3973 matches found
Forever 21 Says PoS Systems Exposed Customer Data for 8 Months
Fashion retailer Forever 21 confirmed a breach made public in November resulted in the theft of credit card data belonging to an undisclosed number of customers. The company had stated that a lack of encryption used on some of its point-of-sales payment terminals could have resulted in unauthoriz...
Code Used in Zero Day Huawei Router Attack Made Public
Exploit code used in the Mirai malware variant called Satori, which was used to attack hundreds of thousands of Huawei routers over the past several weeks, is now public. Researchers warn the code will quickly become a commodity and be leveraged in DDoS attacks via botnets such as Reaper or...
Satori IoT Botnet Exploits Zero-Day to Zombify Huawei Routers
Although the original creators of the infamous IoT malware Mirai have already been arrested and sent to jail, the variants of the notorious botnet are still in the game due to the availability of its source code on the Internet. Hackers have widely used the infamous IoT malware to quietly amass a...
Intel Content Protection HECI Service - Type Confusion Privilege Escalation Exploit
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1358 Intel Content Protection HECI Service Type Confusion EoP Platform: Tested on Windows 10, service version 9.0.2.117 Class: Elevation of Privilege Summary: The Intel Content...
Intel Content Protection HECI Service - Type Confusion Privilege Escalation
Intel Content Protection HECI Service - Type Confusion Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1358 Intel Content Protection HECI Service Type Confusion EoP Platform: Tested on Windows 10, service version 9.0.2.117 Class: Elevation of Privilege...
Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection
Introduction TLS Thread Local Storage callbacks are provided by the Windows operating system to support additional initialization and termination for per-thread data structures. As previously reported, malicious TLS callbacks, as an anti-analysis trick, have been observed for quite some time and...
Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection
Introduction TLS Thread Local Storage callbacks are provided by the Windows operating system to support additional initialization and termination for per-thread data structures. As previously reported, malicious TLS callbacks, as an anti-analysis trick, have been observed for quite some time and...
Newly Published Exploit Code Used to Spread Mirai Variant
Qihoo 360 Netlab researchers reported on Friday that they are tracking an uptick in botnet activity associated with a variant of Mirai. Targeted are ports 23 and 2323 on internet-connected devices made by ZyXEL Communications that are using default admin/CenturyL1nk and admin/QwestM0dem telnet...
Multiple Ransomware Infections Reported
US-CERT has received multiple reports of ransomware infections, known as Bad Rabbit, in many countries around the world. A suspected variant of Petya, Bad Rabbit is ransomware—malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to...
FIN7 Group Uses JavaScript and Stealer DLL Variant in New Attacks
This post was authored by Michael Gorelik and Josh ReynoldsExecutive SummaryThroughout this blog post we will be detailing a newly discovered RTF document family that is being leveraged by the FIN7 group also known as the Carbanak gang which is a financially-motivated group targeting the financia...
New Locky Variant 'IKARUSdilapidated' Strikes Again
A second wave of the Locky ransomware variant called IKARUSdilapidated has been identified by security experts. The source of the ransomware is a botnet of zombie computers coordinated to launch phishing attacks that send emails and attachments appearing to come from a targeted recipient’s truste...
Threat Analysis: Carbon Black Threat Research Dissects PNG Dropper
UPDATE 8/14/17: After posting the original analysis, the Carbon Black Threat Research team received numerous requests for the tools to extract the second stage payload from the initial PNGdropper file. As a result, the source code and compiled binaries are being made public and are posted to the...
Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity
Attackers behind advanced persistent threat campaigns have kept busy over the past several months, adding new ways to bypass detection, crafting new payloads to drop, and identifying new zero days and backdoors to help them infect users and maintain persistence on machines. Juan Andres...
This Week in Security News
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...
Green Packet DX-350 Cross-Site Request Forgery Vulnerability
The Green Packet DX-350 is a network access point device from Green Packet USA. A cross-site request forgery vulnerability exists in the Green Packet DX-350 using firmware version 2.8.9.5-g1.4.8-atheeb. A remote attacker can exploit this vulnerability by sending a request to the ajax.cgi file to...
Decompiled SLocker Android Ransomware Source Code Published Online
Bad news for Android users — Decompiled source code of for one of the oldest mobile and popular Android ransomware families has been published online, making it available for cyber criminals who can use it to develop more customised and advanced variants of Android ransomware. Decompiled source...
Massive Goldeneye Ransomware Attack Hits Users Worldwide
By Waqas Computer systems around the world have been hit with a new ransomware malware called Goldeneye, a variant of Petya ransomware. Its targets are governments and businesses; infecting computers and files to lock out users and demanding $300 in Bitcoin to regain access. Upon infecting a syst...
Petya Destructive Malware Variant Spreading via Stolen Credentials and EternalBlue Exploit
UPDATE July 21: FireEye continues to track this threat. An earlier version of this post has been updated to reflect new findings. On June 27, 2017, multiple organizations – many in Europe – reported significant disruptions they are attributing to a variant of the Petya ransomware, which we are...
Decryption Utility Unlocks Files Encrypted by Jaff Ransomware
A weakness discovered in Jaff ransomware by researchers has led to the creation of decryption keys to unlock files locked by the malware. “We have found a vulnerability in Jaff’s code for all the variants to date. Thanks to this, it is now possible to recover users’ files encrypted with the .jaff...
CVE-2016-6883
MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack...