Syrian victims of the GandCrab ransomware can decrypt their files for free

The developers of the GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum. The authors of the infamous GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum. The crooks decided to release the decryption keys after a Syrian Twitter user published a harrowing message asking […]

The post Syrian victims of the GandCrab ransomware can decrypt their files for free appeared first on Security Affairs.

CSE-News / 19 Ott 2018

Thousands of applications affected by a zero-day issue in jQuery File Upload plugin

A security researcher discovered a zero-day vulnerability, tracked as CVE-2018-9206, that affects older versions of the jQuery File Upload plugin since 2010. Attackers can exploit the vulnerability to carry out several malicious activities, including defacement, exfiltration, and malware infection. The flaw was reported by the Akamai researcher Larry Cashdollar, he explained that many other packages that include […]

The post Thousands of applications affected by a zero-day issue in jQuery File Upload plugin appeared first on Security Affairs.

CSE-News / 19 Ott 2018

Drupal dev team fixed Remote Code Execution flaws in the popular CMS

The Drupal development team has patched several vulnerabilities in version 7 and 8 of the popular CMS, including RCE flaws. The development team of the Drupal content management system addressed several vulnerabilities in version 7 and 8, including some flaws that could be exploited for remote code execution. Drupal team fixed a critical vulnerability that resides in […]

The post Drupal dev team fixed Remote Code Execution flaws in the popular CMS appeared first on Security Affairs.

CSE-News / 18 Ott 2018

Splunk addressed several vulnerabilities in Enterprise and Light products

Splunk recently addressed several vulnerabilities in Enterprise and Light products, some of them have been rated “high severity.” Splunk Enterprise solution allows organizations to aggregate, search, analyze, and visualize data from various sources that are critical to business operations. The Splunk Light is a comprehensive solution for small IT environments that automates log analysis and integrate […]

The post Splunk addressed several vulnerabilities in Enterprise and Light products appeared first on Security Affairs.

CSE-News / 18 Ott 2018

Attackers behind Operation Oceansalt reuse code from Chinese Comment Crew

Security researchers from McAfee have recently uncovered a cyber espionage campaign, tracked as Operation Oceansalt, targeting South Korea, the United States, and Canada. The threat actors behind Operation Oceansalt are reusing malware previously associated with China-linked cyberespionage group APT1. “McAfee Advanced Threat Research and Anti-Malware Operations teams have discovered another unknown data reconnaissance implant targeting Korean-speaking users.” reads the report. “We […]

The post Attackers behind Operation Oceansalt reuse code from Chinese Comment Crew appeared first on Security Affairs.

CSE-News / 18 Ott 2018

GreyEnergy cyberespionage group targets Poland and Ukraine

Security researchers from ESET published a detailed analysis of a recently discovered cyber espionage group tracked as GreyEnergy. Security experts from ESET published a detailed analysis of a recently discovered threat actor tracked as GreyEnergy, its activity emerged in concurrence with BlackEnergy operations. ESET researchers have spotted a new strain of malware tracked as Exaramel […]

The post GreyEnergy cyberespionage group targets Poland and Ukraine appeared first on Security Affairs.

CSE-News / 17 Ott 2018

Group-IB: 14 cyber attacks on crypto exchanges resulted in a loss of $882 million

Group-IB has estimated that crypto exchanges suffered a total loss of $882 million due to targeted attacks between 2017 and 2018. Group-IB, an international company that specializes in preventing cyber attacks,has estimated that cryptocurrency exchanges suffered a total loss of $882 million due to targeted attacks in 2017 and in the first three quarters of 2018. According to Group-IB experts, […]

The post Group-IB: 14 cyber attacks on crypto exchanges resulted in a loss of $882 million appeared first on Security Affairs.

CSE-News / 17 Ott 2018

The author of the LuminosityLink RAT sentenced to 30 Months in Prison

The author of the infamous LuminosityLink RAT, Colton Grubbs (21), was sentenced to 30 months in federal prison. Colton Grubbs, 21, of Stanford, Kentucky, the author of the infamous LuminosityLink RAT, was sentenced to 30 months in federal prison, In February, the Europol’s European Cybercrime Centre (EC3) along with the UK National Crime Agency (NCA) disclosed the […]

The post The author of the LuminosityLink RAT sentenced to 30 Months in Prison appeared first on Security Affairs.

CSE-News / 17 Ott 2018

Chaining three critical vulnerabilities allows takeover of D-Link routers

Researchers from the Silesian University of Technology in Poland discovered several flaws that could be exploited to take over some D-Link routers. A group of researchers from the Silesian University of Technology in Poland has discovered three vulnerabilities in some models of D-Link routers that could be chained to take full control over the devices. The […]

The post Chaining three critical vulnerabilities allows takeover of D-Link routers appeared first on Security Affairs.

CSE-News / 17 Ott 2018

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Yoroi security firm uncovered a targeted attack against one of the most important companies in the Italian Naval Industry leveraging MartyMcFly Malware. Today I’d like to share an interesting analysis of a Targeted Attack found and dissected by Yoroi (technical details are available here). The victim was one of the most important leaders in the field of security and defensive military […]

The post MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry appeared first on Security Affairs.

CSE-News / 16 Ott 2018