by CIRT Team
Double-Gun Trojan which uses game plug-in to spread [360totalsecurity]
In July 2017, 360 Security Center discovered the first virus Trojan infected with MBR and VBR. It was named “Double- Gun”. In the following year, we found that the virus author frequently updated the virus version to increase the profitability and ability to fight against security software, and the virus transmission channels are constantly changing. Recently, we found that the latest version of the “Double-Gun”...
Read More
by CIRT Team
Hackers Intercepted EU Diplomatic Cables for 3 Years [bankinfosecurity]
For the past three years, hackers have been intercepting sensitive diplomatic cables sent between EU member states after stealing passwords for accessing the EU network via a phishing attack against diplomats in Cyprus, The New York Times reported late Tuesday. The attack was discovered by Area 1, an anti-phishing firm based in Redwood City, California, that was founded in 2013 by three former National Security Agency officials....
Read More
by CIRT Team
The new findings of GrandCrab ransomware V5.0.5 [source: 360totalsecurity]
Recently, 360 Security Center detected that the GandCrab ransomware is back to attack Windows-based servers and PCs. We also found that if it detects that the computer system is using the Russian language, it will stop intruding. Not only that, but we also recently discovered that the GrandCrab ransomware will stop invading war-torn areas. On 16th October, a Syrian user said on Twitter that GandCrab...
Read More
by CIRT Team
Microsoft is Rebuilding Edge Browser using Chromium for Windows & macOS[bleepingcomputer]
Microsoft has officially confirmed that they are going to be gutting Edge and converting it into a Chromium based browser. While the engine will change, Microsoft has stated that they will continue utilizing the Microsoft Edge name and will now bring the browser to all supported Windows platforms. Microsoft explains that they plan on switching Edge to a Chromium-based engine in order to provide better...
Read More
by CIRT Team
New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs [thehackernews]
Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution. The vulnerability, tracked as CVE-2018-15982, is a use-after-free flaw resides in Flash Player that, if exploited successfully, allows an attacker to execute arbitrary code on the targeted computer and eventually...
Read More
by CIRT Team
Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command [thehackernews]
A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly—thanks to a newly discovered vulnerability. The reported vulnerability actually resides in PolicyKit (also known as polkit)—an application-level toolkit for Unix-like operating systems that defines policies, handles system-wide privileges and provides a way for non-privileged processes to communicate with privileged ones, such as “sudo,”...
Read More
by CIRT Team
Akamai Security Intelligence & Threat Research UPNPROXY: ETERNALSILENCE[akamai]
OVERVIEW: UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely distributed UPnP NAT injection campaign. These injections expose machines living behind the router to the Internet and appear to target the service ports used by SMB. BACKGROUND: Earlier...
Read More
by CIRT Team
0-Days Found in iPhone X, Samsung Galaxy S9, Xiaomi Mi6 Phones [thehackernews]
At Pwn2Own 2018 mobile hacking competition held in Tokyo on November 13-14, white hat hackers once again demonstrated that even the fully patched smartphones running the latest version of software from popular smartphone manufacturers can be hacked. Three major flagship smartphones—iPhone X, Samsung Galaxy S9, and Xiaomi Mi6—were among the devices that successfully got hacked at the annual mobile hacking contest organized by Trend Micro’s...
Read More
by CIRT Team
Gmail Bugs Allow Changing From: Field and Spoofing Recipient’s Address[bleepingcomputer]
A bug in the way Gmail handles the structure of the ‘From:’ header could allow placing of an arbitrary email address in the sender field. Although this issue opens the door for high-level abuse, at the very least it is possible to add the recipient’s address and confuse them about the emails they sent and their content. Touching the sender field Software developer Tim Cotten recently investigated an...
Read More
by CIRT Team
TrickBot Banking Trojan Starts Stealing Windows Problem History [source: bleepingcomputer]
A version of TrickBot spotted recently shows interest in data that is peculiar for the normal scope of banking trojans: the Windows system reliability and performance information. Microsoft runs a Reliability Analysis Component (RAC) on Windows operating systems to supply the Reliability Monitor with details about software installations, upgrades, errors from the operating systems and applications, as well as hardware-related issues. For this purpose, it uses...
Read More
