Malware attacks that recently put the Polish banking sector on alert were part of a larger campaign that targeted financial organizations from more than 30 countries.Researchers from Symantec and BAE Systems linked the malware used in the recently discovered Polish attack to similar attacks that have taken place since October in other countries. There are also similarities to tools previously used by a group of attackers known in the security industry as Lazarus.The hackers compromised websites that were of interest to their ultimate targets, a technique known as watering hole attacks. They then injected code into them that redirected visitors to a custom exploit kit.To read this article in full or to leave a comment, please click here
Malware attacks that recently put the Polish banking sector on alert were part of a larger campaign that targeted financial organizations from more than 30 countries.Researchers from Symantec and BAE Systems linked the malware used in the recently discovered Polish attack to similar attacks that have taken place since October in other countries. There are also similarities to tools previously used by a group of attackers known in the security industry as Lazarus.The hackers compromised websites that were of interest to their ultimate targets, a technique known as watering hole attacks. They then injected code into them that redirected visitors to a custom exploit kit.To read this article in full or to leave a comment, please click here
Up to 20 attackers or groups of attackers are defacing WordPress websites that haven't yet applied a recent patch for a critical vulnerability.The vulnerability, located in the platform's REST API, allows unauthenticated attackers to modify the content of any post or page within a WordPress site. The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability's existence until a week later, to allow enough time for a large number of users to deploy the update.To read this article in full or to leave a comment, please click here
Up to 20 attackers or groups of attackers are defacing WordPress websites that haven't yet applied a recent patch for a critical vulnerability.The vulnerability, located in the platform's REST API, allows unauthenticated attackers to modify the content of any post or page within a WordPress site. The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability's existence until a week later, to allow enough time for a large number of users to deploy the update.To read this article in full or to leave a comment, please click here
Attackers have started to use Windows and Android malware to hack into embedded devices, dispelling the widely held belief that if such devices are not directly exposed to the Internet they're less vulnerable.Researchers from Russian antivirus vendor Doctor Web have recently come across a Windows Trojan program that was designed to gain access to embedded devices using brute-force methods and to install the Mirai malware on them.Mirai is a malware program for Linux-based internet-of-things devices, such as routers, IP cameras, digital video recorders and others. It's used primarily to launch distributed denial-of-service (DDoS) attacks and spreads over Telnet by using factory device credentials.To read this article in full or to leave a comment, please click here
Attackers have started to use Windows and Android malware to hack into embedded devices, dispelling the widely held belief that if such devices are not directly exposed to the Internet they're less vulnerable.Researchers from Russian antivirus vendor Doctor Web have recently come across a Windows Trojan program that was designed to gain access to embedded devices using brute-force methods and to install the Mirai malware on them.Mirai is a malware program for Linux-based internet-of-things devices, such as routers, IP cameras, digital video recorders and others. It's used primarily to launch distributed denial-of-service (DDoS) attacks and spreads over Telnet by using factory device credentials.To read this article in full or to leave a comment, please click here
A wave of attacks that have recently affected banks and other enterprises used open-source penetration testing tools loaded directly into memory instead of traditional malware, making their detection much harder.Researchers from antivirus vendor Kaspersky Lab started investigating these attacks after the security team from an unnamed bank found Meterpreter in the random access memory (RAM) of a server that acted as the organization's Windows domain controller.Meterpreter is an in-memory attack payload that can inject itself into other running processes and is used to establish persistency on a compromised system. It is part of the Metasploit penetration testing framework, a popular tool used both by internal security teams and by malicious hackers.To read this article in full or to leave a comment, please click here
A wave of attacks that have recently affected banks and other enterprises used open-source penetration testing tools loaded directly into memory instead of traditional malware, making their detection much harder.Researchers from antivirus vendor Kaspersky Lab started investigating these attacks after the security team from an unnamed bank found Meterpreter in the random access memory (RAM) of a server that acted as the organization's Windows domain controller.Meterpreter is an in-memory attack payload that can inject itself into other running processes and is used to establish persistency on a compromised system. It is part of the Metasploit penetration testing framework, a popular tool used both by internal security teams and by malicious hackers.To read this article in full or to leave a comment, please click here
The discovery of malware on computers and servers of several Polish banks has put the country's financial sector on alert over potential compromises.Polish media reported last week that the IT security teams at many Polish banks have been busy recently searching their systems for a particular strain of malware after several unnamed banks found it on their computers.It's not clear what the malware's end goal is, but in at least one case it was used to exfiltrate data from a bank's computer to an external server. The nature of the stolen information could not be immediately determined because it was encrypted, Polish IT news blog Zaufana Trzecia Strona reported Friday.To read this article in full or to leave a comment, please click here
After aggressively using JavaScript email attachments to distribute malware for the past year, attackers are now switching to less suspicious file types to trick users.Last week, researchers from the Microsoft Malware Protection Center warned about a new wave of spam emails that carried malicious .LNK files inside ZIP archives. Those files had malicious PowerShell scripts attached to them.PowerShell is a scripting language for automating Windows system administration tasks. It has been abused to download malware in the past and there are even malware programs written entirely in PowerShell.To read this article in full or to leave a comment, please click here
After aggressively using JavaScript email attachments to distribute malware for the past year, attackers are now switching to less suspicious file types to trick users.Last week, researchers from the Microsoft Malware Protection Center warned about a new wave of spam emails that carried malicious .LNK files inside ZIP archives. Those files had malicious PowerShell scripts attached to them.PowerShell is a scripting language for automating Windows system administration tasks. It has been abused to download malware in the past and there are even malware programs written entirely in PowerShell.To read this article in full or to leave a comment, please click here
Following recent research that showed many printer models are vulnerable to attacks, a hacker decided to prove the point and forced thousands of publicly exposed printers to spew out rogue messages.
The messages included ASCII art depicting robots and warned that the printers had been compromised and they were part of a botnet. The hacker, who uses the online alias Stackoverflowin, later said that the botnet claim was not true and that his efforts served only to raise awareness about the risks of leaving printers exposed to the internet.
Stackoverflowin claims to be a high-school student from the U.K. who is interested in security research. He said that for the most part he simply sent print jobs using the Line Printer Daemon (LPD), the Internet Printing Protocol (IPP) and the RAW protocol on communications port 9100 to printers that didn't require authentication.To read this article in full or to leave a comment, please click here
Following recent research that showed many printer models are vulnerable to attacks, a hacker decided to prove the point and forced thousands of publicly exposed printers to spew out rogue messages.
The messages included ASCII art depicting robots and warned that the printers had been compromised and they were part of a botnet. The hacker, who uses the online alias Stackoverflowin, later said that the botnet claim was not true and that his efforts served only to raise awareness about the risks of leaving printers exposed to the internet.
Stackoverflowin claims to be a high-school student from the U.K. who is interested in security research. He said that for the most part he simply sent print jobs using the Line Printer Daemon (LPD), the Internet Printing Protocol (IPP) and the RAW protocol on communications port 9100 to printers that didn't require authentication.To read this article in full or to leave a comment, please click here
Microsoft will likely wait until February 14 to fix a publicly disclosed vulnerability in the SMB network file sharing protocol that can be exploited to crash Windows computers.
The vulnerability was disclosed Thursday when the security researcher who found it posted a proof-of-concept exploit for it on GitHub. There was concern initially that the flaw might also allow for arbitrary code execution and not just denial-of-service, which would have made it critical.
The CERT Coordination Center (CERT/CC) at Carnegie Mellon University at first mentioned arbitrary code execution as a possibility in an advisory released Thursday. However, the organization has since removed that wording from the document and downgraded the flaw's severity score from 10 (critical) to 7.8 (high).To read this article in full or to leave a comment, please click here
Microsoft will likely wait until February 14 to fix a publicly disclosed vulnerability in the SMB network file sharing protocol that can be exploited to crash Windows computers.
The vulnerability was disclosed Thursday when the security researcher who found it posted a proof-of-concept exploit for it on GitHub. There was concern initially that the flaw might also allow for arbitrary code execution and not just denial-of-service, which would have made it critical.
The CERT Coordination Center (CERT/CC) at Carnegie Mellon University at first mentioned arbitrary code execution as a possibility in an advisory released Thursday. However, the organization has since removed that wording from the document and downgraded the flaw's severity score from 10 (critical) to 7.8 (high).To read this article in full or to leave a comment, please click here
The implementation of the SMB network file sharing protocol in Windows has a serious vulnerability that could allow hackers to, at the very least, remotely crash systems.
The unpatched vulnerability was publicly disclosed Thursday by an independent security researcher named Laurent Gaffié, who claims that Microsoft has delayed releasing a patch for the flaw for the past three months.
Gaffié, who is known on Twitter as PythonResponder, published a proof-of-concept exploit for the vulnerability on GitHub, triggering an advisory from the CERT Coordination Center (CERT/CC) at Carnegie Mellon University.To read this article in full or to leave a comment, please click here
The implementation of the SMB network file sharing protocol in Windows has a serious vulnerability that could allow hackers to, at the very least, remotely crash systems.
The unpatched vulnerability was publicly disclosed Thursday by an independent security researcher named Laurent Gaffié, who claims that Microsoft has delayed releasing a patch for the flaw for the past three months.
Gaffié, who is known on Twitter as PythonResponder, published a proof-of-concept exploit for the vulnerability on GitHub, triggering an advisory from the CERT Coordination Center (CERT/CC) at Carnegie Mellon University.To read this article in full or to leave a comment, please click here
Cisco Systems has fixed a critical vulnerability that could allow hackers to take over servers used by telecommunications providers to remotely manage customer equipment such as routers.The vulnerability affects Cisco Prime Home, an automated configuration server (ACS) that communicates with subscriber devices using the TR-069 protocol. In addition to remotely managing customer equipment, it can also "automatically activate and configure subscribers and deliver advanced services via service packages" over mobile, fiber, cable, and other ISP networks."A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges," Cisco said in its advisory.To read this article in full or to leave a comment, please click here
Cisco Systems has fixed a critical vulnerability that could allow hackers to take over servers used by telecommunications providers to remotely manage customer equipment such as routers.The vulnerability affects Cisco Prime Home, an automated configuration server (ACS) that communicates with subscriber devices using the TR-069 protocol. In addition to remotely managing customer equipment, it can also "automatically activate and configure subscribers and deliver advanced services via service packages" over mobile, fiber, cable, and other ISP networks."A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges," Cisco said in its advisory.To read this article in full or to leave a comment, please click here
Cisco Systems has fixed a critical vulnerability that could allow hackers to take over servers used by telecommunications providers to remotely manage customer equipment such as routers.The vulnerability affects Cisco Prime Home, an automated configuration server (ACS) that communicates with subscriber devices using the TR-069 protocol. In addition to remotely managing customer equipment, it can also "automatically activate and configure subscribers and deliver advanced services via service packages" over mobile, fiber, cable, and other ISP networks."A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges," Cisco said in its advisory.To read this article in full or to leave a comment, please click here
Lucian Constantin