Viry a Červi

DoItForState domain name thief gets 14 years for pistol-whipping plot

Sophos Naked Security - 11 Prosinec, 2019 - 12:18
He hired his cousin to break in, hold the rightful domain holder at gunpoint, and force a transfer to his own GoDaddy account.

FTC warns Christmas buyers that smart toys are a security risk

Sophos Naked Security - 11 Prosinec, 2019 - 12:11
Thinking of giving a young person an internet-connected ‘smart’ toy this Christmas? You may want to think again.

Beware of bad Santas this Xmas: Piles of insecure smart toys fill retailers' shelves

The Register - Anti-Virus - 11 Prosinec, 2019 - 12:00
Latest Which? study with NCC Group highlights toys it ain't smart to buy

It seems to come around quicker every year – the failure of so-called smart toys to meet the most basic of security requirements. Which? has discovered a bunch of sack fillers that dirtbags can use to chat to your kids this Christmas.…

Kategorie: Viry a Červi

Ad industry groups ask that the CCPA keep its mitts off their cookies

Sophos Naked Security - 11 Prosinec, 2019 - 11:56
Ad-blocking technologies can block the cookies that record consumers' privacy choices, they claim.

Story of the year 2019: Cities under ransomware siege

Kaspersky Securelist - 11 Prosinec, 2019 - 11:00

Ransomware has been targeting the private sector for years now.

Overall awareness of the need for security measures is growing, and cybercriminals are increasing the precision of their targeting to locate victims with security breaches in their defense systems. Looking back at the past three years, the share of users targeted with ransomware in the overall number of malware detections has risen from 2.8% to 3.5%. While this might seem like a modest amount, ransomware is capable of causing extensive damage in the affected systems and networks, which means this threat should never be overlooked. The proportion of ransomware targets among all users attacked with malware has been fluctuating, yet appears to be decreasing, with the figure for H1 2019 showing 2.94% compared to 3.53% two years ago.

!function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement("script");o.async=1,o.id=n,o.src="https://e.infogram.com/js/dist/embed-loader-min.js",d.parentNode.insertBefore(o,d)}}(document,0,"infogram-async");

Share of users attacked with ransomware from all users attacked with malware

The overall number of users attacked annually has changed. Kaspersky experts usually observe from around 900,000 to almost 1.2 million users targeted by ransomware every six months.

!function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement("script");o.async=1,o.id=n,o.src="https://e.infogram.com/js/dist/embed-loader-min.js",d.parentNode.insertBefore(o,d)}}(document,0,"infogram-async");

Number of users attacked with ransomware, H1 2017-H1 2019

Despite there being many extremely sophisticated cryptor samples, the mechanism behind how they operate is painstakingly simple: they turn the files on victims’ computers into encrypted data and demand a ransom for the decryption keys. These keys are created by threat actors to decipher the files and transform them back into the original data. Without a key, it is impossible to operate the infected device. The malware may be distributed by the creators of the threat, sold to other actors or to the creators’ partner networks – ‘outsourced’ distributors that share the profit from successful ransomware attacks with the technology holders.

2019 has seen this plague actively shifting towards a new target – municipalities. Arguably, the most prominent and widely discussed incident was that in Baltimore, which suffered from a large-scale ransomware campaign that knocked out a number of city services and required tens of millions of dollars to restore the city’s IT networks.

Based on publicly available statistics and announcements monitored by Kaspersky experts, 2019 has seen at least 174 municipal organizations targeted by ransomware. This is an approximately 60% increase from the number of cities and towns that reported falling victim to attacks a year earlier. Whereas not everyone has confirmed the amount of extorted funds and whether a ransom was paid or not, the average demand for ransom ranged from $5,000 to $5,000,000, and on average was equal to around $1,032,460. The numbers, however, varied greatly, as the funds extorted from small town school districts, for example, were sometimes 20 times smaller than those extorted from city halls in big municipalities.

However, the actual damage caused by attacks, according to estimates by independent analysts, often differs from the sum that the criminals request. First of all, some municipal institutions and vendors are insured against cyber-incidents, which compensates the costs one way or another. Secondly, the attacks can often be neutralized by timely incident response. Last but not the least, not all cities pay the ransom: in the Baltimore encryption case, where officials refused to pay the ransom, the city ended up spending $18 million to restore its IT infrastructure. While this sum might seem way more than the initial $114,000 requested by the criminals, paying the ransom is a short-term solution that encourages threat actors to continue their malicious practices. You need to keep in mind that once a city’s IT infrastructure has been compromised, it requires an audit and a thorough incident investigation to prevent similar incidents from occurring again, plus the additional cost of implementing robust security solutions.

Attack scenarios vary. For instance, an attack may be the result of unprotected remote access. In general, however, there are two entry points through which a municipality can be attacked: social engineering and a breach in un-updated software. A vivid illustration of the latter problem has been observed quarterly by Kaspersky experts: the all-time leader of almost all rankings of ransomware most frequently blocked on user devices is WannaCry. Even though Microsoft released a patch for its Windows operating system that closed the relevant vulnerability months before the attacks started, WannaCry still affected hundreds of thousands of devices around the globe. And what’s more striking is the fact that it still lives and prospers. The latest statistics gathered by Kaspersky in Q3 2019 demonstrated that two and a half years after the WannaCry epidemic ended, a fifth of all users targeted by cryptors were attacked by WannaCry. What’s more, the statistics from 2017 to mid-2019 show that WannaCry is consistently one of the most popular malware samples, accounting for 27% of all users attacked by ransomware in that time period.

An alternative scenario involves criminals exploiting human factors: this is arguably the most underestimated attack vector, as training of employees in security hygiene is nowhere near as universal as it should be. Many industries lose a tremendous amount of money due to employee errors (in some industries this is the case for half of all incidents), phishing and spam messages containing installers for dangerous malware are still circulating around the web and reaching victims. Sometimes those victims may be managing the company’s accounts and finances and not even suspect that opening a scammer email and downloading what appears to be a PDF file on their computers can result in a network being compromised.

Among the many types of municipal organizations attacked throughout 2019, some attracted more attacks than others.

The most targeted entities were undoubtedly educational organisations, such as school districts, accounting for approximately 61% of all attacks: 2019 saw operations against more than 105 school districts, with a whopping 530 schools targeted. This sector has been hit hard, yet demonstrated a resilience: while some colleges had to cancel classes, many educational institutions adopted a position of continuing studies despite a lack of technical support, claiming that computers have only recently become part of the educational process, and that staff are perfectly capable of teaching pupils without them.

City halls and municipal centers, meanwhile, accounted for around 29% of cases. Threat actors are often aiming at the heart of processes that, if stopped, will result in an extremely problematic interruption of vital processes for the vast majority of citizens and local organizations. Unfortunately, such institutions are still often equipped with weak infrastructure and unreliable security solutions, as the workflow (especially in small, quiet towns or villages without advanced infrastructure) does not require high computing capacities. As a consequence, the locals often don’t bother updating old computers because they appear to still be functioning well. This might be related to a common mistake, whereby security updates are associated with design changes or technical developments introduced in the software, while their most vital function is in fact closing breaches found by white- or black-hat hackers and security researchers.

Another popular target was hospitals, accounting for 7% of all attacks. While some black-hat hackers and cybercriminal groups claim to have a code of conduct, in most cases attackers are motivated purely by the prospect of financial gain and go for vital services that cannot tolerate long periods of disruption, such as medical centers.

Furthermore, around 2% of all institutions subjected to an attack were municipal utility services or their subcontractors. The reason for this might be that such service providers are often used as an entry point to a whole network of devices and organizations, as they are responsible for communications in terms of billing for multiple locations and households. In the scenario where threat actors successfully attack the service provider, they might also compromise every locality that particular vendor or institution services. In addition, the disruption of utility services may result in disruption to vital regular operations, such as providing online payment services for residents of the town or city to pay their monthly bills – this adds to the pressure the victims’ experience and pushes them towards a short-term, yet seemingly effective solution – paying the ransom.

Let’s take a closer look at the malware that has been actively used in attacks on municipalities.

The besiegers Ryuk

While not all organizations disclose technical details about the ransomware that hits them, Ryuk ransomware (Detection name: Trojan-Ransom.Win32.Hermez) has been cited as a reason for incidents in municipalities noticeavly often. It is known to be notorious for attacking large organizations and governmental and municipal networks. This malware first appeared in the second half of 2018 and has been mutating and actively propagating throughout 2019.

Geography

!function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement("script");o.async=1,o.id=n,o.src="https://e.infogram.com/js/dist/embed-loader-min.js",d.parentNode.insertBefore(o,d)}}(document,0,"infogram-async");

TOP 10 countries

Countries %* 1 Germany 8.60 2 China 7.99 3 Algeria 6.76 4 India 5.84 5 Russian Federation 5.22 6 Iran 5.07 7 United States 4.15 8 Kazakhstan 3.38 9 United Arab Emirates 3.23 10 Brazil 3.07

*Percentage of users attacked in each country by Ryuk, relative to all users attacked worldwide by this malware

Ryuk has been seen all over the world, although some countries have been affected more than others. According to Kaspersky Security Network statistics, in 8.6% of cases it attempted to attack German-based targets, followed by China (8%) and Algeria (6.8%).

Distribution
The threat actors behind Ryuk employ a multi-stage scheme to deliver this ransomware to their victims.

The initial stage involves infecting a large number of machines by the Emotet bot (Detection name: Trojan-Banker.Win32.Emotet). Typically this is achieved by sending out spam emails containing a document with a malicious macro that will download the bot if the victim allows the execution of macros.

Spam message with a malicious document attached

The malicious document

At the second stage of the infection, Emotet will receive a command from its servers to download and install another piece of malware – Trickbot (verdict: Trojan.Win32.Trickster) – into the compromised system. This piece of malware will allow the threat actors to carry out reconnaissance in the compromised network.

If the criminals find they have infiltrated a high-profile victim, for example, a large municipal network, or a corporation, they will likely continue to the third stage of the infection and deploy Ryuk ransomware to numerous nodes in the affected network.

Brief technical description

Ryuk has been evolving since its creation and there is a certain variation between the numerous samples existing ITW. Some of them are built as 32-bit binaries, others are 64-bit; some variants contain a hardcoded list of processes that will be targeted for code injections, other variants white-list several processes and will try to inject all others; the encryption scheme also sometimes differs from one sample to another.

We will describe one of the recent modifications discovered in late October 2019 (MD5: fe8f2f9ad6789c6dba3d1aa2d3a8e404).

File encryption
This modification of Ryuk uses a hybrid encryption scheme employing the AES algorithm to encrypt the content of the victim’s files, and the RSA algorithm to encrypt the AES keys. Ryuk uses the standard implementation of cryptographic routines provided by Microsoft CryptoAPI.

The Trojan sample contains the threat actor’s embedded 2048-bit RSA key. The private counterpart is not exposed and may be used by the criminals for decryption if the ransom is paid. For each victim file Ryuk will generate a new unique 256-bit AES key that will be used to encrypt the file content. The AES keys are encrypted by RSA and saved at the end of the encrypted file.

Ryuk encrypts both local drives and network shares. Encrypted files will get an additional extension (.RYK), and a ransom note containing the email of the criminals will be saved nearby.

Ransom note

Additional functionality
To cause more damage in the network, this Ryuk variant uses a trick that we haven’t observed in other ransomware families before; the Trojan attempts to wake other machines that are in a sleeping state but have been configured to use Wake-on-LAN.

Ryuk does this in order to maximize the attack surface: the files located on network shares hosted on sleeping PCs are unavailable for access, but if the Trojan manages to wake them, it will be able to encrypt those files as well. To achieve this, Ryuk retrieves the MAC addresses of the nearby machines from the local ARP cache of the infected system and sends broadcast UDP packets starting with the magic value {0xff, 0xff, 0xff, 0xff, 0xff, 0xff} to port 7 which will wake up the targeted computers.

Fragment of the procedure implementing Wake-on-Lan packet broadcast

Other features of the Ryuk algorithm that are more conventional for ransomware families include: code injection into legitimate processes in order to avoid detection; attempting to terminate processes related to business applications to make the files used by these programs available for modification; attempting to stop various services related both to business applications and to security solutions.

Purga

This ransomware family appeared in the middle of 2016 and is still being actively developed and distributed around the world. It has been recorded targeting municipalities. One of the features of this malware is that it attacks regular users as well as large corporations and even governmental organizations. Our products detect this malware as Trojan-Ransom.Win32.Purga. The Trojan family is also known as Globe, Amnesia or Scarab ransomware.

Geography

!function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement("script");o.async=1,o.id=n,o.src="https://e.infogram.com/js/dist/embed-loader-min.js",d.parentNode.insertBefore(o,d)}}(document,0,"infogram-async");

TOP 10 countries

Countries %* 1 Russian Federation 85.59 2 Belarus 1.37 3 Turkey 0.85 4 India 0.80 5 Kazakhstan 0.74 6 Germany 0.62 7 Ukraine 0.54 8 China 0.46 9 Algeria 0.40 10 United Arab Emirates 0.40

*Percentage of users attacked in each country by Purga, relative to all users attacked worldwide by this malware

Distribution
Throughout this family’s existence, the criminals behind it have used various types of infection vectors. The main attack vectors are spam campaigns and RDP brute-force attacks.

According to our information, this is currently the most common attack scenario:

  1. The criminals scan the network to find an open RDP port
  2. They try to brute-force credentials to log in to the targeted machine
  3. After a successful login, the criminals try to elevate privileges using various exploits
  4. The criminals launch the ransomware

Brief technical description
Purga ransomware is an example of very intensively developed ransomware. Over the last couple of years, the criminals have changed several encryption algorithms, key generation functions, cryptographically schemes and so on.

Here we will briefly describe the latest modification.

Naming scheme:
Each modification of Purga uses a different extension for each file and a different email address to contact. Despite using various extensions for the encrypted files, the Trojan uses only two naming schemes, which depend on its configuration:

  1. [original file name].[original extension].[new extension]
  2. [encrypted file name].[new extension]

File encryption
During encryption the Trojan uses a standard scheme that combines symmetric and asymmetric algorithms. Each file is encrypted using a randomly generated symmetric key, then this symmetric key is encrypted with an asymmetric key and the result is stored in the file, in a specifically built structure.

Stop

The notorious Stop ransomware (also known as Djvu STOP) was first encountered at the end of the 2018. Our detection name for this family is Trojan-Ransom.Win32.Stop and, according to our statistics, in 2019 alone the various modifications of Stop ransomware attacked more than 20,000 victims around the world. Unsurprisingly, according to our KSN report for the third quarter of 2019, Stop ransomware finished seventh among the most common ransomware.

Geography

!function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement("script");o.async=1,o.id=n,o.src="https://e.infogram.com/js/dist/embed-loader-min.js",d.parentNode.insertBefore(o,d)}}(document,0,"infogram-async");

TOP 10 countries

Countries %* 1 Vietnam 10.28 2 India 10.10 3 Brazil 7.90 4 Algeria 5.31 5 Egypt 4.89 6 Indonesia 4.59 7 Turkey 4.30 8 Morocco 2.42 9 Bangladesh 2.25 10 Mexico 2.09

*Percentage of unique users attacked in each country by Stop, relative to all users attacked worldwide by this malware

Distribution
The authors chose to distribute their malware primarily through software installers. When users try to download specific software from an untrusted site or try to use software cracks, instead of the desired result their machines become infected by the ransomware.

Brief technical description
For file encryption, Stop ransomware uses a randomly generated Salsa20 key, which is then encrypted by a public RSA key.

Fragment of code from the file encryption routine

Depending on the availability of the C&C server, Stop ransomware uses either an online or offline RSA key. The offline public RSA key can be found in the configuration of each malicious sample.

Dumped fragment of the malware

Conclusion and recommendations

2019 has been a year of ransomware attacks on municipalities, and this trend is likely to continue in 2020. There are various reasons why the number of attacks on municipalities is increasing.

First of all, the cybersecurity budgeting of municipalities is often more focused on insurance and emergency response than on proactive defense measures. This results in cases where the only possible solution is to pay the criminals and facilitate their activities.
Secondly, municipal services often have numerous networks that include multiple organizations, so hitting them causes disruption on many levels at the same time, bringing processes across entire districts to a halt.

What’s more, the data stored in municipal networks is often vital for the functioning of everyday processes, as it directly concerns the welfare of citizens and local organizations. By striking such targets, cybercriminals are hitting a sensitive spot.

However, simple preventive measures can help combat the epidemic:

  • It is essential to install all security updates as soon as they appear. Most cyberattacks exploit vulnerabilities that have already been reported and addressed, so installing the latest security updates lowers the chances of an attack.
  • Protect remote access to corporate networks by VPN and use secure passwords for domain accounts.
  • Always update your operating system to eliminate recent vulnerabilities and use a robust security solution with updated databases.
  • Always have fresh back-up copies of your files so you can replace them in case they are lost (e.g. due to malware or a broken device) and store them not only on a physical medium but also in the cloud for greater reliability.
  • Remember that ransomware is a criminal offence. You shouldn’t pay a ransom. If you become a victim, report it to your local law enforcement agency. Try to find a decryptor on the internet first – some of them are available for free here: https://noransom.kaspersky.com
  • Educating employees about cybersecurity hygiene is necessary to prevent attacks from happening in the first place. Kaspersky Interactive Protection Simulation Games offer a special scenario that focuses on threats relevant to local public administration.
  • Use a security solution for organizations in order to protect business data from ransomware. Kaspersky Endpoint Security for Business has behavior detection, anomaly control and exploit prevention capabilities that detect known and unknown threats and prevent malicious activity. A preferred third-party security solution can also be enhanced with the free Kaspersky Anti-Ransomware Tool.

Alleged Nigerian social engineer wins free flight to the US for business email fraud and love scams

The Register - Anti-Virus - 11 Prosinec, 2019 - 01:24
Feds get extradition for 64 year-old fraud suspect who allegedly netted hundreds of thousands of dollars

A 64 year-old man from Nigeria is set to be tried in the US on charges he was the brains behind a string of business email hacks and romance scams.…

Kategorie: Viry a Červi

It's the end of the 20-teens, and your Windows PC can still be pwned by nothing more than a simple bad font

The Register - Anti-Virus - 10 Prosinec, 2019 - 23:33
End 2019 with a Patch Tuesday from Microsoft, Adobe, SAP and Intel

With the year winding to a close and the holiday parties set to kick off, admins will want to check out the December Patch Tuesday load from Microsoft, Adobe, Intel, and SAP and get them installed before downing the first of many egg nogs.…

Kategorie: Viry a Červi

Microsoft Zaps Actively Exploited Zero-Day Bug

VirusList.com - 10 Prosinec, 2019 - 22:21
December 2019's relatively light Patch Tuesday update also fixes seven critical flaws.
Kategorie: Viry a Červi

Americans should have strong privacy-protecting encryption ...that the Feds and cops can break, say senators

The Register - Anti-Virus - 10 Prosinec, 2019 - 22:12
I don't care if it's mathematically impossible, make it happen nerds!

In its latest attempt to come up with a digital encryption scheme that's both secure and not, the US Senate Judiciary Committee on Tuesday heard conflicting testimony from industry, academics, and law enforcement about whether encryption can simultaneously protect information and also reveal it on demand.…

Kategorie: Viry a Červi

Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium

Kaspersky Securelist - 10 Prosinec, 2019 - 21:00

In November 2019, Kaspersky technologies successfully detected a Google Chrome 0-day exploit that was used in Operation WizardOpium attacks. During our investigation, we discovered that yet another 0-day exploit was used in those attacks. The exploit for Google Chrome embeds a 0-day EoP exploit (CVE-2019-1458) that is used to gain higher privileges on the infected machine as well as escaping the Chrome process sandbox. The exploit is very similar to those developed by the prolific 0-day developer known as ‘Volodya’.

The EoP exploit consists of two stages: a tiny PE loader and the actual exploit. After achieving a read/write primitive in the renderer process of the browser through vulnerable JS code, the PE exploit corrupts some pointers in memory to redirect code execution to the PE loader. This is done to bypass sandbox restrictions because the PE exploit cannot simply start a new process using native WinAPI functions.

The PE loader locates an embedded DLL file with the actual exploit and repeats the same process as the native Windows PE loader – parsing PE headers, handling imports/exports, etc. After that, a code execution is redirected to the entry point of the DLL – the DllEntryPoint function. The PE code then creates a new thread, which is an entry point for the exploit itself, and the main thread simply waits until it stops.

EoP exploit used in the attack

The PE file encapsulating this EoP exploit has the following header:

The compilation timestamp of Wed Jul 10 00:50:48 2019 is different from the other binaries, indicating it has been in use for some time.

Our detailed analysis of the EoP exploit revealed that the vulnerability it used belongs to the win32k.sys driver and that the EoP exploit was the 0-day exploit because it works on the latest (patched) versions of Windows 7 and even on a few builds of Windows 10 (new Windows 10 builds are not affected because they implement measures that prevent the normal usage of the exploitable code).

The vulnerability itself is related to windows switching functionality (for example, the one triggered using the Alt-Tab key combination). That’s why the exploit’s code uses a few WinAPI calls (GetKeyState/SetKeyState) to emulate a key press operation.

At the beginning, the exploit tries to find the operating system version using ntdll.dll’s RtlGetVersion call that’s used to find a dozen offsets needed to set up fake kernel GDI objects in the memory. At the same time, it tries to leak a few kernel pointers using well-known techniques to leak kernel memory addresses (gSharedInfo, PEB’s GdiSharedHandleTable). After that, it tries to create a special memory layout with holes in the heap using many calls to CreateAcceleratorTable/DestroyAcceleratorTable. Then a bunch of calls to CreateBitmap are performed, the addresses to which are leaked using a handle table array.

Triggering exploitable code path

After that, a few pop-up windows are created and an undocumented syscall NtUserMessageCall is called using their window handles. In addition, it creates a special window with the class of a task switch window (#32771) and it’s important to trigger an exploitable code path in the driver. At this step the exploit tries to emulate the Alt key and then using a call to SetBitmapBits it crafts a GDI object which contains a controllable pointer value that is used later in the kernel driver’s code (win32k!DrawSwitchWndHilite) after the exploit issues a second undocumented call to the syscall (NtUserMessageCall). That’s how it gets an arbitrary kernel read/write primitive.

Achieving primitives needed to get arbitrary R/W

This primitive is then used to perform privilege escalation on the target system. It’s done by overwriting a token in the EPROCESS structure of the current process using the token value for an existing system driver process.

Overwriting EPROCESS token structure

Kaspersky products detect this exploit with the verdict PDM:Exploit.Win32.Generic.
These kinds of threats can also be detected with our Sandbox technology. This detection component is a part of our KATA and Kaspersky Sandbox products. In this particular attack sandbox solution can analyze URL/malicious payload in isolated environment and detect the EPROCESS token manipulation.

Cyberattack Downs Pensacola’s City Systems

VirusList.com - 10 Prosinec, 2019 - 20:35
The cyberattack comes days after a shooting at U.S. military base Naval Air Station Pensacola rocked the city.
Kategorie: Viry a Červi

Intel might want to reconsider the G part of SGX – because it's been plunderstruck

The Register - Anti-Virus - 10 Prosinec, 2019 - 19:00
I was caught in the middle of a memory attack, and I knew there was no turning back

Intel on Tuesday plans to release 11 security advisories, including a microcode firmware update to patch a vulnerability in its Software Guard Extensions (SGX) on recent Core microprocessors that allows a privileged attacker to corrupt SGX enclave computations.…

Kategorie: Viry a Červi

Snatch Team Steals Data and Hammers Orgs with Ransomware

VirusList.com - 10 Prosinec, 2019 - 17:44
Snatch has burst on the scene, featuring an array of executables and tools for carrying out carefully orchestrated attacks.
Kategorie: Viry a Červi

Adobe Fixes 17 Critical Acrobat, Photoshop and Brackets Flaws

VirusList.com - 10 Prosinec, 2019 - 17:37
The patches are part of Adobe's regularly-scheduled fixes.
Kategorie: Viry a Červi

Don't pay off Ryuk ransomware, warn infoseccers: Its creators borked the decryptor

The Register - Anti-Virus - 10 Prosinec, 2019 - 17:30
Oracle DBs particularly vulnerable to fake decryptions, say researchers

If you're an Oracle database user and are tempted to pay off a Ryuk ransomware infection to get your files back, for pity's sake, don't. The criminals behind it have broken their own decryptor, meaning nobody will be able to unlock files scrambled by the malicious software.…

Kategorie: Viry a Červi

Amazon’s Blink Smart Security Cameras Open to Hijack

VirusList.com - 10 Prosinec, 2019 - 17:12
Amazon has rolled out patches for the vulnerabilities and users are urged to confirm their device is updated to firmware version 2.13.11 or later.
Kategorie: Viry a Červi

Download: The 2020 Cybersecurity Salary Survey Results

VirusList.com - 10 Prosinec, 2019 - 17:00
Today you can access the aggregated and analyzed 2020 Cybersecurity Salary Survey Results and gain insight into the main ranges and factors of current cybersecurity salaries.
Kategorie: Viry a Červi

DHS Rolls Back Facial-Recognition Expansion Plan

VirusList.com - 10 Prosinec, 2019 - 15:04
Biometric facial scanning won’t be a requirement for all U.S. citizens traveling internationally after all, the department decided.
Kategorie: Viry a Červi

Snatch ransomware pwns security using sneaky ‘safe mode’ reboot

Sophos Naked Security - 10 Prosinec, 2019 - 13:17
The Sophos Managed Threat Response (MTR) team has warned the industry of a dangerous new ransomware trick.

EU releases its 5G conclusions

Sophos Naked Security - 10 Prosinec, 2019 - 13:00
The Council of the European Union sent a memo summarizing its thoughts on the "need to mitigate security risks linked to 5G".
Syndikovat obsah