News Clipping


FIN7/Carbanak threat actor unleashes Bateleur JScript backdoor [proofpoint]

Proofpoint researchers have uncovered that the threat actor commonly referred to as FIN7 has added a new JScript backdoor called Bateleur and updated macros to its toolkit. We have observed these new tools being used to target U.S.-based chain restaurants, although FIN7 has previously targeted hospitality organizations, retailers, merchant services, suppliers and others. The new macros and Bateleur backdoor use sophisticated anti-analysis and sandbox evasion...

Read More


Security Flaws Found in 2G Modems Used by BMW, Ford, Infiniti, and Nissan Cars [bleepingcomputer]

A team of three security researchers has found and disclosed two security flaws in the TCU (telematics control unit) components that ship with various luxury car models. TCUs are 2G modems that receive or send data from a car’s internal system and are used as an interface between the car and remote management tools such as web panels and mobile apps.


SMBLoris – the new SMB flaw [sans]

While studying the infamous EternalBlue exploit about 2 months ago, researchers Sean Dillon (zerosum0x0) and Zach Harding (Aleph-Naught-) found a new flaw in the Server Message Block (SMB) protocol that could allow an adversary to interrupt the service by depleting the memory and CPU resources of the targeted machine on a Denial of Service (DoS) attack. According to an article posted by ThreatPost, the flaw...

Read More


PoC Malware Exploits Cloud Anti-Virus for Data Exfiltration [securityweek]

Presented at BlackHat USA 2017 by Itzik Kotler and Amit Klein from SafeBreach Labs, the PoC tool relies on packing data inside an executable the main malware process creates on the compromised endpoint. Thus, if the AV product employs an Internet-connected sandbox as part of its cloud service, data is exfiltrated as soon as the AV agent uploads the newly created executable to the cloud...

Read More


Experts spotted Triada Trojan in firmware of low-cost Android smartphones [securityaffairs]

Another case of pre-installed malware make the headlines, malware researchers at the Russian anti-virus firm Dr.Web have spotted the Triada Trojan in the firmware of several low-cost Android smartphones, including Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20. Experts speculate that threat actors compromised the supply chain infecting a small number of smartphones of the above models.


Page 53 of 62« First...102030...5152535455...60...Last »