Recently, 360 Security Center monitored a kind of malicious mining Trojans disguising as all kinds of commonly used cracking software for big spread. At present, it has already supported defense against killing and killing. It is recommended that users do not download various software with unknown origins. Download the software as far as possible to the official website. Analysis KomarMiner Trojan disguises as a variety...
Read More
Recently, there has been a phishing email for WordPress users. The content of the email is to inform the users that their database needs to be updated, as shown in the figure below: Although the email is similar to a legitimate WordPress update, there are still a number of vulnerabilities: the content contains typos and the message delivery method is older. The deadlines marked in...
Read More
Description:VMware has released security updates to address vulnerabilities in VMware AirWatch Agent and Content Locker. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2018-0023.html
2018-09-05 11:00 GMT+8, with the generous help from the AS64073, 103.193.137.211 has been promptly suspended and is no longer a threat. Overview MikroTik is a Latvian company founded in 1996 to develop routers and wireless ISP systems. MikroTik now provides hardware and software for Internet connectivity in countries around the world. In 1997, MikroTik created the RouterOS software system. In 2002, MikroTik decided to build...
Read More
Had a need to do some quick testing on different operations on OS X 10.10.5 (Yosemite) and thought I’d share. Created a new disk image, and then copied an existing file into it. Then created a new file, and dragged that into the disk image. Here is what we may found! Action Plan Copy Existing File I had a file which had some text in...
Read More
Where & What Are “Significant Locations” The first step is to identify where and what “Significant Locations” are. The artifact is available to view on the device at Settings>Privacy>Location Services>System Services>Significant Locations. If location services are turned OFF, the significant locations data will not be logged and therefore unavailable. Interestingly, to access Significant Locations on the device, the passcode or Touch ID must be...
Read More
A new ransomware that encrypts only EXE files present in your computer including the ones presented in the windows folder, which typically other ransomware won’t do to ensure the operating system function correctly. It was first tweeted by MalwareHunterTeam and it has the title as Barack Obama’s Everlasting Blue Blackmail Virus Ransomware, according to its file properties. It is unknown how the attackers distributing the...
Read More
The problem of data recovery after ransomware that encrypts files has increased, with more and more cases recently. Help in these cases is not a trivial task. Let’s consider some sides of this problem. Ransomware usually encrypts the most-used data such as photos, videos, office files, databases, etс. Ransomwares can give different extensions to encrypted data; they are considered as a same mechanism that uses...
Read More
Ransomware has posed a serious threat to the data security of enterprises and individuals. Fortunately, 360 Internet Security Center has detected and defensed ransomware immediately. According to the feedback from our users, we found that the number of our users attacked by ransomware shows a slight upward trend in August. Also, the highest number of single-day interceptions for weak passwords reached more than 6 million...
Read More
Cybercriminals are continuing to innovate and use legitimate tools to deliver the malicious file, with this new campaign attacker used WMIC (Windows Management Interface Command) to deliver the information-stealing malware. WMIC is a command line interface that allows users to run WMI operations, which used to get the status of the local or remote computer systems. The use of legitimate tools allows threat actors to fly...
Read More
