0patch experts recently came out with a micropatch designed to mitigate a previously unidentified zero-day loophole in Adobe Reader. According to experts, this vulnerability can be abused by cyber criminals by hiding malware inside corrupt PDF files.
These documents would then transfer the target’s NTLM hash to the attacker through a SMB request. All of this can be done remotely which would make detection practically impossible.
The vulnerability was identified and reported by Alex Inführ, a security expert who also published a proof-of-concept and technical details of the problem. According to the report, the XML Form Architecture (XFA) structure was instrumental in crafting the attack. XFA is an integral part of PDF documents and it’s what (more…)
Thanks to the good folks at Trend Micro, we now know that there’s a new form of malware in town. Actually, it’s a new type of an existing MacOS malware that enters stealth mode by camouflaging itself as a Windows file so that it can infiltrate devices without detection.
The malware is unable to execute on a Windows machine because it’s carried by a familiar .EXE file that’ easy for Windows to rebuff.
The security experts behind the discovery say they found the malware hiding inside the Little Snitch installer which is a well-known firewall, and network monitor. The researchers downloaded the .ZIP files from different torrent websites.
We all know that trying to run an .EXE file on a Linux or Mac processor is a futile exercise because it will only (more…)
Intel users beware! Hackers have now discovered a new method to hide malware inside the security Intel SGX enclaves. Usually, the Intel Software Guard eXtensions (SGX) is a technology that’s used by app developers as a security measure against unwanted data modification or disclosure.
Intel SGX also allows developers to execute application code through a secret enclave.
Expert researchers have created a new technique that enables them to introduce malicious code in a protected memory area, which makes it nearly impossible to detect.
Ideally, enclaves should be protected from higher privilege processes, including BIOS, kernel, SMM and even the operating system.
The team of experts that discovered this vulnerability is the same one that found (more…)
According to reports, Facebook has just paid a $25,000 reward to a white hat hacker who found a critical cross-site request forgery (CSRF). If you’re wondering what warranted this payday, you need to know the implications of CSRF to realize that this was a big discovery.
According to Facebook, if the CSRF continued operating without detection it would have made user accounts vulnerable to hackings of the worst kind.
All an attacker needed to do was send requests loaded with CSRF tokens to random Facebook endpoints. That would have allowed them to access user accounts and do with them as they pleased. But, the attacker would have to trick their victim into clicking on a link first, which can be done through the facebook.com/comet/dialog_DONOTUSE/ loophole. This weak spot would also enable the attacker to easily bypass CSRF protections, giving them full (more…)
Unusual software which was ultra popular last few months amongst Instagram users who’s accounts got hacked, stolen or password forgotten got sealed this Friday by official Instagram security representatives. The tool got its cracking algorithm patched by Instagram’s automatic anti-hacking system after their database got hit by a massive hacking attack of thousands login attempts per second.
Results showed that all IP addressed of attackers came from Russia. And by unbelievable speed of login attacks which was impossible achieve for a human, there was no doubt it’s about a brute-force type of cracking attack. This type of hacking is performed by a special coded software which works together with a text file with thousands of rows of possible passwords users may use for their accounts. It automatically tries each of these password at login page of entered website. In this case Instagram. Software is running all the time until a right matching password is found.
To achieve this successfully, hacker needs to posses a high speed processor inside their PC, and sometimes this (more…)
One of the financial sector’s most enduring nemeses is back at it again. According to recent reports, the infamous TrickBot banking Trojan is making a major return and bankers should be aware. It now operates as a new type which has the ability to grab credentials remotely through a dedicated module.
The TrickBot’s updated data-grabbing mode is what enables it to harvest private credentials and data from a remote desktop. Hackers are using spam emails to spread this latest strain in what’s possibly the oldest scam in the digital data-grabbing book.
Users are warned to look out for one email in particular, which the scammers are using as a front to spread the virus. The email appears to come from Deloitte, a well-known financial services company, and at face value, it looks like a (more…)
You can never be too careful when browsing the web nowadays, with data scams being so prevalent and all. We have to be extra vigilant and constantly careful with the way we share online data because you never know how or where the hackers are lurking.
One way to protect your information is to use different passwords for your various online accounts. It’s important to make sure that those passwords are strong and unpredictable as well, or else you might open yourself up to possible fraud.
How Google is Helping
Google is doing its part to keep user data protected online. The tech giant has developed a technology that will alert users whenever there’s a potential risk to data security.
To achieve this goal, Google recently announced the introduction of an extension that will activate a visual prompt whenever it sees you using a “weak or “unsafe” username and password. That way, it gives you the chance to change your password before scammers can use it to hack you.
This is known as the Password Checkup Chrome extension. Users can (more…)
According to reports, a team of Nocturnus researchers at Cyber reason recently discovered an Astaroth Trojan campaign with the ability to abuse GAS Tecnologia and the Avast security software. The hackers use this weak point to plant malicious modules and steal user information.
The main aim of the campaign is to access user information and it does that by taking advantage of legitimate operating system processes. Once it breaches the machine’s security, the campaign is able to steal confidential credentials and clipboard usage as well as important keystate information.
The Cofense security firm was the first to identify the (more…)