CVE-2019-2725 Exploited and Certificate Files Used for Obfuscation to Deliver Monero Miner
by Mark Vicente, Johnlery Triunfante, and Byron Gelera In April 2019, a security advisory was released for CVE-2019-2725, a deserialization vulnerability involving the widely used Oracle WebLogic Server. Soon after the advisory was published, reports emerged on the SANS ISC InfoSec forums that the vulnerability was already being actively exploited to install cryptocurrency miners. We […] more…Platinum is back
In June 2018, we came across an unusual set of samples spreading throughout South and Southeast Asian countries targeting diplomatic, government and military entities. The campaign, which may have started as far back as 2012, featured a multi-stage approach and was dubbed EasternRoppels. The actor behind this campaign, believed to be related to the notorious […] more…WordPress Hacks: 5 Ways to Protect WordPress from Hacking
WordPress is one of the most popular content management systems (CMS) out there. That’s why it is vital to prevent WordPress hacking. Statistically, over 33% of websites currently run on WordPress. This post is not a “one size fits all” overview, as there are many other ways to protect WordPress from hacking. Here at Sucuri, […] more…Researchers Dissect PowerShell Scripts Used by Russia-Linked Hackers
Security researchers from ESET have analyzed several PowerShell scripts used by the Russia-linked Turla threat group in recent attacks. read more more…Foreign spies may be hiding in your VPN, warns DHS
“…nation-state actors have demonstrated intent and capability to leverage VPN services and vulnerable users for malicious purposes.” more…New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices
By: Augusto Remillano II and Jakub Urbanec We discovered a new variant of Mirai (detected as Backdoor.Linux.MIRAI.VWIPT) that uses a total of 13 different exploits, almost all of which have been used in previous Mirai-related attacks. Typical of Mirai variants, it has backdoor and distributed denial-of-service (DDoS) capabilities. However, this case stands out as the […] more…IT threat evolution Q1 2019. Statistics
These statistics are based on detection verdicts of Kaspersky Lab products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, Kaspersky Lab solutions blocked 843,096,461 attacks launched from online resources in 203 countries across the globe. 113,640,221 unique URLs were recognized as malicious by Web Anti-Virus components. Attempted […] more…“Hackable?” Puts Smartphones to the Test
Is the Personal Data on Your Smartphone Vulnerable? Listen to Find Out: Used for everything from banking and taking pictures, to navigating, streaming, and connecting, mobile devices are a treasure trove of sensitive personal data. On the latest episode of “Hackable?” the team investigates how secure that data really is by inviting a white-hat to […] more…DDoS attacks in Q1 2019
News overview The start of the year saw the appearance of various new tools in the arsenal of DDoS-attack masterminds. In early February, for instance, the new botnet Cayosin, assembled from elements of Qbot, Mirai, and other publicly available malware, swam into view. Cybersecurity experts were intrigued less by the mosaic structure and frequent updating […] more…Picreel and Alpaca Forms Compromised by Magecart Attacks
On Sunday, May 12, 2019, security researcher Willem de Groot tweeted, “Supply chain attack of the week: @Picreel_ marketing software got hacked last night, their 1200+ customer sites are now leaking data to an exfil server in Panama.” He later added, “And also hacked: http://CloudCMS(.)com with some 3400 sites.” read more more…May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this release, six are rated Critical, 73 are rated Important or […] more…Siemens Addresses Vulnerabilities in LOGO, SINAMICS Products
The May 2019 Patch Tuesday advisories from Siemens address over a dozen vulnerabilities, including serious flaws affecting the company’s LOGO and SINAMICS Perfect Harmony products. read more more…Website Infections Holding Steady at 1%, But Attacks Becoming Stealthier: Report
Only 15% of Malware-Infected Websites Are Blacklisted, Report Finds read more more…ScarCruft continues to evolve, introduces Bluetooth harvester
Executive summary After publishing our initial series of blogposts back in 2016, we have continued to track the ScarCruft threat actor. ScarCruft is a Korean-speaking and allegedly state-sponsored threat actor that usually targets organizations and companies with links to the Korean peninsula. The threat actor is highly skilled and, by all appearances, quite resourceful. We […] more…Phar Vulnerabilities Patched in Drupal, TYPO3
Updates released this week for the Drupal and TYPO3 open source content management systems (CMSs) patch vulnerabilities related to how Phar archives are handled. The Phar (PHP Archive) package format enables developers to place all the files of a PHP application inside a single archive. read more more…Hard-Coded Credentials Found in Alpine Linux Docker Images
For the past three years, Alpine Linux Docker images have been shipped with a NULL password for the root user, Cisco’s Talos security researchers have discovered. read more more…More information
- Virus hits Qatari natural gas giant
- What are the Pros and Cons of Snooping on Your Kids Online?
- A lifetime subscription to VPN Unlimited is just $40
- The most sophisticated Android Trojan
- Critical Vulnerability in Google’s Titan M Chip Earns Researchers $75,000
- Privya Emerges From Stealth With Data Privacy Code Scanning Platform
- A Quick Introduction to the MITRE ATT&CK Framework
- Symantec prioritises focus on unified security strategy following split
- RFID repeater used to steal Mercedes with keys locked inside a house
- Hackers Earn $400k on First Day at Pwn2Own Toronto 2023