Cybersecurity researchers have released an updated version of GandCrab ransomware decryption tool that could allow millions of affected users to unlock their encrypted files for free without paying a ransom to the cybercriminals. GandCrab is one of the most prolific families of ransomware to date that has infected over 1.5 million computers since it first emerged in January 2018. Created by BitDefender, the new GandCrab decryption...
Read More
সময়ের সাথে বাংলাদেশের আর্থিক খাতে সাইবার প্রতারণা ক্রমেই বেড়ে চলেছে। এই প্রতারণা ঠেকানোর জন্য আমরা নতুন নতুন ব্যবস্থা নেয়ার কথা শুনি, কিন্তু কার্যত কিছু হচ্ছে না। আমরা আর্থিক খাতের সাইবার প্রতারণা কেন কোনো মতেই ঠেকাতে পারছি না? কয়েক বছর আগে বাংলাদেশ ব্যাংকের আট কোটি টাকারও বেশি রিজার্ভ চুরি হওয়ার পর আমরা সত্যি সত্যিই উপলব্ধি করলাম, আমাদের আর্থিক প্রতিষ্ঠানগুলো সাইবার অপরাধ সিন্ডিকেটগুলোর কাছে যেন নস্যি। এই...
Read More
Tyupkin ATM Malware: Take The Money Now Or Never! A Sandbox is a dynamic file analysis system that allows a researcher to analyze the behavior of potentially malicious code in a virtualized environment without damaging a real host system. In some cases, a sandbox has to analyze an attack without seeing the full chain (for example when it analyzes a dropped file without the corresponding...
Read More
even years ago, in 2009, we saw a completely new type of attack on banks. Instead of infecting the computers of thousands of users worldwide, criminals went directly after the ATM itself – infecting it with malware called Skimer. Seven years later, our Global Research and Analysis Team together with Penetration Testing Team have been called on for an incident response. They discovered a new,...
Read More
Description: Microsoft has released security updates to address a remote code execution vulnerability in the following in-support and out-of-support operating systems: In-support systems: Windows 7, Windows Server 2008 R2, and Windows Server 2008 Out-of-support systems: Windows 2003 and Windows XP A remote attacker could exploit this vulnerability to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control...
Read More
Description: VMware has released security updates to address vulnerabilities in the following products : vCenter Server, ESXi, Workstation, Fusion. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2019-0007.html https://www.vmware.com/security/advisories/VMSA-2019-0008.html
Description: Cisco has released security updates to address vulnerabilities in multiple Cisco products. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/publicationListing.x
Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10, the anonymous hacker going by online alias “SandboxEscaper” has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities. The two new zero-day vulnerabilities affect Microsoft’s Windows Error Reporting service and Internet Explorer 11. Just yesterday, while releasing a Windows 10 zero-day exploit for a local privilege escalation bug in Task...
Read More
After Facebook and Twitter, Google becomes the latest technology giant to have accidentally stored its users’ passwords unprotected in plaintext on its servers—meaning any Google employee who has access to the servers could have read them. In a blog post published Tuesday, Google revealed that its G Suite platform mistakenly stored unhashed passwords of some of its enterprise users on internal servers in plaintext for 14 years...
Read More
I think the most of security community has agreed that CVE-2019-0708 vulnerability is of critical priority to deal with. And while saying “patch your stuff!” feels like the first thing that one should think of, the memories of WannaCry and NotPetya are still fresh in my mind. We know that patching ain’t gonna happen at the speed and on the scale it needs to be....
Read More
