Security

Current Windows 10 Blocking Block Attacks on Secured Core PCs

Microsoft has introduced a new series of devices called Secured-core PCs that provide built-in firmware security from the growing use of state-sponsored hacking groups. In its 2018 activities, for example, the APT28 cyber-espionage team (also known as Sednit, Fancy Bear, Strontium and Sofacy) uses a Unified Extensible Firmware Interface (UEFI) rootkit called LoJax. This allowed…

Sodinokibi Ransomware Distributors Tools and Tactics

With a network of honeypots, McAfee researchers looked at the methods and techniques that are used by Sodinokibi Ransomware (REvil) collaborators to infect victims using ransomware and compromise other network devices. As part of the Sodinokibi ransomware-as – a-service, ransomware implements are marked with affiliate IDs and sub IDs in order to track who the…

Hackers Hiding Fake WordPress Plugins Backdoor Sites

The hackers use malicious plug-ins that hide in the clear view and serve as backdoors to obtain and maintain a foothold on WordPress websites and to upload web shells and scripts for brutalization on other pages. For example, some of these fake backdoor plugins— called initiatorseo or updrat123 of its developers— have seen the very…

Fake WordPress Plugin Comes with the Mining Feature of Cryptocurrency

Malicious plug-ins are not only used to keep access to the compromised database but also to mine for cryptocurrencies. Researchers at website security firm Sucuri found that in recent months the number of malicious plug-ins has increased. The elements are copies of legitimate and harmful code. Such fake plugins are usually used to give attackers…

Facebook Supports Third-Party Companies to Find Bugs

Facebook updated the terms of its third-party bug bounty service integration program to boost researchers ‘ rewards. A year ago, Facebook revealed that it would pay for researchers who can detect security problems with Facebook access tokens in third-party applications that can be used to sign in. Scientists have twice been awarded Researchers can now…

Chinese Hackers Use New Cryptojacking Detection Techniques

Chinese-speaking cyber-crimes group Rocke, known for running multiple large-scale malicious cripto-mining campaigns, has now switched to new Tactics, Techniques and Procedures (TTPs). Rocke is an economically motivated group of threats first discovered in April 2018 by the researchers of the Cisco Talos team when targeting unpatched Apache Struts, Oracle WebLogic and Adobe ColdFusion servers. The…

Uses New PortReuse Malware Against Asian Manufacturer Winnti Group

With a new modular Windows backdoor, Winnti group hackers have upgraded their arsenal to infect servers from a highly-professional Asian mobile hardware and software manufacturer. ShadowPad malware has also been added to the hacking group, with random modular IDs and some extra uncertainty being the most noticeable additions according to ESET researchers who have been…

Sodinokibi Ransomware: Following the Money Trail of Affiliate

Following the posting of partial transaction IDs for ransomware payment by a Sodinokibi affiliate, researchers were able to use the information in order to track affiliates ‘ money trail and sometimes how they invest their illegal profits. Earlier this month, McAfee looked at the Gand Crab Ransomware as a collaborator and how the Sodinokibi Ransomware…

Nitro PDF Pro to get 7 Real RCE Bugs Micropatches

The new Nitro PDF Pro version has at least one flaw that could be used to execute remote code on the victim’s host. A third party patch is on its way. For this safety bug, a official fix from the developer is not available, with a severity score of 8.8 out of 10. Leverage can…

Windows 10 1703 is Now End of Operation, No More Security Updates

Windows 10 version 1703 is now out of service and will not provide any future security or reliability updates. Creators Update is also called Creators Update. When a Windows version is out of operation, Microsoft will no longer patch bugs in the software or release security updates to address new vulnerabilities. By 8 October 2019…