Lucian Constantin

Author Archives: Lucian Constantin

Rival gang leaks decryption keys for Chimera ransomware

Aside from the efforts of security researchers and antivirus companies, malware victims can sometimes also benefit from the fighting between rival cybercriminal groups.That happened this week when the creators of the Petya and Mischa ransomware programs leaked about 3,500 RSA private keys allegedly corresponding to systems infected with Chimera, another ransomware application.In a post Tuesday on Pastebin, Mischa's developers claimed that earlier this year they got access to big parts of the development system used by Chimera's creators.As a result of that hack, they obtained the source code for Chimera and integrated some of it into their own ransomware project, according to the Pastebin message.To read this article in full or to leave a comment, please click here

Rival gang leaks decryption keys for Chimera ransomware

Aside from the efforts of security researchers and antivirus companies, malware victims can sometimes also benefit from the fighting between rival cybercriminal groups.That happened this week when the creators of the Petya and Mischa ransomware programs leaked about 3,500 RSA private keys allegedly corresponding to systems infected with Chimera, another ransomware application.In a post Tuesday on Pastebin, Mischa's developers claimed that earlier this year they got access to big parts of the development system used by Chimera's creators.As a result of that hack, they obtained the source code for Chimera and integrated some of it into their own ransomware project, according to the Pastebin message.To read this article in full or to leave a comment, please click here

Cyberespionage group Patchwork sets its sights on multiple industries

A cyberespionage group known for targeting diplomatic and government institutions has branched out into many other industries, including aviation, broadcasting, and finance, researchers warn.Known as Patchwork, or Dropping Elephant, the group stands out not only through its use of simple scripts and ready-made attack tools, but also through its interest in Chinese foreign relations.The group's activities were documented earlier this month by researchers from Kaspersky Lab, who noted in their analysis that China's foreign relations efforts appear to represent the main interest of the attackers.To read this article in full or to leave a comment, please click here

Cyberespionage group Patchwork sets its sights on multiple industries

A cyberespionage group known for targeting diplomatic and government institutions has branched out into many other industries, including aviation, broadcasting, and finance, researchers warn.Known as Patchwork, or Dropping Elephant, the group stands out not only through its use of simple scripts and ready-made attack tools, but also through its interest in Chinese foreign relations.The group's activities were documented earlier this month by researchers from Kaspersky Lab, who noted in their analysis that China's foreign relations efforts appear to represent the main interest of the attackers.To read this article in full or to leave a comment, please click here

Devices with Qualcomm modems safe from critical ASN.1 telecom flaw

Despite initial concerns, smartphones equipped with Qualcomm modems are not vulnerable to a recently announced vulnerability that could potentially allow attackers to take over cellular network gear and consumer mobile devices. The vulnerability was discovered in ASN1C, a popular compiler that produces C code for parsing ASN.1 encoded data. Abstract Syntax Notation One (ASN.1) is a standard for representing, encoding, transmitting, and decoding data in telecommunications and computer networking. Many devices, from mobile phones to switching equipment inside cellular infrastructure parse ASN.1 data and do so using programs that were created by compilers such as ASN1C, which is developed by U.S.-based Objective Systems.To read this article in full or to leave a comment, please click here

Devices with Qualcomm modems safe from critical ASN.1 telecom flaw

Despite initial concerns, smartphones equipped with Qualcomm modems are not vulnerable to a recently announced vulnerability that could potentially allow attackers to take over cellular network gear and consumer mobile devices. The vulnerability was discovered in ASN1C, a popular compiler that produces C code for parsing ASN.1 encoded data. Abstract Syntax Notation One (ASN.1) is a standard for representing, encoding, transmitting, and decoding data in telecommunications and computer networking. Many devices, from mobile phones to switching equipment inside cellular infrastructure parse ASN.1 data and do so using programs that were created by compilers such as ASN1C, which is developed by U.S.-based Objective Systems.To read this article in full or to leave a comment, please click here

Researchers release free decryption tools for PowerWare and Bart ransomware

Security researchers have released tools this week that could help users recover files encrypted by two relatively new ransomware threats: Bart and PowerWare.PowerWare, also known as PoshCoder, was first spotted in March, when it was used in attacks against healthcare organizations. It stood out because it was implemented in Windows PowerShell, a scripting environment designed for automating system and application administration tasks.Researchers from security firm Palo Alto Networks have recently found a new version of this threat that imitates a sophisticated and widespread ransomware program called Locky. It uses the extension .locky for encrypted files and also displays the same ransom note used by the real Locky ransomware.To read this article in full or to leave a comment, please click here

Researchers release free decryption tools for PowerWare and Bart ransomware

Security researchers have released tools this week that could help users recover files encrypted by two relatively new ransomware threats: Bart and PowerWare.PowerWare, also known as PoshCoder, was first spotted in March, when it was used in attacks against healthcare organizations. It stood out because it was implemented in Windows PowerShell, a scripting environment designed for automating system and application administration tasks.Researchers from security firm Palo Alto Networks have recently found a new version of this threat that imitates a sophisticated and widespread ransomware program called Locky. It uses the extension .locky for encrypted files and also displays the same ransom note used by the real Locky ransomware.To read this article in full or to leave a comment, please click here

Dell patches critical flaws in SonicWALL Global Management System

Dell has patched several critical flaws in its central management system for SonicWALL enterprise security appliances, such as firewalls and VPN gateways.If left unfixed, the vulnerabilities allow remote, unauthenticated attackers to gain full control of SonicWALL Global Management System (GMS) deployments and the devices managed through those systems.The SonicWALL GMS virtual appliance software has six vulnerabilities, four of which are rated critical, according to researchers from security firm Digital Defense.First, unauthenticated attackers could inject arbitrary commands through the system's web interface that would be executed with root privileges. This is possible through two vulnerable methods: set_time_config and set_dns.To read this article in full or to leave a comment, please click here

Dell patches critical flaws in SonicWALL Global Management System

Dell has patched several critical flaws in its central management system for SonicWALL enterprise security appliances, such as firewalls and VPN gateways.If left unfixed, the vulnerabilities allow remote, unauthenticated attackers to gain full control of SonicWALL Global Management System (GMS) deployments and the devices managed through those systems.The SonicWALL GMS virtual appliance software has six vulnerabilities, four of which are rated critical, according to researchers from security firm Digital Defense.First, unauthenticated attackers could inject arbitrary commands through the system's web interface that would be executed with root privileges. This is possible through two vulnerable methods: set_time_config and set_dns.To read this article in full or to leave a comment, please click here

Dell patches critical flaws in SonicWALL Global Management System

Dell has patched several critical flaws in its central management system for SonicWALL enterprise security appliances, such as firewalls and VPN gateways.If left unfixed, the vulnerabilities allow remote, unauthenticated attackers to gain full control of SonicWALL Global Management System (GMS) deployments and the devices managed through those systems.The SonicWALL GMS virtual appliance software has six vulnerabilities, four of which are rated critical, according to researchers from security firm Digital Defense.First, unauthenticated attackers could inject arbitrary commands through the system's web interface that would be executed with root privileges. This is possible through two vulnerable methods: set_time_config and set_dns.To read this article in full or to leave a comment, please click here

Flaws in Oracle file processing SDKs affect major third-party products

Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle Tuesday affect products from third-party software vendors, including Microsoft.The vulnerabilities were found by researchers from Cisco's Talos team and are located in the Oracle Outside In Technology (OIT), a collection of software development kits (SDKs) that can be used to extract, normalize, scrub, convert and view some 600 unstructured file formats.These SDKs, which are part of the Oracle Fusion Middleware, are licensed to other software developers who then use them in their own products. Such products include Microsoft Exchange, Novell Groupwise, IBM WebSphere Portal, Google Search Appliance, Avira AntiVir for Exchange, Raytheon SureView, Guidance Encase and Veritas Enterprise Vault.To read this article in full or to leave a comment, please click here

Flaws in Oracle file processing SDKs affect major third-party products

Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle Tuesday affect products from third-party software vendors, including Microsoft.The vulnerabilities were found by researchers from Cisco's Talos team and are located in the Oracle Outside In Technology (OIT), a collection of software development kits (SDKs) that can be used to extract, normalize, scrub, convert and view some 600 unstructured file formats.These SDKs, which are part of the Oracle Fusion Middleware, are licensed to other software developers who then use them in their own products. Such products include Microsoft Exchange, Novell Groupwise, IBM WebSphere Portal, Google Search Appliance, Avira AntiVir for Exchange, Raytheon SureView, Guidance Encase and Veritas Enterprise Vault.To read this article in full or to leave a comment, please click here

Oracle issues largest patch bundle ever, fixing 276 security flaws

Oracle has released a new quarterly batch of security updates for more than 80 products from its software portfolio, fixing 276 vulnerabilities.This is the largest Oracle Critical Patch Update (CPU) to date. The average number of flaws fixed per Oracle update last year was 161, according to security vendor Qualys. Furthermore, out of the 276 security flaws fixed in this update, 159 can be exploited remotely without authentication.At the top of the priority list should be the Java patches, which address 13 new vulnerabilities. That's because Java is used in a lot of applications and is installed on a large number of systems."Customers really do need to apply these Java CPU patches as soon as possible,"  said John Matthew Holt, the CTO of application security firm Waratek, via email. Among the patches that require urgent attention are those for the HotSpot Java virtual machine for desktops and servers, which received high CVSS (Common Vulnerabilities Scoring System) scores, Holt noted.To read this article in full or to leave a comment, please click here

Oracle issues largest patch bundle ever, fixing 276 security flaws

Oracle has released a new quarterly batch of security updates for more than 80 products from its software portfolio, fixing 276 vulnerabilities.This is the largest Oracle Critical Patch Update (CPU) to date. The average number of flaws fixed per Oracle update last year was 161, according to security vendor Qualys. Furthermore, out of the 276 security flaws fixed in this update, 159 can be exploited remotely without authentication.At the top of the priority list should be the Java patches, which address 13 new vulnerabilities. That's because Java is used in a lot of applications and is installed on a large number of systems."Customers really do need to apply these Java CPU patches as soon as possible,"  said John Matthew Holt, the CTO of application security firm Waratek, via email. Among the patches that require urgent attention are those for the HotSpot Java virtual machine for desktops and servers, which received high CVSS (Common Vulnerabilities Scoring System) scores, Holt noted.To read this article in full or to leave a comment, please click here

Security software that uses ‘code hooking’ opens the door to hackers

Some of the intrusive techniques used by security, performance, virtualization and other types of programs to monitor third-party processes have introduced vulnerabilities that hackers can exploit. Researchers from data exfiltration prevention company enSilo found six common security issues affecting over 15 products when they studied how software vendors use 'hooking' to inject code into a process in order to intercept, monitor or modify the potentially sensitive system API (application programming interface) calls made by that process. Most of the flaws enSilo found allow attackers to easily bypass the anti-exploit mitigations available in Windows or third-party applications, allowing attackers to exploit vulnerabilities that they couldn't otherwise or whose exploitation would have been difficult. Other flaws allow attackers to remain undetected on victims' computers or to inject malicious code into any process running on them, the enSilo researchers said in a report sent via email that's scheduled to be published Tuesday.To read this article in full or to leave a comment, please click here

Security software that uses ‘code hooking’ opens the door to hackers

Some of the intrusive techniques used by security, performance, virtualization and other types of programs to monitor third-party processes have introduced vulnerabilities that hackers can exploit. Researchers from data exfiltration prevention company enSilo found six common security issues affecting over 15 products when they studied how software vendors use 'hooking' to inject code into a process in order to intercept, monitor or modify the potentially sensitive system API (application programming interface) calls made by that process. Most of the flaws enSilo found allow attackers to easily bypass the anti-exploit mitigations available in Windows or third-party applications, allowing attackers to exploit vulnerabilities that they couldn't otherwise or whose exploitation would have been difficult. Other flaws allow attackers to remain undetected on victims' computers or to inject malicious code into any process running on them, the enSilo researchers said in a report sent via email that's scheduled to be published Tuesday.To read this article in full or to leave a comment, please click here

Attackers launch multi-vector DDoS attacks that use DNSSEC amplification

DDoS attacks are becoming increasingly sophisticated, combining multiple attack techniques that require different mitigation strategies, and abusing new protocols.Incident responders from Akamai recently helped mitigate a DDoS attack against an unnamed European media organization that peaked at 363G bps (bits per second) and 57 million packets per second.While the size itself was impressive and way above what a single organization could fight off on its own, the attack also stood out because it combined six different techniques, or vectors: DNS reflection, SYN flood, UDP fragment, PUSH flood, TCP flood, and UDP flood.Almost 60 percent of all DDoS attacks observed during the first quarter of this year were multi-vector attacks, Akamai said in a report released last month. The majority of them used two vectors, and only 2 percent used five or more techniques.To read this article in full or to leave a comment, please click here

Attackers launch multi-vector DDoS attacks that use DNSSEC amplification

DDoS attacks are becoming increasingly sophisticated, combining multiple attack techniques that require different mitigation strategies, and abusing new protocols.Incident responders from Akamai recently helped mitigate a DDoS attack against an unnamed European media organization that peaked at 363G bps (bits per second) and 57 million packets per second.While the size itself was impressive and way above what a single organization could fight off on its own, the attack also stood out because it combined six different techniques, or vectors: DNS reflection, SYN flood, UDP fragment, PUSH flood, TCP flood, and UDP flood.Almost 60 percent of all DDoS attacks observed during the first quarter of this year were multi-vector attacks, Akamai said in a report released last month. The majority of them used two vectors, and only 2 percent used five or more techniques.To read this article in full or to leave a comment, please click here

Attackers launch multi-vector DDoS attacks that use DNSSEC amplification

DDoS attacks are becoming increasingly sophisticated, combining multiple attack techniques that require different mitigation strategies, and abusing new protocols.Incident responders from Akamai recently helped mitigate a DDoS attack against an unnamed European media organization that peaked at 363G bps (bits per second) and 57 million packets per second.While the size itself was impressive and way above what a single organization could fight off on its own, the attack also stood out because it combined six different techniques, or vectors: DNS reflection, SYN flood, UDP fragment, PUSH flood, TCP flood, and UDP flood.Almost 60 percent of all DDoS attacks observed during the first quarter of this year were multi-vector attacks, Akamai said in a report released last month. The majority of them used two vectors, and only 2 percent used five or more techniques.To read this article in full or to leave a comment, please click here

1 24 25 26 27 28 58