by CIRT Team
Chrome Users Reporting Freezes & Timeouts After Windows 10 April Update [bleepingcomputer]
Windows 10 users who have installed the April 2018 Update (build 1803) are reporting freezes or connection problems when using Chrome or Chromium based applications. When these freezes occur, it turns the screen black and Windows becomes completely unresponsive until the user reboots the computer or restarts their graphic driver. A Reddit post shows Windows users have tried numerous ways to fix this problem, such as updating video drivers,...
Read More
by CIRT Team
New Rowhammer attack can be used to hack Android devices remotely [source: helpnetsecurity]
Researchers from Vrije Universiteit in Amsterdam have demonstrated that it is possible to use a Rowhammer attack to remotely hack Android phones. What is a Rowhammer attack? “The Rowhammer attack targets the design of DRAM memory. On a system where the DRAM is insufficiently refreshed, targeted operations on a row of DRAM memory may be able to influence the memory values on neighboring rows,” the...
Read More
by CIRT Team
Vulnerabilities Affecting Over 1 Million Dasan GPON Routers [source: bleepingcomputer]
Two vulnerabilities affecting over one million routers, and disclosed earlier this week, are now under attack by botnet herders, who are trying to gather the vulnerable devices under their control. Attacks started yesterday, Thursday, May 3, according to Netlab, the network security division of Chinese cyber-security vendor Qihoo 360. Exploitation of these two flaws started after on Monday, April 30, an anonymous researcher published details of the...
Read More
by CIRT Team
Researchers find critical security flaws in popular car models [source: hackread]
Modern-day vehicles have become overly digitized for the sake of offering advanced technicality to drivers. However, being digital cannot ensure optimal security and the same has been the case with smart cars. Security researchers Daan Keuper and Thijs Alkemade from Computest claim that some of the car models manufactured by Audi and Volkswagen contain a flaw that can be exploited by attackers easily over the...
Read More
by CIRT Team
A cryptocurrency platform exposed sensitive data of 25,000 users [source: hackread]
Bezop, a cryptocurrency startup exposed highly personal details of more than 25,000 of its investors online which were publicly accessible to anyone with an Internet connection. The platform which is supported by John McAfee left the personal details exposed due to an unprotected MongoDB database. The exposed data included full names, email addresses, physical addresses, wallet information, encrypted passwords, copies driver’s license and passports. The database was discovered...
Read More
by CIRT Team
WannaCry Dominates as Ransomware Declines in 2017 [source: infosecurity-magazine]
WannaCry accounted for 90% of ransomware detections last year, with activity among other families declining as cyber-criminals gradually lost interest, according to new research from F-Secure. The Finnish security vendor’s latest report, The Changing State of Ransomware, revealed that aside from the notorious crypto-worm, Locky, Mole, Cerber, and Cryptolocker were also popular ransomware families in 2017. However, despite attacks increasing 415% on 2016 figures, and detections of...
Read More
by CIRT Team
APT28 Hackers Caught Hijacking Legitimate LoJack Software [source: bleepingcomputer]
Security researchers have found tainted versions of the legitimate LoJack software that appeared to have been sneakily modified to allow hackers inside companies that use it. Researchers say domains found inside the tainted LoJack instances have been previously tied to other hacking operations carried out by APT28, a codename used to describe a nation-state-backed cyber-espionage group located in Russia, with ties to the company’s military intelligence. APT28...
Read More
by CIRT Team
Dangers of Public WiFi: What You Need to Know [source: cloudwards]
Free WiFi is available nearly everywhere these days, giving us the ability to work remotely in hotels, coffee shops, restaurants and public parks. It’s convenient and liberating, but potentially unsafe. Connecting to a public network requires little authentication — at best you’ll be greeted by a captive portal and have to check a box agreeing to the terms of service (ToS), or ask an employee for the...
Read More
by CIRT Team
GandCrab Ransomware V2 Released With New .Crab Extension [source: bleepingcomputer]
Last week, security firm Bitdefender, the Romanian Police, and Europol allegedly gained access to the GandCrab Ransomware’s Command & Control servers, which allowed them to recover some of the victim’s decryption keys. This allowed Bitdefender to release a tool that could decrypt some victim’s files. After this breach, the GandCrab developers stated that they would release a second version of GandCrab that included a more secure command & control server in order...
Read More
by CIRT Team
Flaw in Microsoft Outlook Lets Hackers Easily Steal Your Windows Password [source: thehackernews]
A security researcher has disclosed details of an important vulnerability in Microsoft Outlook for which the company released an incomplete patch this month—almost 18 months after receiving the responsible disclosure report. The Microsoft Outlook vulnerability (CVE-2018-0950) could allow attackers to steal sensitive information, including users’ Windows login credentials, just by convincing victims to preview an email with Microsoft Outlook, without requiring any additional user interaction. The...
Read More
