Security Affairs

APRIL 14, 2020

Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including three Windows issues that have been exploited in attacks in the wild. Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including two remote code execution flaws in Windows that are actively exploited. Pierluigi Paganini.

Libraries 99

Libraries Authentication Security Risk 99

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. ” reads the analysis published by Cybereason. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the report.

Financial Services 109

Financial Services Libraries Encryption Authentication 109

Security Affairs

JULY 13, 2019

The best news of the week with Security Affairs. Backdoor mechanism found in Ruby strong_password library. Spotting RATs: Delphi wrapper makes the analysis harder. UK ICO fines British Airways £183 Million under GDPR over 2018 security breach. Prototype Pollution flaw discovered in all versions of Lodash Library.

Security 51

Security Libraries Data breaches Ransomware 51

Security Affairs

OCTOBER 6, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of a surge of Emotet attacks that have targeted multiple state and local governments in the U.S. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. since August. Pierluigi Paganini.

Government 133

Government Libraries Cybersecurity Phishing 133

Security Affairs

SEPTEMBER 24, 2020

” reads the analysis published by CheckPoint. The vulnerability ties on how Instagram uses third-party libraries for image processing, in particular, the open-source JPEG decoder Mozjpeg. “Our blog post describes how image parsing code, as a third party library, ends up being the weakest point of Instagram’s large system.

Access 117

Access Libraries Communications IT 117

Security Affairs

JUNE 9, 2019

Automated teller machine vendor Diebold Nixdorf has released security updates to address a remote code execution vulnerability in older ATMs. Diebold Nixdorf discovered a remote code execution vulnerability in older ATMs and is urging its customers in installing security updates it has released to address the flaw. Pierluigi Paganini.

Libraries 94

Libraries Communications Financial Services Risk 94

Security Affairs

AUGUST 10, 2018

Security researchers at Intezer and McAfee have conducted a joint investigation that allowed them to collect evidence that links malware families attributed to North Korean APT groups such as the notorious Lazarus Group and Group 123. ” reads the analysis published by the experts. ” states the report. Pierluigi Paganini.

Libraries 46

Libraries Ransomware Security Access 46

Security Affairs

FEBRUARY 21, 2019

Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR. The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. dll library in 2005.

Libraries 98

Libraries Archiving Security IT 98

Security Affairs

NOVEMBER 3, 2020

Google released Chrome 86.0.4240.183 for Windows, Mac, and Linux to fix 10 security vulnerabilities, including an RCE zero-day exploited in the wild. The zero-day flaw was discovered on October 29, 2020 by Google white-hat hacker Samuel Groß of Google Project Zero and Clement Lecigne of Google’s Threat Analysis Group.

Libraries 108

Libraries Security IT Access 108

Security Affairs

FEBRUARY 15, 2019

Security experts at Symantec have discovered eight potentially unwanted applications (PUAs) into the Microsoft Store that were dropping cryptojacking Coinhive miners. The malicious Monero (XMR) Coinhive cryptomining scripts were delivered leveraging the Google’s legitimate Google Tag Manager (GTM) library. Pierluigi Paganini.

Mining 92

Mining Libraries Analytics Security 92

Security Affairs

FEBRUARY 22, 2020

The infamous Joker malware has found a way to bypass the security checks to be published in the official Play Store, new clicker was found by experts. ” reads the analysis published by CheckPoint. ” continues the analysis. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries 133

Libraries Communications IT Security 133

Security Affairs

AUGUST 27, 2019

Security experts from Kaspersky spotted a malware in the free version of the popular PDF creator application CamScanner app. The module was hidden in a 3rd-party advertising library that the author of the app recently was introduced. ” reads the analysis published by Kaspersky.

IT 101

IT Libraries Encryption Security 101

Security Affairs

MARCH 3, 2020

The Kimsuky APT group has been analyzed by several security teams. Technical Analysis. The “ AutoUpdate.dll” library then gains persistence by setting the following registry key “ HKCUSoftwareMicrosoftWindowsCurrentVersionRunOnceWindowsDefender ”. Table 2: AutoUpdate.dll Information.

IT 130

IT File names Libraries Communications 130

Security Affairs

MARCH 28, 2020

dll (file version 3.5.15.20) library that doesn’t properly validate user-supplied data sent to the web server URL endpoint. ” reads the analysis published by Tenable. 0xffffffff) via a WEB_CLIENT_OPENCONNECTION message sent to the CmpWebServerHandlerV3 component: |foo|-1|true|” continues the analysis.

Libraries 120

Libraries Communications IT Security 120

Security Affairs

APRIL 3, 2019

Security researchers at Cylance discovered that the OceanLotus APT (also known as APT32 or Cobalt Kitty , group is using a loader leveraging steganography to deliver a version of Denes backdoor and an updated version of Remy backdoor. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Libraries 77

Libraries Encryption Communications Manufacturing 77

Security Affairs

NOVEMBER 10, 2019

The best news of the week with Security Affairs. Exclusive – Analysis of the sample that hit the Kudankulam Nuclear Power Plant. A flaw in the Libarchive library impacts major Linux distros. Specially Crafted ZIP archives allow bypassing secure email gateways. A new round of the weekly newsletter arrived!

Security 43

Security Ransomware Libraries Archiving 43

Security Affairs

AUGUST 25, 2019

The best news of the week with Security Affairs. Malware Analysis Sandboxes could expose sensitive data of your organization. A backdoor mechanism found in tens of Ruby libraries. Hackers are scanning the web for vulnerable Fortinet, Pulse Secure Products installs. A new round of the weekly newsletter arrived!

Security 50

Security Mining Data breaches Libraries 50

Security Affairs

APRIL 16, 2019

Cyber security firm FireEye announced the release of FLASHMINGO, a new open source tool designed to automate the analysis of Adobe Flash files. FireEye released FLASHMINGO , a new open source tool designed to automate the analysis of Adobe Flash files. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .”

Libraries 81

Libraries Security IT 81

Security Affairs

MAY 11, 2019

” reads the analysis published by Cisco Talos. SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” The flaw, tracked as CVE-2019-5018 affects SQLite 3.26.0,

Libraries 101

Libraries Security IT 101

Security Affairs

OCTOBER 11, 2019

Security researchers at SafeBreach have discovered that the HP Touchpoint Analytics service is affected by a serious flaw tracked as CVE-2019-6333. “The Open Hardware Monitor library provides a signed kernel driver named “WinRing0,” which is extracted and installed during runtime.” medium severity). Pierluigi Paganini.

Analytics 79

Analytics Libraries Security Access 79

Security Affairs

SEPTEMBER 12, 2018

Security experts from Trend Micro have spotted a new strain of ransomware involved in attacks in July and August, the malicious code was posing as the Locky ransomware. ” reads hte analysis published by Trend Micro. exe will drop malware components — several C++ and Python libraries and the Python 2.7 Pierluigi Paganini.

Ransomware 88

Ransomware Libraries Encryption Archiving 88

Security Affairs

NOVEMBER 24, 2019

The analysis of the logs for sale in the underground community allowed the experts to estimate that Raccoon infected over 100,000 users worldwide at the time of its discovery. ” reads the analysis published by Cofense. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries 83

Libraries Sales Phishing Security 83

Security Affairs

DECEMBER 2, 2019

Experts discovered several DLL hijacking flaws in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application. The first issue in Kaspersky Secure Connection (KSDE) VPN client, tracked as CVE-2019-15689, could be exploited by an attacker to implant and run an arbitrary unsigned executable. .

Libraries 67

Libraries Authentication Security IT 67

Security Affairs

MAY 20, 2019

Security researchers from Chronicle, Alphabet’s cyber-security division, have spotted a Linux variant of the Winnti backdoor. Security experts from Chronicle, the Alphabet’s cyber-security division, have discovered a Linux variant of the Winnti backdoor. ” reads the analysis published by Chronicle.

Healthcare 98

Healthcare Communications Libraries Access 98

Security Affairs

MAY 9, 2020

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. ” reads the analysis published by the researchers. “Both Mac and Linux variants use the WolfSSL library for SSL communications. ” continues the report.

Libraries 86

Libraries Communications Encryption Authentication 86

Security Affairs

NOVEMBER 5, 2020

Dynamic-link library (DLL) side-loading takes advantage of how Microsoft Windows applications handle DLL files. ” reads the analysis published by Sophos. ” continues the analysis. . ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

File names 109

File names Encryption Libraries IT 109

Security Affairs

MARCH 6, 2019

The vulnerability was discovered late February by Clement Lecigne, a security researcher at the Google Threat Analysis Group. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” reads the security advisory published by Google. Pierluigi Paganini.

Libraries 111

Libraries Security Access 111

Security Affairs

MAY 12, 2020

IBM security researcher continues to monitor the evolution of the infamous Zeus Sphinx banking Trojan (aka Zloader or Terdot ) that receives frequent updates and that was involved in active coronavirus scams. . ” reads the analysis published by IBM. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries 96

Libraries Sales Government IT 96

Security Affairs

MAY 5, 2020

Recently, the OpenSSL Project released a security update for OpenSSL that patches a high-severity vulnerability, tracked as CVE-2020-1967 , that can be exploited by attackers to launch denial-of-service (DoS) attacks. The security duo Matt Caswell and Benjamin Kaduk performed additional analyses. This issue did not affect OpenSSL 1.0.2

Libraries 104

Libraries Cybersecurity Security IT 104

Security Affairs

NOVEMBER 21, 2019

Security experts discovered a new peer-to-peer (P2P) botnet dubbed Roboto that is targeting Linux servers running unpatched Webmin installs. ” reads the analysis published by 360 Netlab. One of the addresses disguised the Bot sample as a Google font library “ roboto. ” reads the analysis.

Honeypots 81

Honeypots Systems administration Passwords IoT 81

Security Affairs

JANUARY 13, 2020

A group of anonymous security researchers that calls itself Intrusion Truth have tracked the activity of a China-linked cyber – e spionage group dubbed APT40. The companies were all involved in the recruiting of hackers with offensive security skills. Hainan Xiandun even appears to operate from the Hainan University Library!”

Libraries 86

Libraries Information Security Military Government 86

Security Affairs

MAY 10, 2020

Researchers at security firm Red Canary uncovered a Monero cryptocurrency-mining campaign, tracked as Blue Mockingbird, that exploits the CVE-2019-18935 vulnerability in web applications built on the ASP.NET framework. Researchers also included Indicators of Compromise (IoCs) in the analysis they have published. Pierluigi Paganini.

Mining 85

Mining Libraries Access Encryption 85

Security Affairs

JUNE 2, 2019

. “To confound detection, its operators recently started using PowerShell scripts that provide direct, in- memory loading and execution of malware executables and libraries. The PowerShell scripts used by Turla in recent attacks allow direct, in-memory loading and execution of malicious executables and libraries avoiding detection.

Libraries 100

Libraries Cloud Security Cybersecurity 100

Security Affairs

SEPTEMBER 12, 2019

This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” ” reads the analysis published by Secureworks. The landing page appears to be identical or quite similar to the spoofed library resource. and Switzerland.

Phishing 80

Phishing Libraries File names Metadata 80

Security Affairs

DECEMBER 9, 2019

PathAuditor has been released by the tech giant as open-source, the company plans to continue to contribute to the development of the tools and with this move aims at involving the security community to improve it. PathAuditor is a shared library that can be loaded into processes using LD_PRELOAD. . Pierluigi Paganini.

Access 72

Access Libraries Security IT 72

Security Affairs

FEBRUARY 1, 2019

Security experts at Cybaze – Yoroi ZLab have analyzed a new sample of the AdvisorsBot malware, a downloader that was first spotted in August 2018. Technical analysis. The analysis of this binary is reported in the next paragraph (see “DLL Analysis”). DLL Analysis. Figure 11 – Static analysis on DLL.

Libraries 87

Libraries Phishing Security IT 87

Security Affairs

APRIL 23, 2020

A security expert uncovered an old APT operation, tracked Nazar, by analyzing the NSA hacking tools included in the dump leaked by Shadow Brokers in 2017. The analysis of the submissions times in VirusTotal for the artifacts employed in the Nazar campaign allowed the expert to date the campaign between 2010 and 2013.

Libraries 106

Libraries Cybersecurity Access IT 106