 2021. Windows 10, Ubuntu, Safari, Chrome, Zoom and more were successfully jailbroken

The largest hacking competition - the spring Pwn2Own 2021 - has ended. This time it all ended in a three-way draw between Team Devcore and OV, as well as the duo of cybersecurity experts Daan Keuper and Thijs Alkemade from Computest. All three teams finished the competition with 20 points each. In total, over three days, Pwn2Own members earned $ 1,210,000. Detailed...

Attackers use the GitHub server infrastructure for cryptomining

The web service for hosting IT projects GitHub is investigating a series of attacks on its cloud infrastructure, in which cybercriminals use the company's servers for illegal cryptocurrency mining operations. The first attacks were recorded by a French programmer using the alias Tib in the fall of 2020. During the campaign, criminals use the GitHub Actions feature to automatically execute tasks and workflows...

The Coinhive domain is used to warn users about hacked resources

The creator of Have I Been Pwned, Troy Hunt, uses the domains of Coinhive, a cryptojacking service that was closed in 2019, to alert users to sites that are still mining hidden. Let me remind you that Coinhive  appeared  in the fall of 2017 and was then positioned as an alternative to classic banner advertising. As a result, Coinhive only spawned a large-scale...

Privacy-focused ClearURLs extension removed from Chrome Web Store

Edition Bleeping Computer Note that the browser-based extension ClearURLs, clearing URL-addresses from any tracker, designed for surveillance and intelligence, has been removed from Chrome Web Store. ClearURLs are provided for both Google Chrome and Firefox and Edge. Journalists explain that many sites have long URLs with additional parameters that do not provide any functional value, but are used to track users. This may especially...

Hackers began to exploit a serious vulnerability in F5 BIG-IP

Earlier this month, F5 Networks released patches to fix four critical bugs in BIG-IP and BIG-IQ. Then the developers wrote that these vulnerabilities can lead to denial of service (DoS) attacks and even to remote execution of arbitrary code without authentication. One of the most serious fixed vulnerabilities has the identifier  CVE-2021-22986   and affects various devices with F5 iControl REST on board. This RCE issue...