Microsoft shared threat data collected on PonyFinal, a Java-based ransomware deployed in human-operated ransomware campaigns. In these types of attacks, adversaries do their homework and choose a strategy and payload based on the target organization’s environment. Human-operated ransomware is not new, but it has been growing popular as attackers try to maximize ransom from individual victims.
A team of Chinese academics has found a new way to abuse HTTP packets to amplify web traffic and bring down websites and content delivery networks (CDNs). Named RangeAmp, this new Denial-of-Service (DoS) technique exploits incorrect implementations of the HTTP “Range Requests” attribute.
Apple recently paid Indian vulnerability researcher Bhavuk Jain a huge $100,000 bug bounty for reporting a highly critical vulnerability affecting its ‘Sign in with Apple’ system. The now-patched vulnerability could have allowed remote attackers to bypass authentication and take over targeted users’
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government have published the top 10 most exploited vulnerabilities from 2016 to 2019 with recommendations for mitigation.
Israeli researches reveal NXNSAttack, a vulnerability in DNS servers that can be abused to launch DDoS attacks of massive proportions. They say that an attacker using NXNSAttack can amplify a simple DNS query from 2 to 1,620 times its initial size, creating a massive spike in traffic that can crash a victim’s DNS server.
Cisco Talos researchers said about a new malware, dubbed WolfRAT, that is a new variant of DenDroid, a mobile Remote Access Trojan (RAT) which targets Thai users of Whatsapp, Facebook Messenger, and Line messaging apps on the Android mobile platform. WolfRAT begins its infection chain through fake update lures abusing legitimate services including Flash and Google Play.
Security researchers from three universities in Europe have found multiple weaknesses in the ubiquitous Bluetooth protocol that could allow attackers to impersonate a paired device and establish a secure connection with a victim. Bluetooth chips from Apple, Intel, Qualcomm, Cypress, Broadcomm, and others are all vulnerable to the attacks.
The threat actors behind the Shade ransomware have called it quits, releasing 750,000 encryption keys on GitHub and publicly apologizing to victims affected by the malware. User “shade-team” posted four files on the code repository, one containing the file keys and four “ReadMe” files with decryption instructions and other information.
Google Project Zero security researchers have discovered multiple vulnerabilities in ImageIO, the image parsing API used by Apple’s iOS and macOS operating systems. 14 vulnerabilities were identified, 5 of which affected Apple’s ImageIO framework, and 9 impacting the OpenEXR library, a high dynamic range (HDR) image file format created for computer imaging applications.
Intel addressed nine security vulnerabilities with the April 2020 Platform Update, all of them being high and medium severity security flaws impacting multiple software products, firmware, and platforms.
Сybersecurity experts at ReversingLabs revealed over 700 malicious gems — packages written in Ruby programming language — that supply chain attackers were caught recently distributing through the RubyGems repository. The malicious campaign leveraged the typosquatting technique where attackers uploaded intentionally misspelled legitimate packages in hopes that unwitting developers will mistype the name and unintentionally install the malicious library instead.
A proof-of-concept remote code execution (RCE) exploit for the Windows 10 CVE-2020-0796 ‘wormable’ pre-auth remote code execution vulnerability was developed and demoed today by researchers at Ricerca Security. The security vulnerability, also known as SMBGhost, was found in the Microsoft Server Message Block 3.1.1 (SMBv3) network communication protocol and it only impacts systems running Windows 10, version 1903 and 1909, as well as Server Core installations of Windows Server, versions 1903 and 1909.