GlobeImposter use new ways to spread to the globe [source: 360totalsecurity]
Recently, there have been many incidents of ransomware attacks. Once users are infected by ransomware, it is almost impossible to decrypt it by technical means that users can only be forced to abandon data or pay ransom to solve. Therefore, unlike other virus Trojans, the “pre-defense strategy” is different from...
Read more
Recent Windows zero-day vulnerability is exploited with Google Chrome [source: 360totalsecurity]
A few days ago, an elevation of privilege vulnerability in Windows was exposed, but only two days later, an organization called Powerpool was eyeing this vulnerability, and also produced a Trojan. Even though the Trojan is produced in a very short period, its attack power is still significant. Once the...
Read more
KomarMiner, a cryptomining Trojan disguising as cracking software [360totalsecurity]
Recently, 360 Security Center monitored a kind of malicious mining Trojans disguising as all kinds of commonly used cracking software for big spread. At present, it has already supported defense against killing and killing. It is recommended that users do not download various software with unknown origins. Download the software...
Read more
WordPress phishing scam targets the database credentials of the users [source: 360totalsecurity]
Recently, there has been a phishing email for WordPress users. The content of the email is to inform the users that their database needs to be updated, as shown in the figure below: Although the email is similar to a legitimate WordPress update, there are still a number of vulnerabilities:...
Read more
MikroTik Routers Are Forwarding Owners’ Traffic to the Attackers [source: netlab.360]
2018-09-05 11:00 GMT+8, with the generous help from the AS64073, 103.193.137.211 has been promptly suspended and is no longer a threat. Overview MikroTik is a Latvian company founded in 1996 to develop routers and wireless ISP systems. MikroTik now provides hardware and software for Internet connectivity in countries around the...
Read more
Copying v Dragging a file to an OS X Disk Image [source: ThinkDFIR]
Had a need to do some quick testing on different operations on OS X 10.10.5 (Yosemite) and thought I’d share. Created a new disk image, and then copied an existing file into it. Then created a new file, and dragged that into the disk image. Here is what we may...
Read more
Apple iPhone “Significant Locations” [source: prodigital4n6]
Where & What Are “Significant Locations” The first step is to identify where and what “Significant Locations” are. The artifact is available to view on the device at Settings>Privacy>Location Services>System Services>Significant Locations. If location services are turned OFF, the significant locations data will not be logged and therefore unavailable. ...
Read more
New Ransomware That Encrypts Only EXE Files on Windows Machines [source: gbhackers]
A new ransomware that encrypts only EXE files present in your computer including the ones presented in the windows folder, which typically other ransomware won’t do to ensure the operating system function correctly. It was first tweeted by MalwareHunterTeam and it has the title as Barack Obama’s Everlasting Blue Blackmail...
Read more
DATA RECOVERY AFTER RANSOMWARE THAT ENCRYPTS FILES [source: digitalforensics]
The problem of data recovery after ransomware that encrypts files has increased, with more and more cases recently. Help in these cases is not a trivial task. Let’s consider some sides of this problem. Ransomware usually encrypts the most-used data such as photos, videos, office files, databases, etс. Ransomwares can...
Read more
Qihoo 360’s precise analysis of ransomware for August [source: 360totalsecurity]
Ransomware has posed a serious threat to the data security of enterprises and individuals. Fortunately, 360 Internet Security Center has detected and defensed ransomware immediately. According to the feedback from our users, we found that the number of our users attacked by ransomware shows a slight upward trend in August....
Read more