Category: News

From welivesecurity.com

Although Microsoft issued a patch for the critical SMBGhost vulnerability in the Server Message Block (SMB) protocol back in March, over 100,000 machines remain susceptible to attacks exploiting the flaw. This wormable Remote Code Execution (RCE) vulnerability could allow black hats to spread malware across machines without any need for user interaction.

The severity of the bug affecting Windows 10 and Windows Server (versions 1903 and 1909) should have convinced everybody to patch their machines immediately. However, according to Jan Kopriva, who disclosed his findings on the SANS ISC Infosec Forums, that doesn’t seem to be the case.

“I’m unsure what method Shodan uses to determine whether a certain machine is vulnerable to SMBGhost, but if its detection mechanism is accurate, it would appear that there are still over 103 000 affected machines accessible from the internet. This would mean that a vulnerable machine hides behind approximately 8% of all IPs which have port 445 open,” Kopriva said.

Read more…

From thehackernews.com

Cybersecurity researchers have disclosed details about a new watering hole attack targeting the Korean diaspora that exploits vulnerabilities in web browsers such as Google Chrome and Internet Explorer to deploy malware for espionage purposes.

Dubbed “Operation Earth Kitsune” by Trend Micro, the campaign involves the use of SLUB (for SLack and githUB) malware and two new backdoors — dneSpy and agfSpy — to exfiltrate system information and gain additional control of the compromised machine.

Read more…

From 2-spyware.com

RegretLocker ransomware is a type of malware that encrypts all victims’ personal files with military-grade algorithms upon infecting users’ computer systems.^[1] After the encryption is complete, a ransom note usually appears in contaminated folders. In this case, a “HOW TO RESTORE FILES.txt” file can be found.

RegretLocker ransomware virus appends all non-system files with an extension .mouse. Infected files cannot be opened. The ransom note is very brief. The cybercriminals inform the victim that its files were encrypted, and if they want to retrieve the data, they should contact the perps via email at petro@ctemplar.com. Also, a unique hash is given to be provided upon contact. Further details, like ransom amount, would be delivered after contacting the cyberthieves. 

Read more…

From securityboulevard.com

We all know the COVID-19 pandemic forced organizations to rapidly accelerate their adoption of collaboration solutions. For organizations already using Office 365 or Microsoft 365, Microsoft Teams was a readily available answer to the remote workforce challenges IT departments faced as they shifted workers and workloads offsite.

But was the Teams explosion a blessing or a curse? Think about it: How much attention did most shops pay to governance and security planning during the initial transition? Or since? Your own organization’s experience might provide a clue: There simply wasn’t time.

Now that we’re more than half a year into the pandemic, it’s time to clean up the mess.

Read more…

From en.secnews.gr

The multinational energy company “Enel SpA” or “Enel Group” was attacked ransomware for the second time this year. This time, the attack was provoked by his gang Netwalker, which is asking the company now ransom $ 14 million for the key decryption but also not to leak many stolen terabytes data. Enel is one of the largest companies operating in the European energy sector, with over 60 million customers in 40 countries. As of August 10, it is ranked 87th in Fortune Global 500, recording revenues of approximately $ 90 billion in 2019.

Read more…

From 2-spyware.com

Szymekk ransomware is the threat that derives from the CobraLocker ransomware family. It’s a cryptovirus that, upon successful infection, encrypts users’ computer data, except non-system files, and demands for a ransom to receive a private decoding tool/key. After successful encryption of computer data, most ransomware places ransom notes as .txt files on the desktop and affected folders. Shymekk virus operates differently – it locks the computer screen and shows the ransom message in it. The message itself is very short. Cybercriminals^[1] just inform the victim that their device is encrypted and provide an email address (Cobra_Locker@protonmail.com), urging the users to contact them to receive further details. 

Read more…

From blog.malwarebytes.com

This post was authored by Jérôme Segura with contributions from Hossein Jazi, Hasherezade and Marcelo Rivero.

In recent weeks, we’ve observed a number of phishing attacks against universities worldwide which we attributed to the Silent Librarian APT group. On October 19, we identified a new phishing document targeting staff at the University of British Columbia (UBC) with a fake COVID-19 survey.

However, this attack and motives are different than the ones previously documented. The survey is a malicious Word document whose purpose is to download ransomware and extort victims to recover their encrypted files.

On discovery, we got in touch with UBC to report our findings. They were already aware of this phishing campaign and were kind enough to share more information with us about the incident. Ultimately, this attack was not successful due to the rapid response of the UBC cybersecurity team.

Read more…