Magento Marketplace Vulnerability Lead To Security Breach

2019-12-02T16:33:12+01:00

The popular platform Magento Marketplace has now emerged as the latest victim of a cyber attack. As revealed recently, Magento Marketplace has a serious vulnerability that resulted in a security breach. Magento Marketplace Suffered Breach Reportedly, Magento Marketplace, the popular e-commerce platform, has suffered a security breach. The incident has affected numerous users of this [...]

Magento Marketplace Vulnerability Lead To Security Breach2019-12-02T16:33:12+01:00

TrickBot Evolves to Go After SSH Keys

2019-11-27T08:34:39+01:00

The info-stealing malware has updated its password-grabbing module. The TrickBot info-stealing malware has updated its password grabber to target data from OpenSSH and OpenVPN applications. OpenSSH is a connectivity tool for remote login with the SSH protocol; it encrypts all traffic to eliminate eavesdropping. OpenVPN meanwhile is used for secure private networking. TrickBot takes aim [...]

TrickBot Evolves to Go After SSH Keys2019-11-27T08:34:39+01:00

Critical Flaws in VNC Threaten Industrial Environments

2019-11-25T10:46:08+01:00

Some of the bugs allow remote code-execution. The open-source Virtual Network Computing (VNC) project, often found in industrial environments, is plagued with 37 different memory-corruption vulnerabilities – many of which are critical in severity and some of which could result in remote code execution (RCE). According to researchers at Kaspersky, they potentially affect 600,000 web-accessible [...]

Critical Flaws in VNC Threaten Industrial Environments2019-11-25T10:46:08+01:00

Mon Dieu – Ransomware affects 6000 PCs in French hospital

2019-11-22T10:01:25+01:00

A French hospital has suffered a ransomware attack that reportedly caused the lockdown of 6,000 computers. Rouen's Centre Hospitalier Universitaire (CHU) reverted to pen and paper instead of computerised record-keeping during last week's attack, according to Le Monde. The attack, which took place on Friday November 15 at around 1900 local time, according to a hospital statement (en Francais) [...]

Mon Dieu – Ransomware affects 6000 PCs in French hospital2019-11-22T10:01:25+01:00

Ransomware “NextCry” greift Nextcloud-Server an

2019-11-20T11:04:07+01:00

Eine Linux-Malware attackiert Nextcloud-Server, um Dateien zu verschlüsseln und Lösegeld zu fordern. Einfallstor ist möglicherweise eine NGINX/PHP-FPM-Lücke. Derzeit soll es ein Linux-spezifischer Verschlüsselungstrojaner auf Nextcloud-Server abgesehen haben. , "NextCry" verschlüsselt Dateien im Cloudspeicher mit der Blockchiffre AES (Schlüssellänge 265 Bit) und erzeugt anschließend eine Lösegeldforderung, berichtet die IT-News-Webseite Bleeping Computer. Die Forderung liegt bei 0,025 Bitcoin, [...]

Ransomware “NextCry” greift Nextcloud-Server an2019-11-20T11:04:07+01:00

Innovative PureLocker Ransomware Emerges in Targeted Attacks

2019-11-15T08:00:46+01:00

PureLocker is an example of the sustained and continuing efforts ransomware threat actors are putting into malware development. The PureLocker ransomware – so-called because it’s written in the PureBasic programming language – has been spotted being used in targeted attacks against both Windows and Linux-based production servers at enterprises. Researchers said it shows unusual characteristics [...]

Innovative PureLocker Ransomware Emerges in Targeted Attacks2019-11-15T08:00:46+01:00

DDoS Attacks Target Amazon, SoftLayer and Telecom Infrastructure

2019-11-12T16:44:40+01:00

The specific type of TCP attack used in the recent spate of DDoS efforts were TCP SYN-ACK reflection attacks. The last 30 days has seen a renewed increase in distributed denial-of-service (DDoS) activity, according to researchers, who said that they have observed a number of criminal campaigns mounting TCP reflection DDoS attacks against corporations. Researchers [...]

DDoS Attacks Target Amazon, SoftLayer and Telecom Infrastructure2019-11-12T16:44:40+01:00

Amazon Kindle, Embedded Devices Open to Code-Execution

2019-11-08T11:26:20+01:00

Flaws in Das U-Boot affect third-party hardware that uses the universal bootloader as an underlying component. Multiple vulnerabilities have been found in Das U-Boot, a universal bootloader commonly used in embedded devices like Amazon Kindles, ARM Chromebooks and networking hardware. The bugs could allow attackers to gain full control of an impacted device’s CPU and [...]

Amazon Kindle, Embedded Devices Open to Code-Execution2019-11-08T11:26:20+01:00

DarkUniverse APT Emerges to Deliver Sophisticated, Targeted Spy Attacks

2019-11-07T08:43:23+01:00

The group was exposed after a ShadowBrokers leak. A sophisticated espionage APT that was active for at least eight years before receding into the shadows has been uncovered — and researchers said that it may still be active. In April 2017, ShadowBrokers published one of their many leaks of cyberweapons used by the National Security Agency (NSA) [...]

DarkUniverse APT Emerges to Deliver Sophisticated, Targeted Spy Attacks2019-11-07T08:43:23+01:00

PDFex: Sicherheitsforscher entlocken verschlüsselten PDFs Klartext

2019-09-30T20:58:55+02:00

Angreifer könnten über mehrere Wege an verschlüsselte Inhalte in PDF-Dokumenten kommen. Viele PDF-Anwendungen sind für mindestens eine Attacke anfällig. Deutsche Sicherheitsforscher haben herausgefunden, dass verschlüsselte PDF-Dokumente anfällig für Exfiltration-Attacken sind. Darüber könnten Angreifer Elemente im Klartext einsehen. Das Problem liegt im PDF-Standard. Dementsprechend sind chiffrierte PDF-Dokumente betroffen, die mit weitverbreiteten PDF-Anwendungen von beispielsweise Adobe und [...]

PDFex: Sicherheitsforscher entlocken verschlüsselten PDFs Klartext2019-09-30T20:58:55+02:00