Over the weekend, Emsisoft security researcher xXToffeeXx discovered a new ransomware called Reyptson that is targeting Spanish victims. Since then, we have seen increased activity in the ransomware’s development. Today security researcher MalwareHunterTeam took a deeper look and noticed that Reyptson conducts its own spam distribution campaign directly from a victim’s configured Thunderbird email account.
This week we are going to take a look at Eternal Synergy, an SMBv1 authenticated exploit. This one is particularly interesting because many of the exploitation steps are purely packet-based, as opposed to local shellcode execution. Like the other SMB vulnerabilities, this one was also addressed in MS17-010 as CVE-2017-0143. The exploit works up to Windows 8, but does not work as written against any...
Read More
Data breaches aren’t slowing down. If anything, they’re set to break last year’s record pace. As noted by 24/7 Wall Street, the 758 breaches reported this year mark nearly a 30 percent increase from 2016. If cybercriminals keep it up, the total number of attacks could break 1,500 by the end of 2017. Recent research by the Ponemon Institute found that companies have a 1-in-4...
Read More
Bangladesh Computer Council (BCC) is taking necessary measures to improve Bangladesh’s capability to manage the risks related to digital revolution and deal with fast growing cybercrime. Bangladesh e-Government Computer Incident Response Team (BGD e-GOV CIRT) was established at BCC under the project “Leveraging ICT for Growth, Employment and Governance Project (LICT)”. What is BGD e-GOV CIRT? The Computer Incident Response Team (CIRT) investigates and resolves...
Read More
Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Below versions are affected: PHP 5.6 prior to 5.6.31 PHP 7.0 prior to 7.0.21...
Read More
On July 7, French domain registrar Gandi lost control over 751 customer domains, which had their DNS records altered to point incoming traffic to websites hosting exploits kits. The domain hijacking was active for only a few hours, between 12:50 UTC and 13:30 UTC, albeit the DNS records of some domains propagated slower and they still redirected user traffic up until 18:02 UTC.
Today I faced quite an unusual SMS phishing campaign here in Brazil. A friend of mine received an SMS message supposedly sent from his bank asking him to update his registration data through the given URL. Otherwise, he could have his account blocked. My friend doesn’t have any account on the informed bank and, even so, we know that those kinds of message are hardly...
Read More
The information-stealing RETADUP worm that affected Israeli hospitals is actually just part of an attack that turned out to be bigger than we first thought—at least in terms of impact. It was accompanied by an even more dangerous threat: an Android malware that can take over the device. There are three versions of GhostCtrl. The first stole information and controlled some of the device’s functionalities...
Read More
Description: A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box. Impact: Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed. Microsoft Skype...
Read More
Description: Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225. Impact: A guest may cause a hypervisor crash, resulting in a Denial of Service (DoS). Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://xenbits.xen.org/xsa/advisory-225.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10923
