The infamous Ursnif malware is back at it again, according to ZLab Yoroi-Cybaze researchers who report that there was another wave of attacks from this virus recently. The malware made its first appearance in 2014 during the original Gozi source code leak, hence the malware is commonly known as Gozi ISFB.
According to reports, the Ursnif threat is one of the most active malwares with a presence that spans over a decade. It mostly operates in Italy, where it presents itself as something else in order to infiltrate several organizations. Most of the time, it’s presented as a (more…)
The security of mobile devices is the top priority of many companies right now. It’s been building to this for some time now since many corporate workers handle sensitive data on their smartphones at all moments. Keeping this information from falling on the wrong hands is a must and the figures that get dragged down after a significant data leak always leave a company in the red. Just in 2018, the average cost of any form of corporate data breach represented a loss of $3.9 million for any corporation given the size of the leak, according to (more…)
If you’re looking for ways to dissect an Office Dropper, you’ve come to the right place. A number of users have been dealing with an Office Payload threat in the past week or so, so it’s only fitting that we provide you with a step-by-step process. This threat is often disguised in the form of an innocent-looking Microsoft Office document that’s part of a professionally-written MalSpam email.
This document usually comes with a neat “autoopen()” Macro which represents stage 1 of the delivery process. Dropper writers know the “autoopen()” Macro trick very well because it’s very common.
As soon as you open the document, your system will run Microsoft Office as usual, while the “autoopen()” function runs at the final stage as the first act of implementation. This is nothing new to malware specialists and as you’ll see below, the autopen() content trick is quite straightforward.
The “autoopen()” function jumpstarts a complicated “Resume Error” technique. This allows the script to avoid errors it comes across so that the execution can run uninterrupted. Basically, this means (more…)
Instagram is one of those social media platforms that almost everyone have account registered on nowadays. Since being acquired by Facebook nearly eight years ago, the social network has become a paradise of viral information used by everyone to make the rounds at every waking hour all over the world. Everyone shares something with the goal of going viral and being noticed by their peers, and unlike Twitter and Facebook, there is not a lot of drama going on. The bad news is that IG is being tested in their vulnerable spots again with a very unhealthy practice of stealing accounts using something called “The Nasty List” an Instagram login information stealer that is a headache to deal with.
The Nasty List – What You Need To Know
The Nasty List as an event started to be registered in the first days of May of the current year. It was brought to attention by a Reedit user nicknamed (more…)
A privilege escalation flaw has been discovered which could affect the online safety and privacy of LG laptop users. According to the online security expert who discovered the flaw, this loophole is relatively easy for hackers to take advantage of.
Security expert and researcher Jackson T. found the flaw while analyzing the LG Device Manager system and in doing so was able to track the flaw as CVE-2019-8372. At the time, Jackson was merely evaluating the LG Device Manager’s low-level hardware access (more…)
0patch experts recently came out with a micropatch designed to mitigate a previously unidentified zero-day loophole in Adobe Reader. According to experts, this vulnerability can be abused by cyber criminals by hiding malware inside corrupt PDF files.
These documents would then transfer the target’s NTLM hash to the attacker through a SMB request. All of this can be done remotely which would make detection practically impossible.
The vulnerability was identified and reported by Alex Inführ, a security expert who also published a proof-of-concept and technical details of the problem. According to the report, the XML Form Architecture (XFA) structure was instrumental in crafting the attack. XFA is an integral part of PDF documents and it’s what (more…)
Thanks to the good folks at Trend Micro, we now know that there’s a new form of malware in town. Actually, it’s a new type of an existing MacOS malware that enters stealth mode by camouflaging itself as a Windows file so that it can infiltrate devices without detection.
The malware is unable to execute on a Windows machine because it’s carried by a familiar .EXE file that’ easy for Windows to rebuff.
The security experts behind the discovery say they found the malware hiding inside the Little Snitch installer which is a well-known firewall, and network monitor. The researchers downloaded the .ZIP files from different torrent websites.
We all know that trying to run an .EXE file on a Linux or Mac processor is a futile exercise because it will only (more…)
Intel users beware! Hackers have now discovered a new method to hide malware inside the security Intel SGX enclaves. Usually, the Intel Software Guard eXtensions (SGX) is a technology that’s used by app developers as a security measure against unwanted data modification or disclosure.
Intel SGX also allows developers to execute application code through a secret enclave.
Expert researchers have created a new technique that enables them to introduce malicious code in a protected memory area, which makes it nearly impossible to detect.
Ideally, enclaves should be protected from higher privilege processes, including BIOS, kernel, SMM and even the operating system.
According to reports, Facebook has just paid a $25,000 reward to a white hat hacker who found a critical cross-site request forgery (CSRF). If you’re wondering what warranted this payday, you need to know the implications of CSRF to realize that this was a big discovery.
According to Facebook, if the CSRF continued operating without detection it would have made user accounts vulnerable to hackings of the worst kind.
All an attacker needed to do was send requests loaded with CSRF tokens to random Facebook endpoints. That would have allowed them to access user accounts and do with them as they pleased. But, the attacker would have to trick their victim into clicking on a link first, which can be done through the facebook.com/comet/dialog_DONOTUSE/ loophole. This weak spot would also enable the attacker to easily bypass CSRF protections, giving them full (more…)
Unusual software which was ultra popular last few months amongst Instagram users who’s accounts got hacked, stolen or password forgotten got sealed this Friday by official Instagram security representatives. The tool got its cracking algorithm patched by Instagram’s automatic anti-hacking system after their database got hit by a massive hacking attack of thousands login attempts per second.
Results showed that all IP addressed of attackers came from Russia. And by unbelievable speed of login attacks which was impossible achieve for a human, there was no doubt it’s about a brute-force type of cracking attack. This type of hacking is performed by a special coded software which works together with a text file with thousands of rows of possible passwords users may use for their accounts. It automatically tries each of these password at login page of entered website. In this case Instagram. Software is running all the time until a right matching password is found.
To achieve this successfully, hacker needs to posses a high speed processor inside their PC, and sometimes this (more…)