Adobe Systems today issued an emergency security update for Flash Player following the discovery of a critical vulnerability that attackers were actively exploiting in a Nov. 29 phishing operation targeting a Russian state health care institution. The zero-day arbitrary code execution exploit was specifically employed against Moscow-based “Polyclinic No. 2” of the Administrative Directorate of…
Researchers at antivirus company Dr.Web have discovered a malicious Monero cryptominer specifically designed for Linux machines, with additional functionality that also allows it to operate as a backdoor. Named Linux.BtcMine.174, the trojan is described as a shell script containing over 1,000 lines of code. To receive its malicious commands from the attackers, the malware downloads and runs…
Not even the Make-A-Wish Foundation is off limits for some unscrupulous cybercriminals, as evidenced by a cryptojacking operation that compromised the charitable organization’s international website. Simon Kenin, security researcher at Trustwave, reported in a company blog post today that malicious actors injected a CoinImp browser-based cryptomining script that would harness the processing power of any…
A WordPress plug-in that’s supposed to help with GDPR compliance contains a dangerous privilege escalation vulnerability that attackers have been actively exploiting to compromise websites. Known as the WP GDPR Compliance plug-in, the software module helps ensure compliance with Europe’s General Data Protection Regulation by providing tools through which site visitors can permit use of their…
A researcher has apparently found a way to exploit the new Group FaceTime feature in iOS 12.1 in order to access iPhone users’ contact information. The Hacker News has reported that Spanish researcher Jose Rodriguez made the discovery just hours after the release of version 12.1 last Oct. 31, and subsequently created a video of his…
Cisco Systems yesterday issued 17 security advisories, disclosing vulnerabilities in multiple products, including at least three critical flaws. One of them, a privileged access bug found in seven models of its Small Business Switches, has not yet been patched, but the company has recommended a workaround to limit its potential for damage. Designated CVE-2018-15439 with…
Researchers at Israel-based cyberattack simulation company Cymulate are claiming to have found a vulnerability in Microsoft Word’s online video feature that can allow malicious actors to replace legitimate YouTube iframe code with malicious HTML/JavaScript code. In a company press release, Cymulate warns that the unpatched zero-day flaw requires no special configuration to reproduce and potentially affects…
A new spam campaign that debuted last August is attempting to infect Turkish targets with the Adwind 3.0 remote access tool, using a previously undiscovered variant of a code injection attack that exploits Microsoft’s Dynamic Data Exchange (DDE) data transfer protocol. A key improvement to this variant is that it features new techniques to avoid anti-malware software…
A threat actor has been targeting Windows and Linux servers with a self-propagating malware mash-up that’s comprised of botnet, ransomware, disk wiper, cryptomining and worm elements all in one. Researchers from Palo Alto Networks’ Unit 42 division have tied the malware, dubbed Xbash, to the APT actor known as Iron Group. The same group has previously…
Attackers are leveraging a newly discovered exploit kit in an international malvertising campaign that’s been observed delivering GandCrab ransomware and the SmokeLoader malicious downloader, as well as engaging victims in social engineering scams. Nicknamed Fallout, the kit exploits a remote code execution vulnerability in outdated versions of the Windows VBScript engine and an arbitrary code…
