Search Results for “Sergiu Gatlan”


October 14, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
China’s Winnti Group Updates Arsenal With New Modular Windows Backdoor ‘PortReuse,’ Infects High-Profile Asian Manufacturer

The Chinese state-backed threat group known as the Winnti Group, but also known as Blackfly and Suckfly, Wicked Panda, BARIUM and APT 41, updated their arsenal with a new modular Windows backdoor called PortReuse that they used to infect the servers of a high-profile Asian mobile hardware and software manufacturer, according to researchers at ESET. The group also updated its ShadowPad malware with random module IDs and some extra obfuscation. A supply chain attack against a video game developer led to the malware’s distribution via a game’s official update server.

October 12, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Critical Local Privilege Escalation Vulnerability Found and Fixed in HP Touchpoint Analytics, Could Impact Millions of Windows Systems

A critical security vulnerability in Open Hardware Monitor, a free open-source software program that monitors temperature sensors, fan speeds, voltages, load and clock speeds of a computer, which is used in monitoring systems, including HP Touchpoint Analytics, allowed attackers to escalate privileges and execute arbitrary code using SYSTEM privileges on computers running Windows, researchers at Safebreach Labs report.  The local privilege escalation (LPE) vulnerability, tracked as CVE-2019-6333, was discovered by SafeBreach Labs security researcher Peleg Hadar and reported to HP on July 4. It impacts all versions of HP Touchpoint Analytics Client below 4.1.4.2827. HP patched this vulnerability with the release of HP Touchpoint Analytics Client version 4.1.4.2827 on October 4. HP published procedures to detect if a device is vulnerable and appropriate remediation actions.

October 2, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Microsoft Offers Windows 7 Extended Security Updates to Small and Midsize Businesses Through January 2023

Microsoft announced that Windows 7 Extended Security Updates (ESU) will be available for small and midsize businesses (SMBs) through January 2023 to allow them to stay secure during the Windows 10 migration process. The ESUs were previously available only to large businesses and education customers. SMBs will be able to purchase the ESUs on a per-device basis for the next three years, with the price to increase every year, in three consecutive 12-month increments.

Related: CRN, Komando, Appuals.com, gHacks, ZDNet, Neowin, MSPowerUser, Windows Central, Microsoft, Microsoft (PDF)


September 30, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Patch Issued for Critical Vulnerability in Exim Mail Transfer Agent That Could Allow Remote Code Execution Attacks

A new critical vulnerability, a heap-based buffer overflow in string_vformat (string.c), in the Exim mail transfer agent (MTA) software was patched to prevent denial of service (DoS) or possibly remote code execution attacks. The security flaw tracked as CVE-2019-16928 was reported by QAX-A-TEAM and has been fixed in Exim version 4.92.3. The known exploit uses an extraordinary long EHLO string to crash the Exim process that is receiving the message. The only known mitigation for this flaw is to update vulnerable Exim servers.

Related: Bugzilla, Security Affairs, The Hacker News, LinuxSecurity – Security Articles, The Register – Security, Tenable Blog, SecurityWeek, GBHackers On SecurityThreatpost, Exim


September 23, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Microsoft Issues Two Out of Band Security Updates for Internet Explorer and Windows Defender, Explorer Zero-Day RCE Flaw Known to Have Been Exploited in the Wild

Microsoft released two out of band security updates for remote code execution (RCE) and denial of service (DoS) security vulnerabilities impacting Internet Explorer and Windows Defender, respectively. The first one is a zero-day RCE vulnerability tracked as CVE-2019-1367, a scripting engine memory corruption vulnerability known to have been exploited in the wild and disclosed by Clément Lecigne of Google’s Threat Analysis Group. The second update fixes a Microsoft Defender denial of service vulnerability tracked as CVE-2019-1255 and disclosed by Charalampos Billinis of F-Secure Countercept and Wenxu Wu of Tencent Security Xuanwu Lab. Users have to manually implement the fix for CVE-2019-1367, while CVE-2019-1255 will be fixed by the Microsoft Malware Protection Engine’s auto-update feature.

Related: Dark Reading: Attacks/Breaches, Threatpost, ZDNet SecurityUS-CERT Current Activity, Neowin, gHacks, Microsoft, Softpedia News, SecurityWeek, Help Net Security, GBHackers On Security, The Next Web, gHacks, PC World, The Hacker News, IT Pro, Security – Computing, The Next Web, Spyware news, Help Net Security, THE INQUIRER, Security Affairs, BetaNews, GBHackers On Security, Digital Trends, iMoreCNN.com, TechSpot, TechSpot, TechCrunch, Techradar, Softpedia News, Softpedia News, SecurityWeek, Computerworld Security

Tweets:@jorgeorchilles @swiftonsecurity @unix_root

Dark Reading: Attacks/Breaches: Microsoft Issues Out-of-Band Patch for Internet Explorer
Threatpost: Microsoft Internet Explorer Zero-Day Flaw Addressed in Out-of-Band Security Update
ZDNet Security: Microsoft releases out-of-band security update to fix IE zero-day & Defender bug
US-CERT Current Activity: Microsoft Releases Out-of-Band Security Updates
Neowin : Microsoft releases Windows 10 cumulative updates with IE fixes
gHacks: Former Microsoft Employee explains why bugs in Windows updates increased
Microsoft: CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability Security Vulnerability
Softpedia News: Microsoft Releases Windows 10 Cumulative Updates KB4522016, KB4522015, KB4522014
SecurityWeek: Microsoft Patches Internet Explorer Vulnerability Exploited in Attacks
Help Net Security: Microsoft drops emergency Internet Explorer fix for actively exploited zero-day
GBHackers On Security: Microsoft Emergency Patch – IE Zero-day Vulnerability Let Hackers Execute Arbitrary Code Remotely in Windows PC
The Next Web: Microsoft issues emergency Windows patch to address Internet Explorer zero-day flaw
gHacks: Microsoft releases emergency Internet Explorer security update
PC World : A new Internet Explorer bug can take over your entire PC, so stop using it
The Hacker News; Microsoft Releases Emergency Patches for IE 0-Day and Windows Defender Flaw
IT Pro: Microsoft issues urgent Internet Explorer and Windows Defender security patches
Security – Computing: Microsoft rushes out fixes for two zero-day security flaws affecting IE and Windows Defender
The Next Web: Microsoft issues emergency Windows patch to address Internet Explorer zero-day flaw
Spyware news: Microsoft issued a security patch for Internet Explorer Zero-day flaw
Help Net Security: Microsoft drops emergency Internet Explorer fix for actively exploited zero-day
THE INQUIRER: Microsoft releases out-of-band patch for IE, Windows Defender flaws
Security Affairs: Microsoft released an out-of-band patch to fix Zero-day flaw exploited in the wild
BetaNews: Microsoft releases emergency patches for Internet Explorer zero-day and Windows Defender flaw
GBHackers On Security: Microsoft Emergency Patch – IE Zero-day Vulnerability Let Hackers Execute Arbitrary Code Remotely in Windows PC
Digital Trends: The U.S. government issued a warning to install this emergency Windows update
iMore: Apple releases iOS 13.1 with Shortcut Automations, Maps ETA, and more
CNN.com: Microsoft sends another warning: Update Windows now to fix critical security issues
TechSpot: Microsoft issues patch for Internet Explorer zero-day
TechCrunch: Microsoft urges Windows users to install emergency security patch
Techradar: Still using Internet Explorer? You need this urgent security patch from Microsoft
Softpedia News: Microsoft Releases Windows 10 Cumulative Updates KB4522016, KB4522015, KB4522014
SecurityWeek: Microsoft Patches Internet Explorer Vulnerability Exploited in Attacks
Computerworld Security: Microsoft delivers emergency security update for antiquated IE

@jorgeorchilles: Update your Windows boxes. Microsoft just released an out of band patch for Internet Explorer CVE-2019-1367. It was discovered exploited in the wild. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367
@swiftonsecurity: Shout-out to the Microsoft employee who has to paste in “unregister JavaScript from Internet Explorer to mitigate this vulnerability” every time an IE bug comes out despite it being an insane non-solution nobody has ever implemented except those not realizing what they were doing
@unix_root: It's not a Patch Tuesday, but Microsoft is rolling out emergency out-of-band security patches for two new vulnerabilities:?? CVE-2019-1367 — a critical IE zero-day under active attack. ?? CVE-2019-1255 — DoS flaw in Microsoft Defender.Read details:


September 6, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Exim Mail Transfer Agent Flaw Allows Local and Remote Attackers to Gain Root Privileges on Servers That Accept TLS Connections

The Exim mail transfer agent (MTA) software is impacted by a critical severity vulnerability, a buffer overflow, present in versions 4.80 up to and including 4.92.1 that grants local and remote attackers root privileges on servers that accept TLS connections, according to an initial report by ‘Zerons’ on July 21 and a later analysis by Qualys’ research team. The flaw tracked as CVE-2019-15846 is “exploitable by sending an SNI ending in a backslash-null sequence during the initial TLS handshake” which leads to RCE with root privileges on the mail server. Server admins should install Exim 4.92.2, the latest version which patched the CVE-2019-15846 vulnerability.

Related: SecurityWeek, Vuxml.org, The Register – SecurityThe Hacker News, US-CERT Current Activity

Tweets:@ionut_ilascu


September 3, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Malicious Actors Are Embedding Banking Trojans, Ransomware and Worms in Electronic Textbooks and Essays, More Than 30,000 Users Tried to Open 356,000 Infected Files Last Academic Year

Searching for textbooks and essays in electronic form on the Internet exposes students to a wide range of malicious attacks, researchers at Kaspersky discovered based on their analysis of data for the past academic year. The researchers discovered that attackers embed malware downloaders in the electronic books that can download and execute banking Trojans and ransomware or with worms capable of quickly spreading to all contacts and devices on the victims’ networks. Threat actors targeted potential victims from the educational field over 356,000 times in total over the past academic year, with 233,000 of those cases malicious essays that were downloaded to computers owned by more than 74,000 people. The researchers detected 122,000 attacks by malware that was disguised as textbooks. More than 30,000 users tried to open these files. The most ‘popular’ malware was a MediaGet torrent application downloader, the WinLNK.Agent.gen and the Win32.Agent.ifdx downloaders, and the Stalk worm.

August 27, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
New Phishing Campaign Uses Fake Resume Attachments to Deliver Quasar Remote Administration Tool (RAT)

A new phishing campaign uses fake resume attachments designed to deliver Quasar Remote Administration Tool (RAT) malicious payloads onto the Windows computers of unsuspecting targets, researchers at Cofense spotted. Although fake resumes are commonly used by cybercriminals, the malspam campaign using the Quasar RAT also adds multiple anti-analysis methods to camouflage the infection vectors. The potential victims who receive the fake resumes are asked to enable macros that also come with a small twist in the form of base64 encoded garbage code designed to crash analysis tools. The campaign’s operators conceal payload URLs and other similar information used to propagate the infection within the metadata of other embedded objects and images.

August 20, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Attackers Target Utilities With Evasive Adwind RAT Via Malspam Campaign, Steals Sensitive Info, Acts as Keylogger, Records Videos and Sounds and More

Attackers are targeting entities from the utility industry with the Adwind Remote Access Trojan (RAT) malware, also known as jRAT, AlienSpy, JSocket, and Sockrat, via a malspam campaign that uses URL redirection to malicious payloads, researchers at Cofense say. Adwind is sold by its developers to threat actors under a malware-as-a-service (MaaS) model and is capable of evading detection by most major anti-malware solutions. AdWind steals sensitive info like VPN certificates and credentials from Chrome, IE, and Edge to collecting and exfiltrating the victims’ keystrokes, as well as record video and sound, snap photos using the infected machine’s webcam, mine for cryptocurrency and harvest cryptocurrency wallet information. Although it avoids detection, sandbox- and behavior-based antivirus software should be capable of detecting and block it successfully.

July 30, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
New Ransomware Family ‘FileCoder’ Uses SMS Messages to Spread Itself to Android Devices, Promises Free Sex Simulator Online Game

A new ransomware family, dubbed Android/Filecoder.C (FileCoder), targets Android devices 5.1 and higher and spreads to other victims by sending text messages containing malicious links to the entire contact list found on infected targets, researchers at ESET say. After the ransomware sends the SMS messages, it encrypts most files on the users’ phones and requests a ransom in Bitcoin. However, due to the flawed encryption currently used, it’s possible to decrypt the affected files without any assistance from the attacker. The malware was first spotted on July 12 with the attackers distributing their malicious payload via posts made on Reddit and on the XDA Developers mobile software development community. As a lure to installing the ransomware, those posts “promotes” the malicious app as a free sex simulator online game.