Ransomware attack has once again struck a place called Jackson County in Georgia, crippling IT systems over two weeks. The ransomware was named as ‘Ryuk’, and is said to have originated from the Eastern European group. Unable to redeem from attacks, the companies paid a whopping ransom of $400,000 to the hacking team responsible for this, confirms the officials in Jackson County.
On 6th March 2019, FBI officials informed Citrix that their internal Citrix network had been compromised. Without procrastination, Citrix hired some cybersecurity officials and initiated a forensic investigation, took remedial actions to secure their internal network and, carried on their cooperation in FBI. Citrix also informed its customers and conveyed their sincere apologies.
An Android Banking Trojan named as Gustuff, is now outsmarting the notoriety of other top Trojans like Anubis, Red Alert, Exobot, LokiBot and BankBot. Gustuff uses social engineering attacks to trick the users, turns off Google Play Protect, does phishing attacks, and most significantly can hide its presence, if it fears to be detected. It also has an ATS (Automatic Transfer Service) system right on the user's phone which can open apps, fill in transaction details, and approve money transfers on its own. This Trojan is mostly distributed through SMS spam with its installation link.
Jcry is a new type of ransomware that is written in Go (Golang) language, a latest language for building ransomware. This attack was a part of OpJerusalem (Operation Jerusalem) campaign. This ransomware targeted hundreds of renowned Israeli websites. To enamour the victims, malicious link was sent as an image, containing message “Your abode flash player version is outdated.” Click on the update button to update your player. When users clicked, the malicious code gets downloaded.
Security researchers from a Russian antivirus firm Dr.Web, revealed the fact that a network of malicious Counter-Strike 1.6 multiplayer servers had exploited Remote Code Execution (RCE) vulnerabilities in users with a malware named as Belonard. The computers affected by Belonard were added to a botnet like structure. However, security researchers later confirmed that the network was shutdown.
Libssh2, a popular open source client-side C library implementing the SSHv2 protocol, has released its latest software. The latest software was the version 1.8.1. This newest version patched totally nine security vulnerabilities which could have caused memory corruption issues, arbitrary code execution on the client side. To be away from these, users are requested to upgrade to the latest version.
PuTTY, one of the highly familiar open-source client side programs which allows users to remotely access systems over SSH, Telnet, and Rlogin network protocols has released the contemporary version of its software. The latest release version was PuTTY 0.71. It comprised the patch for 8 highly critical security vulnerabilities.
Microsoft patch released on a Tuesday of March, featured patches for 18 vulnerabilities. If those vulnerabilities remain unpatched, they could lead to Remote Code Execution (RCE). The security patches covered a wide range of Microsoft products, with edge being the most notable one.
Victor Gevers, a popular security researcher discovered the startling fact of 29808 databases exposed openly. This was found in China. Further, it was figured out that all those databases contained details of 1.8 million Chinese women. The collected details included names, date of birth, addresses, marital status and more. It was also found that 89% of collected data, were of unmarried woman whom were under the age of 30.
A new WinRaR version 5.70 beta 1 was released by the WinRaR team. This new version patched the critical vulnerability (CVE-2018-20250) which had been existing in the previous WinRaR versions, over a period of 19 years. Many cyber criminals worldwide are still persuading to exploit this recently patched vulnerability. You may ask why? The main reason is the fact that WinRaR software is devoid of an auto-update feature, making it easily vulnerable to cyberattacks.
Cisco systems urged their customers to update many of their IP phones of 8800 series to the latest version. The phones in this series were meant for business purposes. Unfortunately, the IP phones in this series were affected by 5 highly dreadful flaws. Cisco released the latest version alongside the patches on Wednesday. One of the flaws present were CSRF (Cross Site Request Forgery), which forces an end user to execute malicious actions.
A new Mirai variant comes with 11 new exploits. This Mirai version detected during January 2019, targeted WePresent WiPG-1000 wireless presentation system and the LG Supersign TV. These two were the most notable devices that were targeted, reports the Palo Alto Networks Unit 42. The malicious payload is hosted on a Colombian server. With many more exploits added recently, the total sums up to 27.
Cisco Systems warned customers about a discovery tool named as Cisco Common Service Platform Collector (CSPC). The flaw could allow an adversary to log into the system and collect sensitive data, tied to host operating systems and hardware. The vulnerability is rated as critical, holding a CVSS rating of 9.8. Like adding fuel to the flame, two more critical level vulnerabilities were also found by Cisco. One is related to Cisco Email Security Appliances while the other is related to Cisco Small Business SPA514G IP Phones.
Two X-Force Red summer interns scrutinized the security of 5 familiar visitor management systems and with much of surprise, they figured out 19 undisclosed vulnerabilities. Few of their findings encompassed the sensitive dataleakage, keys to the kingdom, and significant breakout. Further, they also discovered these systems were capable to cause a foothold in destroying corporate networks.
Google’s project Zero team has recently discovered a critical vulnerability in macOS kernel. The discovered vulnerability is said to grant intruders access to users system without their acknowledgement. Google has earnestly reported this issue to Apple on November 2018 itself. More than 4 months have passed, remedial actions weren’t taken. However, Apple is now working on Google’s project Zero on a fix.
IBM has announced fixes for five flaws in Java runtime that leave multiple versions of Watson Explorer and IBM Watson Content Analytics vulnerable to various attacks. Post this, the company's Product Security Incident Response Team (PSIRT) has posted an alert about the "high severity" bugs affecting various Watson analytics products, consoles, and the content analytics studio. The best solution is to download and install the IBM Java SDK as soon as possible
A Point of Sale (POS) malware which uses a domain generation algorithm was deployed against small and mid-sized organisations since four years, says a team of security researchers from flashpoint. The malware was identified as DMSniff which gained access of the users systems by launching brute-force attacks or, by scanning for vulnerabilities and exploiting those.
A dreadful Chinese cyber-espionage team known as the Winneti group has breached the networks of two game makers and a gaming platform to include a backdoor Trojan within their products. However, even a third game named as infestation, has been found vulnerable. Infestation gamers are asked to reinstall their systems as quick as possible.
The PirateMatryoshka is a dreadful malware used to infect computers worldwide. It is primarily distributed by the The Pirate Bay torrent tracker. As per the released security reports, it has been downloaded already about 10,000 times. To get rid of this malware if affected, primary aiding factor is to boot your PC into safe mode and to quarantine it, and its other related objects.
UC Browser on smart phones must be immediately uninstalled because the China-made UC Browser contains a "questionable" ability that could be exploited by remote attackers to automatically download and execute code on your Android devices. This hidden feature has been lurking in UC browser since 2016.