Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Antus67

Pages: [1] 2 3 ... 210
By Ionut Arghire on January 22, 2019

Nearly 100,000 malware distribution websites have been identified and taken down over the course of 10 months as part of an project called URLhaus.

Launched at the end of March 2018 with the purpose of collecting and sharing URLs used for malware distribution, the project has already proven a great success and enjoyed help from the community, says.

During the past 10 months, 265 security researchers around the world have identified and submitted in average 300 malware sites each day. On average, URLhaus counts between 4,000 and 5,000 active malware distribution sites daily.

“2/3 of the top malware hosting networks are hosted either in the US or China,” reveals.

Full Article Here:

By Lawrence Abrams

The STOP ransomware has seen very heavy distribution over the last month using adware installers disguised as cracks. This campaign continues with a new variant released over the past few days that appends the .rumba extension to the names of encrypted files.

Using adware bundles and software cracks as a new distribution method, STOP has become one of the most prolific ransomware infections we have seen in quite a while. First starting with the .djvu extension, then switching to the .tro extension, this latest .rumba variant continue to be heavily distributed as can be seen by the chart from ID Ransomware below.

Full Article Here:

BY: Zeljka Zorz, Managing EditorJanuary 18, 2019

oo many Facebook users aren’t aware that the company uses the information provided by them and their actions on the platform and outside of it to create a list of their traits and interests, which is then used by to target them with relevant ads.

According to the results of a new Pew Research Center surveys, which polled a representative sample of US-based, adult Facebook users:

    88% discovered that the site had generated some material for them.
    74% say they did not know about the platform’s list of their interests (ad preferences page) before being directed to it for the purposes of the survey.
    60% of Facebook users have 10 or more categories listed on their ad preferences page.
    59% say these categories reflect their real-life interests, 27% say they are not very or not at all accurate in describing them.
    51% say they are not comfortable that the company created such a list.

Full Article Here:

By Sergiu Gatlan

According to court documents part of a 2012 class-action lawsuit made public by a federal judge at the request of The Center for Investigative Reporting's Reveal, social network giant Facebook has made a habit of charging kids without their parents' knowledge while playing games on its platform.

This happened because, unlike other platforms such as Apple's iOS, Facebook will not require its users to re-authenticate every time they want to purchase in-game goods such as virtual currency.

Although right now only four documents have been partially made available for analysis to Reveal by the court, Facebook has been ordered to also release to the public roughly one hundred more pages of information pertaining to the class action.

Full Article Here:

By Ionut Ilascu

WiFi chip firmware in a variety of devices used mainly for gaming, personal computing, and communication comes with multiple issues. At least some of them could be exploited to run arbitrary code remotely without requiring user interaction.

The security flaws were discovered in ThreadX, a real-time operating system (RTOS) developed by Express Logic. The vendor claims on their website that ThreadX has over 6.2 billion deployments, being one of the most popular software powering Wi-Fi chips.

The firmware is also powering the Avastar 88W8897 SoC (Wi-Fi + Bluetooth + NFC) from Marvell, present in Sony PlayStation 4 (and its Pro variant), Microsoft Surface (+Pro) tablet and laptop, Xbox One, Samsung Chromebook and smartphones (Galaxy J1), and Valve SteamLink.

Full Article Here:

Security & Technology News / Fallout EK Retools for a Fresh New 2019 Look
« on: January 19, 2019, 02:58:12 am »

Author: Tara Seals
January 18, 2019 2:58 pm

The Fallout EK has added the latest Flash vulnerability to its bad of tricks, among other tune-ups.

A new version of the Fallout exploit kit (EK) has emerged, featuring new exploits and fresh payloads, including the GandCrab ransomware.

The Fallout EK generally makes use of malvertising campaigns, especially those that take advantage of traffic to adult websites, according to an analysis from Jérôme Segura. He found that since Tuesday, the Fallout EK activity has been picking up pace after a hiatus for the first half of the month.

Full Article Here:


By Ionut Arghire on January 18, 2019

Recent samples of the destructive Xbash Linux malware can uninstall cloud security protection products from infected servers, Palo Alto Networks reports.

First detailed last year, the malware features a broad set of malicious capabilities, ranging from ransomware and crypto-currency mining to self-propagation, database deletion, and the enrolling of compromised servers into a botnet.

The malware is used by a group referred to as Rocke, which is associated with the Iron cybercrime group. More recent samples of Xbash include new code to uninstall five different cloud security protection and monitoring products from infected Linux servers, Palo Alto Networks’ security researchers say.

Full Article Here:

By Ionut Arghire on January 18, 2019

There is widespread scanning for a recently disclosed remote code execution vulnerability in the ThinkPHP framework, Akamai reveals.

ThinkPHP, a web framework by TopThink, is a Chinese-made PHP framework used by a large number of web developers in the country. In early December 2018, the framework was revealed to be impacted by a remote code execution bug that could allow an attacker to take over a vulnerable server.

The issue was that user input was not properly sanitized, thus allowing an unauthenticated user to specify their own filter function to execute.

Full Article Here:

By Ionut Arghire on January 18, 2019

An updated version of the Fallout exploit kit recently emerged with an exploit for a recent Flash zero-day included in its arsenal, Malwarebytes Labs security researchers warn.

First detailed in September 2018, the toolkit was observed delivering malware families ranging from ransomware to backdoors, but also fingerprinting the browser profile to identify targets of interest.

The exploit kit (EK) remained active throughout the end of 2018, but its operators took a break in early January, apparently in order to improve their malicious kit. During Fallout’s absence, RIG EK’s activity intensified, Malwarebytes now reveals.

Full Article Here:

By Ionut Ilascu

A micropatch has been released today for a vulnerability in Windows that allows overwriting files, even system one, with arbitrary data.

The bug was disclosed on December 27 by the security researcher using the online alias SandboxEscaper. Before that, she tweeted that she let Microsoft know about the flaw in an email to Microsoft Security Response Center (MSRC).

Full Article Here:

By Lawrence Abrams

19 Android apps with over 50 million installs were found on the Google Play store that state that they are full featured GPS apps, but instead simply show an advertisement and then show Google Maps.

These apps were discovered by ESET Android security researcher Lukas Stefanko who stated that they promote themselves as full featured apps and use screenshots from other legitimate apps to entice users to install them

Full Article Here:

By Sergiu Gatlan

Two Android apps infected with banking malware were found on the Google Play Store, already having been installed on thousands of Android devices and sporting dozens of fake five-star ratings.

The Trend Micro malware research team linked the malware payload found in the two apps with the Anubis banking Trojan based on code similarity and a shared command and control (C&C) server (i.e.,, known to have been targeting the Android platform for the last two years.

Full Article Here:

By Sergiu Gatlan

A hidden web server always running in the background was found by security researcher Robert Baptiste in ES File Explorer, an Android file manager with over 100,000,000 installs displayed on the Google Play store page and over 500 million users worldwide according to its developer.

As discovered by Baptiste, right after launching the app it will start a local HTTP server on port 59777 which will stay open until all the background services of ES File Explorer are killed:

Everytime a user is launching ES File Explorer, a HTTP server is started. This server is opening locally the port 59777. An attacker connected on the same local network than the victim, can obtain a lot of juicy information (device info, app installed, ...) about the victim's phone, remotely get a file from the victim's phone and remotely launch an app on the victim's phone.

Full Article Here:

By Ionut Ilascu

Twitter announced today that an issue in its app for Android exposed some users’ protected tweets for over four years if they made certain changes to their account settings.

As a result, content intended only for approved followers became publicly visible.
Bug survived since late 2014

The problem caused the “Protect your Tweets” feature to become disabled for users of Twitter for Android that had it turned on and also made some modifications to their account, such as updating the associated email address.

Full Article Here:

By Lawrence Abrams

A ransomware called BlackRouter has been discovered being promoted as a Ransomware-as-a-Service on Telegram by an Iranian developer. This same actor previousl distributed another ransomware called Blackheart and promotes other infections such as a RAT.

BlackRouter was originally spotted in May 2018 and had its moment of fame when TrendMicro discovered it dropping the AnyDesk remote access program and keyloggers on victim's computers.

Full Article Here:

Pages: [1] 2 3 ... 210