I need your help. My website berlinlasers.com, which was hacked a few months ago, all malware have cleaned up yet. It is still in your blacklisted. Pls check and help me remove. Thanks in advance.
This new RAT is dropped to the victims via malicious Microsoft Office documents. The dropper, along with the Python RAT, attempts to gather information on the victim's machine and then uses multiple cloud services: Google Drive, Twitter, ImgBB and Google Forms. The RAT attempts to download additional payloads and upload the information gathered during the reconnaissance phase. This particular RAT attempts to target a very specific set of Arabic-speaking countries. The filtering is performed by checking the keyboard layout of the infected systems. Based on the analysed sample, JhoneRAT targets Saudi Arabia, Iraq, Egypt, Libya, Algeria, Morocco, Tunisia, Oman, Yemen, Syria, UAE, Kuwait, Bahrain and Lebanon.
What's new? The campaign shows an actor that developed a homemade RAT that works in multiple layers hosted on cloud providers. JhoneRAT is developed in Python but not based on public source code, as it is often the case for this type of malware. The attackers put great effort to carefully select the targets located in specific countries based on the victim's keyboard layout.
How did it work? Everything starts with a malicious document using a well-known vulnerability to download a malicious document hosted on the internet. For this campaign, the attacker chose to use a cloud provider (Google) with a good reputation to avoid URL blacklisting. The malware is divided into a couple of layers — each layer downloads a new payload on a cloud provider to get the final RAT developed in Python and that uses additional providers such as Twitter and ImgBB.
So what? This RAT is a good example of how a highly focused attack that tries to blend its network traffic into the crowd can be highly effective. In this campaign, focusing detection of the network is not the best approach. Instead, the detection must be based on the behaviour on the operating system. Attackers can abuse well-known cloud providers and abuse their reputations in order to avoid detection.
Serious vulnerabilities have recently come to light in three WordPress plugins that have been installed on a combined 400,000 websites, researchers said.
InfiniteWP, WP Time Capsule, and WP Database Reset are all affected. The highest-impact flaw is an authentication bypass vulnerability in the InfiniteWP Client, a plugin installed on more than 300,000 websites. It allows administrators to manage multiple websites from a single server. The flaw lets anyone log in to an administrative account with no credentials at all. From there, attackers can delete contents, add new accounts, and carry out a wide range of other malicious tasks.
People exploiting the vulnerability need only know the user name of a valid account and include a malicious payload in a POST request that's sent to a vulnerable site.
The TrickBot Trojan has received an update that adds a UAC bypass targeting the Windows 10 operating system so that it infects users without displaying any visible prompts.
A UAC bypass allows programs to be launched without displaying a User Account Control prompt that asks users to allow a program to run with administrative privileges.
Schuh, meanwhile, predicted the measure would be a success.I've criticized Google in the past for handwaving a hypothetical alternative to cookie blocking without teeth.
Now they're delivering teeth: a plan to kill tracking cookies in 2 years.
So I retract my criticism. Kudos to Google. This is a big deal.
Building a more private web: A path towards making third party cookies obsolete
— Ben Adida (@benadida) January 14, 2020
Proof-of-concept exploit code is now available for the Windows CryptoAPI spoofing vulnerability tracked as CVE-2020-0601 and reported by the National Security Agency (NSA), just two days after Microsoft released a patch.
The PoC exploits for the flaw now known as CurveBall (per security researcher Tal Be'ery) were publicly released during the last 24 hours by Swiss cybersecurity outfit Kudelski Security and ollypwn.
British hardware hacker Saleem Rashid also developed a CurveBall PoC exploit but only tweeted screenshots of his exploit code abusing CVE-2020-0601.
Remove: Mozilla lays off 70 employees to prepare for tough years ahead - gHacks Tech NewsA Techcrunch report suggests that Mozilla laid off at least 70 employees to better prepare for the challenges that it is facing in the coming years.
Mozilla, which is bests known for its Firefox web browser, depends to a very large degree on a deal with Google. Google pays Mozilla more than 90% of its revenue for being the default search engine in the Firefox web browser in most regions.
The deal is problematic for a number of reasons: first, because Google operates Chrome, the main contender in the browser market and dominating force at the time of writing, and second, because Google's business model, advertising, clashes with Mozilla's mission to strengthen privacy on the Internet.
Mozilla started to implement Tracking functionality in Firefox but the efforts don't go far enough for many users; probably the main factor that is preventing Mozilla from implementing better controls in Firefox is the organization's reliance on Google.
Encryption has "empowered criminals" as terrorists, human traffickers, and sexual predators shield their activities from police, Barr said in a speech in October. "As we work to secure our data and communications from hackers, we must recognize that our citizens face a far broader array of threats," he said. "While we should not hesitate to deploy encryption to protect ourselves from cybercriminals, this should not be done in a way that eviscerates society's ability to defend itself against other types of criminal threats."...
"We all want people to have the ability to communicate privately and safely, without harm or abuse from hackers, criminals, or repressive regimes," the letter said. "Every day, billions of people around the world use encrypted messages to stay in touch with their family and friends, run their small businesses, and advocate for important causes. In these messages, they share private information that they only want the person they message to see."
Many cybersecurity experts, however, have warned against the push for encryption back doors. ..."You're going to find a way to do this, or we're going to go do it for you," said Graham, a Republican from South Carolina. "We're not going to live in a world where a bunch of child abusers have a safe haven to practice their craft. Period. End of discussion."
It has been discovered that the network-targeting Ako ransomware is being distributed through malicious spam attachments that pretend to be a requested agreement.
Last week we reported on the Ako Ransomware and how it was targeting companies with the intent to encrypt their entire network. At the time, it was not known how it was being distributed and when we asked the ransomware operators they told us it was a "secret".
Since then, the ransomware identification site ID-Ransomware has seen an increasing amount of victims.
Upon becoming aware of the attack, we immediately shut down the source of the vulnerability,” P&N reveals.
The bank also says that, because its core banking system is completely isolated from the impacted system, the data breach did not cause the loss of customer funds, that credit card details were not accessed, and that banking passwords were not exposed.
P&N told customers it has already informed authorities on the incident. The bank says it has been working with West Australian Police Force (WAPOL), the involved hosting provider, expert advisers, and regulators on investigating the breach.
Microsoft released the January 2019 Office security updates, bundling a total of seven security updates and three cumulative updates for five different products, six of them patching flaws allowing remote code execution.
Redmond also released the January 2020 Patch Tuesday security updates, with security updates for 49 vulnerabilities, seven of them being classified as Critical and 41 as Important.
Unlike previous Patch Tuesday releases, Microsoft did not publicly disclose any vulnerabilities found to be actively exploited in the wild.
To download Microsoft Office security updates on your device, you have to click on the corresponding Knowledge Base article in the table below and then scroll down to the "How to download and install the update" section to grab the update packages for each product.
VirtualBox 6.1.2 (released January 14 2020)
This is a maintenance release. The following items were fixed and/or added:
- Virtualization core: fixed performance issue observed with Windows XP guests on AMD hosts (6.0.0 regression; bug #19152)
- Virtualization core: consistent IBRS/IBPB CPUID feature reporting, avoids crash of NetBSD 9.0 RC1 installer (bug #19146)
- GUI: fixed updating of runtime info
- GUI: in Display settings, do not show "2D video acceleration" checkbox if it is meaningless for the selected graphics adapter
- Audio: fixed audio input handling when VRDE is enabled
- Audio: fixed crash in the HDA emulation when using multi-speaker configurations
- Storage: fixed use of encrypted disks with snapshots involved (6.1.0 regression; bug #19160)
- Storage: improve performance of virtio-scsi
- Storage: read-only support for compressed clusters in QCOW2 images
- Windows installer: include unintentionally dropped vbox-img.exe utility again
- Windows host: when installing or removing an extension pack, retry the sometimes failing directory renaming (usually caused by anti-virus software accessing the directory)
- Linux host: Support Linux 5.5 (guest additions not yet)
- Windows guest: accelerate 2D video decoding (scaling and color space conversion) if the VM is configured to use VBoxSVGA with 3D enabled
- Windows guest: fix guest additions installer to upgrade the mouse filter driver reliably
- Windows guest: when uninstalling older Guest Additions with old 3D support enabled try restoring original Direct3D files
- Linux guest: improve resize and multi-monitor handling for VMs using VMSVGA (known remaining issue: do not disable a monitor "in the middle", causes confusion)
If the OpenVR benchmarks are anything to go by then we are looking at at least a 15% increase over NVIDIA's flagship: the RTX 2080 Ti.
A mysterious RX 5950XT was recently spotted getting EEC certification (Komachi via Videocardz) and considering we have seen leaks of a very powerful 'Big Navi' GPU already, is this the card we have been waiting for? Well, only time will tell, but in the meantime here are the details on the Radeon RX 5950 XT.
Adobe has released its monthly security updates that fix vulnerabilities in Adobe Experience Manager and Adobe Illustrator CC. All users are advised to install the applicable updates as soon as possible to resolve these vulnerabilities.
This is the first security update from Adobe in 2020 and surprisingly does not contain any fixes for Adobe Flash Manager, which is typically in the top spot when it comes to the number of vulnerabilities fixed.
There are, though, four vulnerabilities in Adobe Experience Manager and five in Adobe Illustrator CC, with the vulnerabilities in Illustrator being more critical as they can lead to arbitrary code execution.
The infamous blue screen of death (BSOD) on computers belonging to a company in the medical tech sector was the tell for a malware infection that spread across more than half the network.
The malware was hiding its modules in WAV audio files and spread to vulnerable Windows 7 machines on the network via EternalBlue, the exploit for SMBv1 used in the devastating WannaCry and NotPetya cyber attacks from 2017.
When it comes to protection against this insidious type of scam, the telcos’ authentication procedures leave a lot be desired, a study finds
Five major US wireless carriers – AT&T, T-Mobile, Verizon, Tracfone and US Mobile – are susceptible to SIM swap scams, a danger apparently looming large especially over prepaid accounts, a study by Princeton University researchers has found.
SIM swapping attacks, also known as port-out or SIM swap scams, have been a serious and growing problem of late, with its victims including Twitter CEO Jack Dorsey. It has previously been shown that attackers can, with relative ease, execute these attacks to commandeer control of people’s phone numbers. From there, they can break into the victims’ banking, social media and other accounts that use the same phone number for multi-factor authentication.
With the release of the January 2020 security updates, Microsoft has released fixes for 49 vulnerabilities. Of these vulnerabilities, 7 are classified as Critical, 41 as Important, and 1 as Moderate.
One of the 'Critical' vulnerabilities fixed today was discovered by the NSA and could allow attackers to spoof digital certificates or perform man-in-the-middle (MiTM) attacks.
... ... ...