Cyberattacks leveraging the Windows Server Message Block exploit known as EternalBlue have reportedly reached historically high levels over the last few months, even though the vulnerability it affects was patched by Microsoft more than two years ago. In a May 17 blog post, ESET security evangelist Ondrej Kubovic said his company’s telemetry data has revealed…
Some of the U.S. government-linked exploit tools that were published online by the Shadow Brokers hacking group in 2016 and 2017 were actually employed by Chinese actors well before that infamous leak occurred, researchers say. In a blog post yesterday, Symantec reported that its threat research team discovered evidence that cyber espionage actor APT3, aka…
A remotely exploitable vulnerability in the Oracle WebLogic Server is currently the attack vector of choice for malicious actors to deliver a newly discovered ransomware called Sodinokibi. Sokinokibi encrypts data found in the user directory and leverages the Microsoft Windows vssadmin.exe utility to delete any “shadow copies” (created by default back-up mechanisms) in order to…
Malicious actors have been serving up GandCrab ransomware and a variant of AESDDoS Botnet malware by exploiting a recently patched vulnerability in two “Confluence” team collaboration products from Australia-based Atlassian. GandCrab is a malicious encryption program that first emerged in early 2018, while the AESDDoS variant is a more versatile program capable of remote code…
Researchers have discovered a previously unknown, file-based cryptominer worm that has been heavily targeting enterprises based in Asia. The researchers, from Symantec Corporation’s Security Response Attack Investigation Team, believe this latest threat perpetuates what they describe as a recent trend in cryptojacking: focusing on large business and organizations rather than consumers. Dubbed Beapy, the Python-based…
A malicious actor has been leveraging a Google Chrome browser exploit to deliver malvertisements to iOS users, including a campaign earlier this month during which 500 million user sessions were exposed to a session hijacking attack. Dubbed eGobbler by researchers at Confiant, the threat actor from April 6-10 ran a massive operation consisting of eight…
Exodus Intelligence security researcher István Kurucsai discovered and published a proof-of-concept of a vulnerability found in Google Chrome. Although the security flaw has been patched in Chrome’s version 8 JavaScript engine, a fix hasn’t been developed for Chrome version 73 leaving at least an estimated billion users at risk. Kurucsai pointed out that this situation…
Researchers from McAfee have observed more than 100 different exploits for a now-patched 19-year-old remote code execution vulnerability in the WinRAR compression tool ever since the path traversal bug was disclosed last month. One of the more unique exploit attempts to infect unpatched victims with malware using a bootlegged copy of Ariana Grande’s “Thank U,…
WordPress has released a security and maintenance patch which introduces 14 fixes and enhancements designed to help hosts prepare users for the minimum PHP version bump in version 5.2. In April 2019, WordPress will up the minimum PHP version requirement to be 5.6 and sites that remain on 5.5 or lower will still receive security…
Pinchy Spider and its affiliated cybergangs are reacting to attempts to decrypt and defend against their flagship malware GandCrab by altering how the ransomware is deployed and recruiting new members to broaden the gang’s cyberskills. New studies by Crowdstrike and SophosLabs show Pinchy Spider is turning toward a “Big Game Hunting” deployment model where the…
