Hack of DNA website exposes data from 92M accounts

Information Management Resources

MyHeritage received a message from a researcher who unearthed a file named 'myheritage' containing email addresses and encrypted passwords of nearly all of its users on a private server outside the company. Hacking Data security Cyber security Cyber attacks

B0r0nt0K ransomware demands $75,000 ransom to the victims

Security Affairs

The ransom encrypts all files and renames them by appending. rontok extension to the file names. According to the popular malware researcher Michael Gillespie , when the B0r0nt0K ransomware encrypts a file it will base64 the encrypted data.

A new Shamoon 3 sample uploaded to VirusTotal from France

Security Affairs

” In the attempt to deceive the victims, attackers used the internal file name “Baidu PC Faster” and the “Baidu WiFi Hotspot Setup” in the description of the file.

Sony Bravia Smart TVs affected by a critical vulnerability

Security Affairs

“This application handles file names incorrectly when the user uploads a media file. ” The third flaw directory-traversal vulnerability tracked as CVE-2018-16594 that relates to the way the Photo Sharing Plus app handles file names. The application handles file names incorrectly when receiving a user’s input file via uploading a URL. A attacker can upload an arbitrary file with a crafted file name (e.g.: /./)

Victims of Planetary Ransomware can decrypt their files for free

Security Affairs

Researchers at Emsisoft developed a decryptor for the Planetary Ransomware family that could allow victims to decrypt their files for free. The latest variant of the Planetary malware appends the.mira extension to the names of the encrypted files. The ransom note, named !!!READ_IT!!!

Malware researchers decrypted the Qrypter Payload

Security Affairs

This messages warned the users about imminent summons against them, inviting them to read the attached lawsuit, a not so innocent looking file named “ Avviso del tribunale.jar ”. The JAR file seems to be corrupted due to the absence of some classes. Encrypted file content.

Crooks use hidden directories of compromised HTTPS sites to deliver malware

Security Affairs

The following graph shows different types of threats that were distributed with this approach, the Shade ransomware was the most common one: Compromises websites delivering the Shade/Troldesh ransomware, included three types of files, namely HTML, ZIP, and EXE files masquerading as.jpg images.

CMS 111

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

Once the malware has infected a system drops two plain text files, one is a ransom note called “_FILES_ENCRYPTED_README.txt,” which gives information to the victim on what has happened and instruction to pay the ransom. The second text file named “_cr1ptt0r_support.txt”

Researcher disclosed a Windows zero-day for the third time in a few months

Security Affairs

The last Windows zero-day flaw disclosed by SandboxEscaper is an arbitrary file read vulnerability that could be exploited by a low-privileged user or a malicious program to read the content of any file on a Windows system.

The SLoad Powershell malspam is expanding to Italy

Security Affairs

A new malspam campaign hit Italy in this days, threat actors are spreading a new variant of a powerful downloader named sLoad. As usual, it comes as a zip file attached to an e-mail, this file contains two elements: A fake shortcut to directory (.lnk

Common File Storage Mistakes

Armstrong Archives

The following will discuss some of the most effective strategies that companies can implement to streamline their file storage processes. While seemingly simple in concept, the wrong type of file boxes has the potential to make the filing process more complicated than it should be.

The Long Run of Shade Ransomware

Security Affairs

The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. It contains a russian speaking JavaScript file named “«??? «??? «?????????» ??????????? ??????”,

STOP ransomware encrypts files and steals victim’s data

Security Affairs

“These tasks include showing a fake Windows Update screen, disabling Windows Defender, and blocking access to security sites by adding entries to Windows’s HOSTS file.” The post STOP ransomware encrypts files and steals victim’s data appeared first on Security Affairs.

Severe bug in LibreOffice and OpenOffice suites allows remote code execution

Security Affairs

The security researcher Alex Inführ discovered a severe remote code execution vulnerability in LibreOffice and Apache OpenOffice that could be exploited by tricking victims into opening an ODT (OpenDocument Text) file embedding an event embedded.

Events 107

Shared Drive Cleanup Success Story

The Texas Record

Over the years, staff had tried to maintain order by naming folders by the record type listed on the retention schedule, using idiosyncratic naming conventions, and attempting to create high level folders for staff to save their files in. Creation of README Files (PDF).

New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

Security Affairs

The new version of NRSMiner updates existing infections by downloading new modules and removing files and services installed by old previous versions. This malicious code first installs a service named snmpstorsrv , with snmpstorsrv.dll registered as servicedll.

How to Get and Set Up a Free Windows VM for Malware Analysis

Lenny Zeltser

Select “MSEdge on Win 10 (x64)” and pick the virtualization platform that matches the one you have: If using macOS, you might be unable to extract the zip file’s contents unless you download a file extractor such as The Unarchiver.

How to deliver malware using weaponized Microsoft Office docs embedding YouTube video

Security Affairs

“This attack is carried out by embedding a video inside a Word document, editing the XML file named document.xml, replacing the video link with a crafted payload created by the attacker which opens Internet Explorer Download Manager with the embedded code execution file” The experts created a proof-of-concept attack using a YouTube video link embedded in weaponized Microsoft Office documents.

Video 85

[SI-LAB] LockerGoga is the most active ransomware that focuses on targeting companies

Security Affairs

LockerGoga ransomware is a crypto-malware that loads the malicious file on the system from an infected email attachment. This ransomware’s name is based on the path used for compiling the source code into an executable that was discovered by MalwareHunterTeam.

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

The threat is only detected later when an MSI file (Windows installer) drops and execute the first infection stage of the malware. After the Excel document is opened (xls file), the content it displays will lure the user to execute malicious Excel 4.0 File name: Binary._D7D112F049BA1A655B5D9A1D0702DEE5

Epson ScanSmart Accounting Edition Software Now Available Across Scanner Portfolio

Document Imaging Report

Epson’s ScanSmart Software Accounting Edition 2 offers powerful productivity features such as automatic file naming, automatic receipt recognition with accurate OCR and easy integration with QuickBooks ® , TurboTax and Quicken. LONG BEACH, Calif. – 17, 2019 – Epson America, a leading provider of digital imaging solutions, today unveiled its updated ScanSmart Software 1 , now available with Epson’s ScanSmart Software Accounting Edition 2 upgrade for receipt scanning capabilities.

Sofacy APT group used a new tool in latest attacks, the Cannon

Security Affairs

Hackers used weaponized files named ‘crash list (Lion Air Boeing 737).docx’ Sofacy APT group (aka APT28 , Pawn Storm , Fancy Bear , Sednit , Tsar Team, and Strontium ) has a new weapon in its arsenal dubbed Cannon.

Tools 88

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

“These lure documents use titles with government , military, and diplomatic themes, and the file names are written in English or Cyrillic languages.

Experts warn of fake Adobe Flash update hiding a miner that works as a legitimate update

Security Affairs

” The fake Adobe Flash updates use file names starting with AdobeFlashPlayer that are hosted on cloud-based web servers that don’t belong to Adobe. One such example from December 2017 named free-mod-menu-download-ps3.exe also shows osdsoft[.]com

Recently fixed WinRAR bug actively exploited in the wild

Security Affairs

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The file associated with the fake Ariana Grande’s hit album is currently detected by a limited number of antivirus solutions.

Thousands of Mega account credentials leaked online, it is credential stuffing

Security Affairs

Thousands of account credentials associated with the popular file storage service Mega have been published online, The former NSA hacker Patrick Wardle, co-founder at Digita Security , discovered in June a text file containing over 15,500 usernames, passwords, and files names. Found file on VirusTotal w/ 15K+ Mega accounts (user names/passwords & users' file listings). File listings included files names describing child abuse content.

Guest Post - How important is digital document consistency?


Consistent document capture and file naming. Because automated scan workflows are predefined, capture parameters including output quality and output file formats can be consistent for a particular process, for example, scanned invoices may be in jpg whereas legal documents are PDFs. Another area that lends itself to mixed results is in file naming structure. Left to decide, users can create a variety of document naming formats that only make sense to them.

A flaw in MySQL could allow rogue servers to steal files from clients

Security Affairs

A rogue MySQL server could be used to steal files from clients due to a design flaw in the popular an open source relational database management system (RDBMS). The LOAD DATA statement can load a file located on the server, and if the LOCAL keyword is used in the request, on the client host.

SAA RMS bibliography completed in Zotero. for now!

The Schedule

Thousands of applications affected by a zero-day issue in jQuery File Upload plugin

Security Affairs

A security researcher discovered a zero-day vulnerability, tracked as CVE-2018-9206 , that affects older versions of the jQuery File Upload plugin since 2010. The jQuery File Upload is a jQuery widget “with multiple file selection, drag&drop support, progress bars, validation and preview images, audio and video.”. Cashdollar discovered two PHP files named upload.php and UploadHandler.php in the package’s source, which contained the file upload code.

Video 78

Emissary Panda updated its weapons for attacks in the past 2 years

Security Affairs

In all the cases, attackers deliver a WinRAR self-extracting (SFX) file that installs the SysUpdate stage 1 payload, that gains persistence and downloads and executes the second stage payload, SysUpdate Main.

Using Microsoft Powerpoint as Malware Dropper

Security Affairs

The downloaded file (wraeop.sct) represents a Javascript code reporting the Stage 2 of the infection process. The script downloads a file named: AZZI.exe and saves it by a new name: VRE1wEh9j0mvUATIN3AqW1HSNnyir8id.exe on a System temporary directory for running it.

“Collection #1” Data Breach Analysis – Part 1

Security Affairs

In fact, while years ago the most used passwords were about names, dates or simple patters such as “qwerty”, today we observe a significative increase in pattern complexity, but still too easy to be brute-forced. What are the domain names of the most leaked emails ?

Ransomware, Trojan and Miner together against “PIK-Group”

Security Affairs

When an unknown sender suggests me to click on a super wired url , dropping a ZIP file straight in my box, by saying it’s getting the next targeted attack on a huge company, well I kinda looking forward to it! So I clicked on the link (see IOC section) and I’ve downloaded a “pik.zip” file.

Hundreds of apps removed from Google Play store because were carrying Windows malware

Security Affairs

“Notably, the infected APK files do not pose any threat to Android devices, as these embedded Windows executable binaries can only run on Windows systems: they are inert and ineffective on the Android platform.” 15 apps were found containing both PE files inside.

LimeRAT spreads in the wild

Security Affairs

The whole infection chain was originated by a LNK file, a technique used by advanced attackers and APTs too, for this reason, we decided to have a deeper look into these malicious samples revealing another infamous abuse of open-source projects.

New PowerShell-based Backdoor points to MuddyWater

Security Affairs

Threat actors used PowerShell-based first stage backdoor named POWERSTATS, across the time the hackers changed tools and techniques. “These documents are named Raport.doc or Gizli Raport.doc (titles mean “Report” or “Secret Report” in Turkish) and maliyeraporti (Gizli Bilgisi).doc

Fixing Enterprise Wiki Page Titles and URLs in SharePoint 2013


There are a few things that bug me and other standards advocates out there, chief of which (for me) are the title and file name problems. Problem #1: Spaces in File Names The page title is used to create the page's name (i.e., file name).

Multiple threat actors are targeting Elasticsearch Clusters

Security Affairs

Then the script places its RSA key in the authorized_keys file. Another group of attackers exploits the same flaw to download a file named “ LinuxT ” from an HTTP file server that is a variant of the Spike Trojan targeting x86, MIPS and ARM architectures. Security researchers at Cisco Talos are warning of a spike in attacks on unsecured Elasticsearch clusters to drop cryptocurrency miners.

Apple removed the popular app Adware Doctor because steals user browsing history

Security Affairs

The expert discovered also that the gathered info was first stored in a password protected zip file named “history.zip”, then it would be uploaded to a remote server. It was eventually removed, but was replaced soon after by an identical app named Adware Doctor.”