Out with the old, in with the… Old Phantom Crypter, which despite its name is actually a new Microsoft Office exploit builder that’s been surpassing its predecessors in popularity among the cybercriminal community. Gabor Szappanos, principal malware researcher at SophosLabs, described the ascendance of Old Phantom yesterday in a company blog post, which links to…
Researchers are warning that hackers are exploiting a plug-in vulnerability to infect MSPs and their customers with GandCrab ransomware. The bug, CVE-2017-18362, dates back to 2017, and is found in unpatched versions of the ConnectWise ManagedITSync integration plug-in tool, explains a Feb. 8 blog post by Chris Bisnett, security researcher at Huntress Labs. This plug-in…
Apple yesterday released security updates for iOS and macOS Mojave, repairing four vulnerabilities, including two that a Google researcher says were exploited in the wild as zero days. The two exploited flaws consisted of memory corruption issues caused by insufficient input validation. The first, CVE-2019-7286, is a privilege escalation vulnerability in the Foundation framework that…
A research firm has disclosed multiple vulnerabilities in the Remote Desktop Protocol that, if left unpatched, could allow compromised or infected machines to attack the RDP clients that remotely connect to them. In a blog post today, Check Point Software Technologies researcher Eyal Itkin refers to this scenario as a reverse RDP attack because the…
Cisco Systems last week issued security advisories for two dozen vulnerabilities, including two high-severity flaws in its Small Business RV320 and RV325 dual gigabit WAN VPN routers, which attackers are reportedly already trying to exploit with published proof-of-concept code. Device owners are advised to immediately download Cisco’s patches for the two exploited flaws, both of…
Researchers have developed proof-of-concept malware capable of compromising Building Automation Systems after discovering two critical bugs in a BAS programmable logic controller (PLC). Created by experts at ForeScout, the malware exploits both vulnerabilities in combination with several older flaws that were previously known to the public, according to a ForeScout white paper released today in…
Researchers from a combination of academic and corporate backgrounds have disclosed a newly discovered side-channel attack technique that targets the operating system page cache and affects devices regardless of hardware architecture or OS. “The page cache is a pure software cache that contains all disk-backed pages, including program binaries, shared libraries,and other files, and our attacks…
At least one threat actor is using a combination of the info stealer Vidar and GandCrab ransomware to put a double whammy on their victims and increase their odds of coming away with something value during an attack. Jerome Segura, head of investigations at Malwarebytes Labs, has tracked the campaign, which uses the Fallout and…
Microsoft Corporation yesterday released an emergency patch for a remote code execution vulnerability in Internet Explorer that attackers have been actively exploiting in the wild. Designated CVE-2018-8653, the zero-day memory corruption bug results from the mishandling of objects in memory by the JScript component of Internet Explorer’s scripting engine, according to an official advisory from Microsoft, as…
Adobe Systems today issued an emergency security update for Flash Player following the discovery of a critical vulnerability that attackers were actively exploiting in a Nov. 29 phishing operation targeting a Russian state health care institution. The zero-day arbitrary code execution exploit was specifically employed against Moscow-based “Polyclinic No. 2” of the Administrative Directorate of…
