Lucian Constantin

Author Archives: Lucian Constantin

New DMA Locker ransomware is ramping up for widespread attacks

The TeslaCrypt creators called it quits recently, but unfortunately for users, there's a new ransomware program that's ready to take its place.Called DMA Locker, this threat first appeared in January, but its encryption implementation was so flawed that it was hard to take it seriously. Researchers had no problem developing a file recovery tool for the first two versions.However, its authors have recently fixed all issues and malware researchers believe that with the newly released version 4, DMA Locker has reached maturity and might be the next thing to hit users in widespread attacks.To read this article in full or to leave a comment, please click here

New DMA Locker ransomware is ramping up for widespread attacks

The TeslaCrypt creators called it quits recently, but unfortunately for users, there's a new ransomware program that's ready to take its place.Called DMA Locker, this threat first appeared in January, but its encryption implementation was so flawed that it was hard to take it seriously. Researchers had no problem developing a file recovery tool for the first two versions.However, its authors have recently fixed all issues and malware researchers believe that with the newly released version 4, DMA Locker has reached maturity and might be the next thing to hit users in widespread attacks.To read this article in full or to leave a comment, please click here

A recently patched Flash Player exploit is being used in widespread attacks

It took hackers less than two weeks to integrate a recently patched Flash Player exploit into widely used Web-based attack tools that are being used to infect computers with malware.The vulnerability, known as CVE-2016-4117, was discovered earlier this month by security researchers FireEye. It was exploited in targeted attacks through malicious Flash content embedded in Microsoft Office documents.When the targeted exploit was discovered, the vulnerability was unpatched, which prompted a security alert from Adobe Systems and a patch two days later.To read this article in full or to leave a comment, please click here

A recently patched Flash Player exploit is being used in widespread attacks

It took hackers less than two weeks to integrate a recently patched Flash Player exploit into widely used Web-based attack tools that are being used to infect computers with malware.The vulnerability, known as CVE-2016-4117, was discovered earlier this month by security researchers FireEye. It was exploited in targeted attacks through malicious Flash content embedded in Microsoft Office documents.When the targeted exploit was discovered, the vulnerability was unpatched, which prompted a security alert from Adobe Systems and a patch two days later.To read this article in full or to leave a comment, please click here

Worm infects unpatched Ubiquiti wireless devices

Routers and other wireless devices made by Ubiquiti Networks have recently been infected by a worm that exploits a year-old remote unauthorized access vulnerability.The attack highlights one of the major issues with router security: the fact that the vast majority of them do not have an auto update mechanism and that their owners hardly ever update them manually.The worm creates a backdoor administrator account on vulnerable devices and then uses them to scan for and infect other devices on the same and other networks."This is an HTTP/HTTPS exploit that doesn't require authentication," Ubiquiti said in an advisory. "Simply having a radio on outdated firmware and having its http/https interface exposed to the Internet is enough to get infected."To read this article in full or to leave a comment, please click here

Worm infects unpatched Ubiquiti wireless devices

Routers and other wireless devices made by Ubiquiti Networks have recently been infected by a worm that exploits a year-old remote unauthorized access vulnerability.The attack highlights one of the major issues with router security: the fact that the vast majority of them do not have an auto update mechanism and that their owners hardly ever update them manually.The worm creates a backdoor administrator account on vulnerable devices and then uses them to scan for and infect other devices on the same and other networks."This is an HTTP/HTTPS exploit that doesn't require authentication," Ubiquiti said in an advisory. "Simply having a radio on outdated firmware and having its http/https interface exposed to the Internet is enough to get infected."To read this article in full or to leave a comment, please click here

Worm infects unpatched Ubiquiti wireless devices

Routers and other wireless devices made by Ubiquiti Networks have recently been infected by a worm that exploits a year-old remote unauthorized access vulnerability.The attack highlights one of the major issues with router security: the fact that the vast majority of them do not have an auto update mechanism and that their owners hardly ever update them manually.The worm creates a backdoor administrator account on vulnerable devices and then uses them to scan for and infect other devices on the same and other networks."This is an HTTP/HTTPS exploit that doesn't require authentication," Ubiquiti said in an advisory. "Simply having a radio on outdated firmware and having its http/https interface exposed to the Internet is enough to get infected."To read this article in full or to leave a comment, please click here

Cisco patches high severity flaws in its Web Security Appliance

Cisco Systems has fixed four denial-of-service vulnerabilities that attackers could exploit to cause Web Security Appliance devices to stop processing traffic correctly.The Cisco Web Security Appliance (WSA) is a line of security devices that inspect Web traffic going in and out of an organization in order to detect malware, prevent data leaks, and enforce Internet access policies for users and applications. The devices run an operating system called Cisco AsyncOS.One of the four DoS vulnerabilities fixed Wednesday by Cisco stems from how the OS handles a specific HTTP response code. An attacker could send a specifically crafted HTTP request in order to consume the entire memory of an affected device.To read this article in full or to leave a comment, please click here

Cisco patches high severity flaws in its Web Security Appliance

Cisco Systems has fixed four denial-of-service vulnerabilities that attackers could exploit to cause Web Security Appliance devices to stop processing traffic correctly.The Cisco Web Security Appliance (WSA) is a line of security devices that inspect Web traffic going in and out of an organization in order to detect malware, prevent data leaks, and enforce Internet access policies for users and applications. The devices run an operating system called Cisco AsyncOS.One of the four DoS vulnerabilities fixed Wednesday by Cisco stems from how the OS handles a specific HTTP response code. An attacker could send a specifically crafted HTTP request in order to consume the entire memory of an affected device.To read this article in full or to leave a comment, please click here

Cisco patches high severity flaws in its Web Security Appliance

Cisco Systems has fixed four denial-of-service vulnerabilities that attackers could exploit to cause Web Security Appliance devices to stop processing traffic correctly.The Cisco Web Security Appliance (WSA) is a line of security devices that inspect Web traffic going in and out of an organization in order to detect malware, prevent data leaks, and enforce Internet access policies for users and applications. The devices run an operating system called Cisco AsyncOS.One of the four DoS vulnerabilities fixed Wednesday by Cisco stems from how the OS handles a specific HTTP response code. An attacker could send a specifically crafted HTTP request in order to consume the entire memory of an affected device.To read this article in full or to leave a comment, please click here

TeslaCrypt victims can now decrypt their files for free

Victims of the widespread TeslaCrypt ransomware are in luck: Security researchers have created a tool that can decrypt files affected by recent versions of the malicious program.Surprisingly, the TeslaCrypt creators themselves helped the researchers.TeslaCrypt first appeared in early 2015 and stood out by targeting game-related user content, such as save files and custom maps, in addition to personal documents and pictures -- 185 different file extensions in total.The program had some moderate success in the beginning, earning its creators $76,522 in less than two months. However, in April 2015, researchers from Cisco Systems discovered a flaw in the ransomware program that allowed them to create a decryption tool for some of its variants.To read this article in full or to leave a comment, please click here

TeslaCrypt victims can now decrypt their files for free

Victims of the widespread TeslaCrypt ransomware are in luck: Security researchers have created a tool that can decrypt files affected by recent versions of the malicious program.Surprisingly, the TeslaCrypt creators themselves helped the researchers.TeslaCrypt first appeared in early 2015 and stood out by targeting game-related user content, such as save files and custom maps, in addition to personal documents and pictures -- 185 different file extensions in total.The program had some moderate success in the beginning, earning its creators $76,522 in less than two months. However, in April 2015, researchers from Cisco Systems discovered a flaw in the ransomware program that allowed them to create a decryption tool for some of its variants.To read this article in full or to leave a comment, please click here

A hacker is selling 167 million LinkedIn user records

A hacker is trying to sell a database dump containing account records for 167 million LinkedIn users.The announcement was posted on a dark market website called TheRealDeal by a user who wants 5 bitcoins, or around $2,200, for the data set that supposedly contains user IDs, email addresses and SHA1 password hashes for 167,370,940 users.According to the sale ad, the dump does not cover LinkedIn's complete database. Indeed, LinkedIn claims on its website to have over 433 million registered members.Troy Hunt, the creator of Have I been pwned?, a website that lets users check if they were affected by known data breaches, thinks that it's highly likely for the leak to be legitimate. He had access to around 1 million records from the data set.To read this article in full or to leave a comment, please click here

A hacker is selling 167 million LinkedIn user records

A hacker is trying to sell a database dump containing account records for 167 million LinkedIn users.The announcement was posted on a dark market website called TheRealDeal by a user who wants 5 bitcoins, or around $2,200, for the data set that supposedly contains user IDs, email addresses and SHA1 password hashes for 167,370,940 users.According to the sale ad, the dump does not cover LinkedIn's complete database. Indeed, LinkedIn claims on its website to have over 433 million registered members.Troy Hunt, the creator of Have I been pwned?, a website that lets users check if they were affected by known data breaches, thinks that it's highly likely for the leak to be legitimate. He had access to around 1 million records from the data set.To read this article in full or to leave a comment, please click here

Stealthy malware Skimer helps hackers easily steal cash from ATMs

Security researchers have found a new version of a malware program called Skimer that's designed to infect Windows-based ATMs and can be used to steal money and payment card details.Skimer was initially discovered seven years ago, but it is still actively used by cybercriminals and has evolved over time. The latest modification, found by researchers from Kaspersky Lab at the beginning of May, uses new techniques to evade detection.Upon installation, the malware checks if the file system is FAT32 or NTFS. If it's FAT32 it drops a malicious executable file in the C:WindowsSystem32 directory, but if it's NTFS, it will write the file in the NTFS data stream corresponding to Microsoft's Extension for Financial Services (XFS) service.To read this article in full or to leave a comment, please click here

Stealthy malware Skimer helps hackers easily steal cash from ATMs

Security researchers have found a new version of a malware program called Skimer that's designed to infect Windows-based ATMs and can be used to steal money and payment card details.Skimer was initially discovered seven years ago, but it is still actively used by cybercriminals and has evolved over time. The latest modification, found by researchers from Kaspersky Lab at the beginning of May, uses new techniques to evade detection.Upon installation, the malware checks if the file system is FAT32 or NTFS. If it's FAT32 it drops a malicious executable file in the C:WindowsSystem32 directory, but if it's NTFS, it will write the file in the NTFS data stream corresponding to Microsoft's Extension for Financial Services (XFS) service.To read this article in full or to leave a comment, please click here

A critical flaw in Symantec antivirus engine puts computers at risk of easy hacking

The antivirus engine used in multiple Symantec products has an easy-to-exploit vulnerability that could allow hackers to easily compromise computers. The flaw was fixed by Symantec in Anti-Virus Engine (AVE) version 20151.1.1.4,  released Monday via LiveUpdate. The flaw consists of a buffer overflow condition that could be triggered when parsing executable files with malformed headers. According to Google security engineer Tavis Ormandy, who found the flaw, the vulnerability can be exploited remotely to execute malicious code on computers. All it takes is for the attacker to send an email with the exploit file as attachment or to convince the user to visit a malicious link.To read this article in full or to leave a comment, please click here

A critical flaw in Symantec antivirus engine puts computers at risk of easy hacking

The antivirus engine used in multiple Symantec products has an easy-to-exploit vulnerability that could allow hackers to easily compromise computers. The flaw was fixed by Symantec in Anti-Virus Engine (AVE) version 20151.1.1.4,  released Monday via LiveUpdate. The flaw consists of a buffer overflow condition that could be triggered when parsing executable files with malformed headers. According to Google security engineer Tavis Ormandy, who found the flaw, the vulnerability can be exploited remotely to execute malicious code on computers. All it takes is for the attacker to send an email with the exploit file as attachment or to convince the user to visit a malicious link.To read this article in full or to leave a comment, please click here

An HTTPS hijacking click-fraud botnet infects almost 1 million computers

Over the past two years, a group of cybercriminals has infected almost 1 million computers with malware that hijacks search results, even when they're served over encrypted HTTPS connections.The click-fraud botnet earns its creators money through Google's AdSense for Search program, according to researchers from security firm Bitdefender. The affiliate program, intended for website owners, allows them to place a Google-powered custom search engine on their websites to generate revenue when users click on ads displayed in the search results.Instead of doing that, this botnet's operators intercept Google, Bing, and Yahoo searches performed by users on their own computers and replace the legitimate results with those generated by their custom search engine. They do this using a malware program that Bitdefender products detect as Redirector.Paco.To read this article in full or to leave a comment, please click here

An HTTPS hijacking click-fraud botnet infects almost 1 million computers

Over the past two years, a group of cybercriminals has infected almost 1 million computers with malware that hijacks search results, even when they're served over encrypted HTTPS connections.The click-fraud botnet earns its creators money through Google's AdSense for Search program, according to researchers from security firm Bitdefender. The affiliate program, intended for website owners, allows them to place a Google-powered custom search engine on their websites to generate revenue when users click on ads displayed in the search results.Instead of doing that, this botnet's operators intercept Google, Bing, and Yahoo searches performed by users on their own computers and replace the legitimate results with those generated by their custom search engine. They do this using a malware program that Bitdefender products detect as Redirector.Paco.To read this article in full or to leave a comment, please click here

1 31 32 33 34 35 58