Search Results for “ZDNet”


May 12, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Astaroth Infostealer Trojan Becomes More Stealthy, Uses YouTube Channel Descriptions to Hide URLs for Command and Control Servers As It Evolves

The stealthy Astaroth infostealer trojan, which has historically targeted Brazilian users, relies on email campaigns for distribution, fileless execution, and living off the land (LOLbins), but has also gained two new major updates, researchers at Cisco Talos report.  The first update is an extensive collection of anti-analysis and anti-sandbox checks, which will allow it to avoid having its payload marked as malware. The second update is that Astaroth now uses YouTube channel description fields to hide the URL for its command and control (C2) servers. The field contains encrypted and base64-encoded text with the URLs of its command and control server. The YouTube channel is only one of three redundant systems that allow connections to C2 servers.

May 18, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
FBI Sent Alert Earlier This Month Warning About ‘Human-Operated Ransomware’ ProLock Attacks

The FBI issued a security alert earlier this month about a new ransomware strain named ProLock that has hit healthcare organizations, government entities, financial institutions, and retail organizations. ProLock is considered “human-operated ransomware” that is installed manually on the networks of hacked companies. The FBI says this group gains access to hacked networks via the Qakbot (Qbot) trojan, which security firm Group IB has also reported. The Bureau has further warned victims about bugs in the ProLock decrypter, the app the ProLock gang provides victims to decrypt their files after paying the ransom, which the FBI says has not routinely executed correctly. The FBI sent the flash alert to US organizations after ATM giant Diebold Nixdorf was infected with ProLock at the end of April, according to a source.

May 19, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
FBI Warns That Hackers Are Exploiting Vulnerability in Old Magento Plugin to Launch Magecart Attacks

The FBI says hackers are exploiting a three-year-old vulnerability in a Magento plugin to take over online stores and plant a malicious script that records and steals buyers’ payment card data in what are known as web skimming or Magecart attacks. Attackers are exploiting CVE-2017-7391, a cross-site scripting (XSS) vulnerability in MAGMI (Magento Mass Import), a plugin for Magento-based online stores, the FBI said in a flash security alert sent to the US private sector at the start of the month. The attackers are exploiting the flaw to steal environment credentials for a Magento online store, which they’re using to take full control over the targeted sites. They then plant web shells for future access and start implanting malicious code that records payment details entered on the store when users buy and pay for new products. The MAGMI plugin only works for older versions of Magento stores, the 1.x branch, which is set to reach end-of-life on June 30, 2020.

July 1, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Microsoft Issues Two Out-of-Band Patches to Fix Windows Bugs That Can Be Exploited With Specially Crafted Image

Microsoft issued two out-of-band security updates to patch two vulnerabilities in the Microsoft Windows Codecs Library. Tracked as CVE-2020-1425 & CVE-2020-1457, the two bugs only impact Windows 10 and Windows Server 2019 distributions. Microsoft said the two security flaws can be exploited with the help of a specially crafted image file. The image when opened inside apps that use the built-in Windows Codecs Library to handle multimedia content, then attackers would be allowed to run malicious code on a Windows computer and potentially take over the device.

April 26, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Sophos Issues Emergency Patch for Zero-Day Flaw in XG Enterprise Firewall That Was Exploited in the Wild by Hackers

Cyber-security firm Sophos has published an emergency security update to patch a zero-day vulnerability in its XG enterprise firewall product that it learned only last Wednesday was being abused in the wild by hackers. Sophos said that the attack used a previously unknown SQL injection vulnerability to gain access to exposed XG devices that was designed to download payloads intended to exfiltrate XG Firewall-resident data. The stolen data could include usernames and hashed passwords for the firewall device admin, for the firewall portal admins, and user accounts used for remote access to the device.

Related: ibtimes.sg: Top News, Security Affairs, Sophos, Security Affairs, Reddit – cybersecurity, BleepingComputer.com, Economic Times, The State of Security, E Hacking News, Tenable Blog, Spyware news, IT Pro, GBHackers On Security, SecurityWeek, Help Net Security, The Daily Swig, SC Magazine, Webpronews,  Rapid7, Ars Technica, Tenable BlogSlashdot, CRN, BleepingComputer.com, TechTarget, Threatpost

Tweets:@campuscodi @GossiTheDog

ibtimes.sg : Top News: Sophos releases emergency patch for its enterprise firewall product
Security Affairs: Hackers exploit SQL injection zero-day issue in Sophos firewall
Sophos: Fixing SQL injection vulnerability and malicious code execution in XG Firewall/SFOS
Security Affairs: Hackers exploit SQL injection zero-day issue in Sophos firewall
Reddit – cybersecurity: Hackers are exploiting a Sophos firewall zero-day
BleepingComputer.com: Hackers exploit zero-day in Sophos XG Firewall, fix released
Economic Times : Sophos releases emergency patch for its enterprise firewall product
The State of Security: Zero-Day Flaw Allowed Attackers to Achieve RCE on Firewalls
E Hacking News: Hackers abuse Sophos Firewall Zero Day Vulnerability
Tenable Blog: CVE-2020-12271: Zero-Day SQL Injection Vulnerability in Sophos XG Firewall Exploited in the Wild
Spyware news: Sophos Firewall zero-day vulnerability patched
IT Pro: Sophos fixes firewall bug being actively exploited in SQL injection attacks | IT PRO
GBHackers On Security: Hackers Exploit SQL Injection & Code Execution Zero-day Bugs in Sophos Firewall
SecurityWeek: Malware Delivered to Sophos Firewalls via Zero-Day Vulnerability
Help Net Security: Attackers exploiting a zero-day in Sophos firewalls, have yours been hit?
The Daily Swig: Sophos XG Firewall zero-day vulnerability gets patched
SC Magazine: Sophos victimized by a zero-day in its XG Firewall product | SC Media
Webpronews : Sophos Issues Hotfix For Firewall Zero-Day Being Actively Exploited
Rapid7: CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview
Ars Technica: Attackers exploit 0day code-execution flaw in the Sophos firewall
Slashdot: Hackers Are Exploiting a Sophos Firewall Zero-day
CRN: Sophos XG Firewall Exploited By Zero-Day Bug, Patch Released
BleepingComputer.com: Asnarök malware exploits firewall zero-day to steal credentials
TechTarget: Sophos firewall hit by ‘Asnarök’ Trojan attack
Threatpost : Hackers Mount Zero-Day Attacks on Sophos Firewalls

@campuscodi: BREAKING: Hackers are exploiting a Sophos firewall zero-day - Attacks detected on Wednesday - Hackers exploited an SQLi to steal device data (creds) - Patch pushed out earlier today - Patch also removes artifacts from compromised XG firewall systems https://zdnet.com/article/hackers-are-exploiting-a-sophos-firewall-zero-day/
@GossiTheDog: Sophos are getting a CVE assigned to the Sophos XG vulnerability, and they have an extensive breakdown (including much technical details and IoCs - incredible openness here) about what happened. Note that the attackers got full remote code execution here.


May 27, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
DoubleGuns Trojan Is Largest Malware Botnet Targeting Chinese Users, Qihoo 360 and Baidu Aim to Disrupt Its Operations

For the past three years, the DoubleGuns trojan, which targets Windows devices, has become one of China’s largest malware botnets, according to Chinese antivirus vendor Qihoo 360. DoubleGuns is exclusively found in China and is believed to have infected hundreds of thousands of Chinese users. Distributed primarily via boobytrapped apps shared on Chinese websites, primarily infects users with MBR and VBR bootkits, installs various malicious drivers, and then steals credentials from local apps, with a focus on Steam accounts. It also acts as an adware and spamming module. Qihoo 360 says it recently teamed up with fellow Chinese tech giant Baidu to disrupt the botnet’s operations.

May 28, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Researchers Discover 26 New Flaws in USB Driver Stack in Linux, macOS, Windows, FreeBSD Using New Fuzzing Tool USBFuzz

Twenty-six new vulnerabilities in the USB driver stack employed by operating systems such as Linux, macOs, Windows, and FreeBSD were discovered by researchers Hui Peng from Purdue University and Mathias Payer from the Swiss Federal Institute of Technology Lausanne. All the bugs were found with a new tool they created, named USBFuzz. This software-emulated USB device is what is called a “fuzzer” that lets security researchers send large quantities of invalid, unexpected, or random data as inputs to other programs. Although the researchers found one bug in FreeBSD, three in MacOS (two resulting in an unplanned reboot and one freezing the system), and four in Windows 8 and Windows 10 (resulting in Blue Screens of Death), the vast majority, eighteen in total, were found in Linux. Sixteen were memory bugs of high-security impact in various Linux subsystems (USB core, USB sound, and net-work), one bug resided in the Linux USB host controller driver, and the last in a USB camera driver. Of the 18 Linux bugs, the research team said 11 received a patch after they reported the flaws to the Linux kernel team, with the remaining flaws slated to be patched in the near future.

May 27, 2020
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
Attacks on Corporate Cloud Services Soared 630% Early This Year as Cybercriminals Sought to Exploit Remote Working

Cyberattacks targeting corporate cloud services have increased by 630 percent between January and April of this year as cybercriminals look to exploit the rise in remote working to gain access to corporate accounts, McAfee said in its recent Cloud Adoption & Risk Report. In most cases, these attempts at hacking cloud accounts are brute-force attacks, with cybercriminals attempting common or simple passwords in an effort to gain access. The attacks come in two broad categories excessive usage from an anomalous location or what researchers call ‘suspicious superhuman,’ which involves multiple login attempts in a short amount of time from geographically disparate sites.

Related: BusinessLine – Home, Network World Security, ZDNet UK, Times of India, Hindu Businessline, TechCentral.ie, CSO Online, ITProPortal, TechRepublic, DGIndia, Business Wire Technology News


May 31, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Database for Formerly Top Dark Web Service Hosting Provider Leaked Online, Data Can Be Used to Identify Owners of Dark Web Portals

A hacker who goes by the name of KingNull uploaded a copy of Daniel’s Hosting (DH) database online. DH had been the largest free web hosting provider for dark web services until shortly after the hacker breached DH earlier this year, on March 10, 2020. Two weeks after the breach, DH shut down its service for good, urging users to move their sites to new dark web hosting providers. Around 7,600 websites, a third of all dark web portals, went down following DH’s shutdown. The leaked data includes 3,671 email addresses, 7,205 account passwords, and 8,580 private keys for .onion (dark web) domains. Threat intelligence firm Under the Breach, which examined the database, said the leaked data can be used to tie the owners of leaked email addresses to certain dark web portals.

June 6, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Apple Publishes Free Password Manager and Resources to Help Developers of Password Managers

Apple has published on GitHub a set of free tools and resources called Password Manager and Resources to help developers of password managers, as well as other apps, generate strong passwords. Apple says the new tools are primarily meant to help developers of password manager apps create better experiences for users.

Related:  iPhoneHacks, SlashGear » security, Apple Developer

Tweets:@campuscodi @campuscodi