Recent Posts

Pages: [1] 2 3 ... 10
By Ionut Ilascu

The relatively new espionage group Speedworm proves to be highly adaptive by using GitHub to keep their malware and by carefully observing the developments on the infosec scene via social networking services.

This approach helped the gang evolve their tools on a constant basis and create new ones. The latest tool associated with this group is Powemuddy, a backdoor used in the initial stages of the attack to establish persistence on the target machine, which can also function as a downloader.

Another tool the gang uses is the Powermud backdoor, controlled via a proxy network that hides that makes it more difficult to find the location of the command and control (C2) server.

Full Article Here:
By Ionut Ilascu

More than 40,000 users victims of phishing attacks had their credentials for unlocking online accounts for government services stolen. The information might have already been sold on underground hacker forums

Researchers at Group-IB, an international company focused on the prevention of cyber attacks, found that the login data offered access to services in 30 countries around the world.

A spokesperson for the company told BleepingComputer that the compromised credentials were discovered using investigative research techniques that involved detection and reverse-engineering of malware, and digital forensics data.

Full Article Here:
By Ionut Ilascu

The Cobalt hacking group specialized in breaching the networks financial institutions and banks is now using a new variant of the ThreadKit exploit builder kit for Microsoft Office documents.

Observed in a campaign on October 30, the new tactics show an evolution of the ThreadKit macro delivery tool. The final payload downloaded this way is the CobInt, a signature malware for the Cobalt group.

Full Article Here:
By Lawrence Abrams

Mozilla has released Firefox 64 and it comes with new features such as the Contextual Feature Recommender, multi-tab selections, an improved Task Manager, and native Windows 10 sharing support.

This release also officially distrusts all Symantec TLS certificates. This was originally slated for Firefox 63, but as too many users had not switched to a new certificate provider, Mozilla delayed it to Firefox 64.

Below is a list of the new features found in Firefox 64.

Full Article Here:

Author: Tara Seals
December 11, 2018 9:28 am

Administrators lost control of the domain for several hours in a DNS hijacking incident.

The Linux organization said late Friday that its main domain,, was hacked and defaced in a DNS hijacking incident.

The group said that someone was able to compromise the registrar account for the domain and point its DNS to another server — as well as lock administrators out from changing it back for several hours.

The hackers “pointed the domain name to a pretty rude page [NSFW] for most of the evening,” a Linux admin said in a posting.

Full Article Here:

Author: Tom Spring
December 11, 2018 1:40 pm

Threat actors have updated their malware to include a macro-based delivery framework.

Despite the high profile arrest earlier this year of the Cobalt Group ringleader, the threat actors behind the hacking collective are slowly ramping up their malicious behavior. In a new analysis of the threat group, known for its widespread attacks against banks in Eastern Europe over the past several years, the Cobalt Group has recently been observed updating its arsenal with a new version of the ThreadKit malware.

Full Article Here:
Security & Technology News / New Exploit Kit Targets SOHO Routers
« Last post by Antus67 on Today at 03:16:49 am »
By Ionut Arghire on December 11, 2018

A newly identified exploit kit is targeting home and small office routers in an attempt to compromise the mobile devices or desktop computers connected to the routers, according to Trend Micro.

Dubbed Novidade, the exploit kit employs cross-site request forgery (CSRF) to change the Domain Name System (DNS) settings of routers to attack web applications and redirect traffic from the connected devices to the IP address of their server.

The exploit kit was initial observed in August 2017, and two more variants have been discovered since, including one involved in the DNSChanger system of a recent GhostDNS campaign. Novidade, however, might not be limited to a single campaign, but concurrently used in different attacks.

Full Article Here:
By Eduard Kovacs on December 11, 2018

Microsoft’s Patch Tuesday updates for December 2018 address nearly 40 vulnerabilities, including a zero-day flaw affecting the Windows kernel.

The actively exploited vulnerability, tracked as CVE-2018-8611, has been described by Microsoft as a privilege escalation issue related to the failure of the Windows kernel to properly handle objects in memory.

“An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft said in its advisory.

Exploitation of the vulnerability requires access to the targeted system. The security hole impacts all supported versions of Windows.

Full Article Here:
BY: Brian Krebs:

Adobe and Microsoft each released updates today to tackle critical security weaknesses in their software. Microsoft’s December patch batch is relatively light, addressing more than three dozen vulnerabilities in Windows and related applications. Adobe has issued security fixes for its Acrobat and PDF Reader products, and has a patch for yet another zero-day flaw in Flash Player that is already being exploited in the wild.

At least nine of the bugs in the Microsoft patches address flaws the company deems “critical,” meaning they can be exploited by malware or ne’er-do-wells to install malicious software with little or no help from users, save for perhaps browsing to a hacked or booby-trapped site.

Full Article Here:
General Software / Re: Mozilla Firefox Quantum
« Last post by hayc59 on December 11, 2018, 06:11:37 pm »
Firefox v64.0 Released
Released: DEC 11 2018

Whats New
• Better recommendations: You may see suggestions in regular browsing mode for new and relevant Firefox features, services, and extensions based on how you use the web (for US users only)
• Enhanced tab management: You can now select multiple tabs from the tab bar and close, move, bookmark, or pin them quickly and easily
• Easier performance management: The new Task Manager page found at about:performance lets you see how much energy each open tab consumes and provides access to close tabs to conserve power
• Improved performance for Mac and Linux users, by enabling link time optimization (Clang LTO). (Clang LTO was enabled for Windows users in Firefox 63.)
• More seamless sharing on Windows: Windows users can now share web pages using the native sharing experience. You can access Share in the Page Actions menu
• Various Security fixes

Direct Download: Firefox 64.0 for Windows | Fully Localized Versions
Download Mobile: Android & iSO
More Info: Release Notes
More Info: Security Advisories
Pages: [1] 2 3 ... 10