174 matches found
TAU Threat Intelligence Notification: Israbye Wiper
Summary Israbye is a disk wiper first discovered by a researcher in August 2017, as reported by Bleeping Computer. A newer sample has since been discovered, which appears to timely coincide with a recent news story that references the Al-Aqsa mosque. This mosque is also referenced within the...
How to Move Veeam Backup for Nutanix AHV Backup Files
Purpose This article documents how to migrate Veeam Backup for Nutanix AHV backup files to a different Veeam Backup & Replication Repository. Solution Considerations and Limitations This process only works when moving backup files between Repositories of the same Veeam Backup & Replication server...
CVE-2018-19537
TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...
AttacheCase Arbitrary Code Execution Vulnerability (CNVD-2018-17324)
AttacheCase is a suite of file encryption software. An arbitrary code execution vulnerability exists in AttacheCase, which can be exploited by a remote, unauthenticated attacker to execute arbitrary scripts...
JVN#02037158: AttacheCase vulnerable to arbitrary script execution
AttacheCase is an open source file encryption software provided by HiBARA Software. If a setting file AtcCase.ini is specially crafted and it resides in the same folder where ATC file resides, it is leveraged to execute an arbitrary script when ATC file is decrypted. Impact A remote unauthenticat...
Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by a security vulnerability (CVE-2016-6115)
Summary A security vulnerability has been identified in IBM Spectrum Scale GPFS that could allow a remote authenticated attacker to overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash. This vulnerability is only applicable if: - file...
SamSam ransomware: controlled distribution for an elusive malware
SamSam ransomware has been involved in some high profile attacks recently, and remains a somewhat elusive malware. In its time being active, SamSam has gone through a slight evolution, adding more features and alterations into the mix. These changes do not necessarily make the ransomware more...
Apple macOS Bug Reveals Cache of Sensitive Data from Encrypted Drives
Security researchers are warning of almost a decade old issue with one of the Apple's macOS feature which was designed for users' convenience but is potentially exposing the contents of files stored on password-protected encrypted drives. Earlier this month, security researcher Wojciech Regula fr...
GandCrab Ransomware Found Hiding on Legitimate Websites
The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns. What’s interesting is that GandCrab payload was found hiding on legitimate but compromised websites. These,...
EmbedInHTML - Embed and hide any file in an HTML file
What this tool does is taking a file any type of file, encrypt it, and embed it into an HTML file as ressource, along with an automatic download routine simulating a user clicking on the embedded ressource. Then, when the user browses the HTML file, the embedded file is decrypted on the fly, save...
In ExPetr/Petya’s shadow, FakeCry ransomware wave hits Ukraine
While the cyber-world was still shaking under the destructive ExPetr/Petya attack that hit on June 27, another ransomware attack targeting Ukraine at the same time went almost unnoticed. So far, all theories regarding the spread of ExPetr/Petya point into two directions: Distribution via trojaniz...
WannaCry Development Errors Enable File Recovery
WannaCry may have caused worldwide havoc on May 12 when it rode the coattails of the NSA’s weaponized EternalBlue exploit to infect computers in 150 countries, but that doesn’t mean it was a quality piece of ransomware. A number of programming errors in the code are floating to the surface and...
What’s Next for Ransomware: Data Corruption, Exfiltration and Disruption
Ransomware’s popularity continues to skyrocket, due to its successful business model and the significant profit paid by its victims. Unlike other malware business models – where attackers steal data and then sell it on the darknet; hackers who utilize ransomware as their attack vector receive...
Botnet Sending 5 Million Emails Per Hour to Spread Jaff Ransomware
A massive malicious email campaign that stems from the Necurs botnet is spreading a new ransomware at the rate of 5 million emails per hour and hitting computers across the globe. Dubbed "Jaff," the new file-encrypting ransomware is very similar to the infamous Locky ransomware in many ways, but ...
Google Android File Encryption Information Disclosure Vulnerability
Google Android is a Linux-based operating system for smartphone devices. An information disclosure vulnerability exists in Google Android file encryption, which can be exploited by remote attackers to build malicious applications that can be parsed by users and can access sensitive information...
JVN#83917769: AttacheCase vulnerable to directory traversal
AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains a directory traversal vulnerability CWE-22 due to a flaw in processing filenames in ATC files. Impact Decrypting a crafted ATC file may result in creation of an arbitrary file or overwriting o...
‘Popcorn Time’ Ransomware Sure to Cause Indigestion
ARCHIVED STORY ‘Popcorn Time’ Ransomware Sure to Cause Indigestion By Tim Hux · December 19, 2016 In early December the new ransomware “Popcorn Time” was discovered. It gives the victim the option of paying the ransom or infecting two other individuals and getting them to pay. “Popcorn Time” is a...
PowerShellEmpire Arbitrary File Upload (Skywalker)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'PowerShellEmpire Arbitrary File Upload Skywalker', 'Description' = %q A vulnerability existed in the PowerShellEmpire server...
Swiss Star: extortion virus is a new variant after the poisoning 1 0 5 4 full file encryption-vulnerability warning-the black bar safety net
Recently, the rising“cloud security”system intercepted a new type of blackmail Virus, the virus encrypts files up to 1 0 5 4, file Unified encryption for. encrypted format, thus a ransom of 1 bitcoinabout RMB 4 5 0 0 Yuan. If the user is not within the prescribed time hack payment, the encrypted...
VeraCrypt Audit Reveals Critical Security Flaws — Update Now
After TrueCrypt mysteriously discontinued its service, VeraCrypt became the most popular open source disk encryption software used by activists, journalists, as well as privacy conscious people. First of all, there is no such thing as a perfect, bug-free software. Even the most rigorously tested...