Microsoft Disrupts ZLoader Cybercrime Botnet in Global Operation

Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader botnet, seizing control of 65 domains that were used to control and communicate with the infected hosts. "ZLoader is made up of computing devices in businesses, hospitals, schools, and home...

Google Play Bitten by Sharkbot Info-stealer ‘AV Solution’

Researchers have found the info-stealing Android malware Sharkbot lurking unsuspected in the depths of the Google Play store under the cover of anti-virus AV solutions. While analyzing suspicious applications on the store, the Check Point Research CPR team found what purported to be genuine AV...

‘DarkWatchman’ RAT Shows Evolution in Fileless Malware

A novel remote access trojan RAT being distributed via a Russian-language spear-phishing campaign is using unique manipulation of Windows Registry to evade most security detections, demonstrating a significant evolution in fileless malware techniques. Dubbed DarkWatchman, the RAT – discovered by...

New Fileless Malware Uses Windows Registry as Storage to Evade Detection

A new JavaScript-based remote access Trojan RAT propagated via a social engineering campaign has been observed employing sneaky "fileless" techniques as part of its detection-evasion methods to elude discovery and analysis. Dubbed DarkWatchman by researchers from Prevailion's Adversarial...

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...

CVE-2021-1447

CVE-2021-1447 describes a local privilege-escalation in Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) due to a flaw in the password generation algorithm. An authenticated Administrator can exploit this by enabling specific Administrator-only features and connecting to the ap...

SUSE: Security Advisory (SUSE-SU-2018:2928-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

What tracking an attacker email infrastructure tells us about persistent cybercriminal operations

From March to December 2020, we tracked segments of a dynamically generated email infrastructure that attackers used to send more than a million emails per month, distributing at least seven distinct malware families in dozens of campaigns using a variety of phishing lures and tactics. These...

QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices

Cybersecurity agencies in the US and UK yesterday issued a joint advisory about a massive ongoing malware threat infecting Taiwanese company QNAP's network-attached storage NAS appliances. Called QSnatch or Derek, the data-stealing malware is said to have compromised 62,000 devices since reports...

CVE-2019-13022

Bond JetSelect (all versions) has a vulnerability in ENCtool.jar password generation where the plaintext password is XORed into an “encrypted” value stored in the database, making the initial admin passwords trivially reversible and enabling privilege escalation to modify/delete networking config...

Necurs Botnet in Crosshairs of Global Takedown Offensive

A New York State court issued an order this week giving Microsoft control of the U.S.-based infrastructure used by the notorious Necurs botnet in an effort to stop the world’s most prolific and globally dispersed spam and malware infrastructure. The move came after Microsoft and partners across 3...

Necurs Botnet in Crosshairs of Global Takedown Offensive

A New York State court issued an order this week giving Microsoft control of the U.S.-based infrastructure used by the notorious Necurs botnet in an effort to stop the world’s most prolific and globally dispersed spam and malware infrastructure. The move came after Microsoft and partners across 3...

Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide

Microsoft today announced that it has successfully disrupted the botnet network of the Necurs malware, which has infected more than 9 million computers globally, and also hijacked the majority of its infrastructure. The latest botnet takedown was the result of a coordinated operation involving...

CVE-2018-10239

A privilege escalation vulnerability in the "support access" feature on Infoblox NIOS 6.8 through 8.4.1 could allow a locally authenticated administrator to temporarily gain additional privileges on an affected device and perform actions within the super user scope. The vulnerability is due to a...

Backdoor in the nssock2.dll module of several products including NetSarang Xmanager and Xshell

NetSarang is a company that provides secure link solutions and Xshell is a terminal emulation software. The related nssock2.dll module, a component used for network communication, in the installation directories of Xshell, Xlpd, Xmanager, and Xftp has been found to contain backdoor-type code samp...

VulnCheck KEV: CVE-2017-20202

Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and fetched a remote script. The fetched script conditionally loaded follow-on modules that performed extensive ad substitution and malvertising, displayed fake “repair” alerts that redirected users to...

CVE-2016-1919

The CVE-2016-1919 entry concerns Samsung KNOX 1.0 on Android 4.3 where the eCryptFS key is derived from the user password and a TIMA key. The weakness lies in the eCryptFS-key generation algorithm, enabling potential disclosure of Data-at-Rest from KNOX containers when an attacker has local acces...

Fedora 22 : prosody-0.9.10-1.fc22 (2016-e2c5111eda)

Prosody 0.9.10 ============== A summary of changes in this release: Security -------- moddialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks CVE-2016-0756 Fixes and improvements ---------------------- Startup: Open /dev/urandom read-only, to fix a failure to...

Tinba Variant Spotted Targeting Russian, Japanese Banks

Cybercriminals behind the Tinba banking Trojan have been homing in on some of the larger banks in Russia and Japan, experts claim. According to researchers with Dell SecureWorks, who looked at an instance of the malware last month, configuration files in one variant are targeting one of the...