by CIRT Team
“Process Doppelgänging” Attack Works on All Windows Versions [source: bleepingcomputer]
Today, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called “Process Doppelgänging.” This new attack works on all Windows versions and researchers say it bypasses most of today’s major security products. Process Doppelgänging is somewhat similar to another technique called Process Hollowing, but with a twist, as it utilizes...
Read More
by CIRT Team
WordPress Malware Spreads via Nulled WordPress Themes[src: bleepingcomputer]
A WordPress malware campaign that recently picked up steam last month is now using nulled (pirated) premium themes to infect new victims. According to Sucuri security researcher Denis Sinegubko, the wp-vcd malware is now preinstalled inside pirated WordPress premium themes offered for download for free on some sites known for providing nulled scripts, themes, and plugins for various CMS platforms. This particular malware — wp-vcd — works...
Read More
by CIRT Team
Microsoft releases an emergency update to fix a flaw for Malware[source: securityaffairs]
Microsoft issued an emergency Windows Security Update to address a critical flaw, tracked as CVE-2017-11937, that affects the Malware Protection Engine. Microsoft issued an emergency Windows Security Update to address a critical vulnerability, tracked as CVE-2017-11937, that affects the Malware Protection Engine (MPE). The emergency fix comes a few days before Microsoft is scheduled to roll out its December Patch Tuesday updates. The critical RCE flaw could be exploited by an...
Read More
by CIRT Team
Conficker: The Worm That Won’t Die [source: darkreading]
More than nine years after it infected millions of systems worldwide, the malware continues to be highly active, according to a Trend Micro report. The Conficker worm has become the malware that just won’t die. More than nine years after it was first spotted in 2008, the worm continues to be detected by anti-malware systems with enough regularity to suggest that it remains a potent...
Read More
by CIRT Team
Android Ransomware Kits on the Rise in the Dark Web [source: darkreading]
More than 5,000 Android ransomware kit listings have been spotted so far this year, with the median price range hitting $200. Most ransomware kits still focus on targeting Windows systems, but Android ransomware kits are selling for a premium and are expected to grow in volume and price, according to a new report. Android ransomware kits sell for a median price that is 20 times higher...
Read More
by CIRT Team
A new variant of Shadow BTCware Ransomware discovered [source: securityaffairs]
The security expert Michael Gillespie discovered a new variant of the Shadow BTCware Ransomware which is manually installed on unsecured systems. The security expert Michael Gillespie discovered a new variant of the BTCWare ransomware, the malicious code was spread by hacking into poorly protected remote desktop services and manually installed by crooks. The new Shadow BTCware Ransomware variant appends the .[email]-id-id.shadow extension to the encrypted files, compared to previous versions it uses new email addresses a...
Read More
by CIRT Team
Firefox to warn users when visiting breached websites [source: welivesecurity]
The Firefox web browser is looking to alert visitors whenever they visit a website that is known to have suffered a data breach. While the ‘Breach Alerts’ feature will issue a warning about a website, it won’t actually prevent users from visiting it. “This is an extension that I’m going to be using as a vehicle for prototyping basic UI and interaction flow for an...
Read More
by CIRT Team
Google Unwanted Software Policy – Against snooping apps[source: securityaffairs]
Google has expanded enforcement of Google’s Unwanted Software Policy waring Android developers to explicitly declare data collection behaviors. A few days ago, Google was caught collecting users’ location data even when location services were disabled, many privacy experts questioned the behavior of the tech giant. Google promptly admitted the practice and suspended it. Now Google made another move to protect the privacy of its users, it has warned Android developers...
Read More
by CIRT Team
Phishers target panicking PayPal users with fake “failed transaction” emails [source: helpnetsecurity]
With the end-of-the-year holidays quickly approaching and many users worrying whether the gifts they bought online will be delivered in time for the festivities, an email from PayPal saying their transactions were impossible to verify or their payments were not processed will throw most users for a loop. Phishers are counting on that, and are hoping that panicking users will be too distraught to notice...
Read More
by CIRT Team
Student Hacks High School, Changes Grades [source: bleepingcomputer]
Tenafly High School has informed parents earlier this month that a student has gained access to its internal IT systems, changed grades to improve his GPA, and sent out college applications immediately after. The New Jersey-based high school has not named the student but said it informed authorities, and law enforcement is currently handling the investigation. According to reports in local media [1, 2], the teen...
Read More
