Posts

Showing posts from December, 2018

D3c3mb3r hackers exploit ThinkPHP flaw to hack thousands of Chinese websites

Image
  ThinkPHP flaw to hack thousands of Chinese websites A hacker group named D3c3mb3r has been found exploiting the vulnerability in the wild. Another hacker group was also found exploiting the vulnerability to infect servers with the Miori malware. A bug in the ThinkPHP framework has left over 45,000 websites open to a barrage of attacks. Hackers have been exploiting the bug to gain access to web servers. A hacker group named D3c3mb3r has been found exploiting the vulnerability in the wild. Another hacker group was also found exploiting the vulnerability to infect servers with the Miori malware. According to the attacks began after a Chinese cybersecurity firm, VulnSpy, posted a proof-of-concept (PoC) of the exploit for ThinkPHP on ExploitDB - a popular website that hosts free exploit code. The PoC points out that by exploiting the vulnerability, attackers could execute malicious code on the underlying server. "The PoC was published on December 11, and we saw internet-wide scans le...

Thousands of Jenkins servers will let anonymous users become admins

Image
  Two vulnerabilities discovered and patched over the summer expose Jenkins servers to mass exploitation. Thousands, if not more, Jenkins servers are vulnerable to data theft, takeover, and cryptocurrency mining attacks. This is because hackers can exploit two vulnerabilities to gain admin rights or log in using invalid credentials on these servers. Both vulnerabilities were discovered by security researchers from CyberArk , were privately reported to the Jenkins team, and received fixes over the summer. But despite patches for both issues, there are still thousands of Jenkins servers available online Jenkins  is a web application for  continuous integration  built in Java that allows development teams to run automated tests and commands on code repositories based on test results, and even automate the process of deploying new code to production servers. Jenkins is a popular component in many companies' IT infrastructure and these servers are very popular with both f...

Microsoft Edge: What went wrong, what's next

Image
  Microsoft's grand browser experiment flopped in the marketplace, so the company is turning to an unlikely successor: the open-source Chromium project. Can it succeed where EdgeHTML failed? Microsoft today confirmed the rumors that have been swirling all week. As part of a sweeping change to one of the flagship components of Windows 10, it will rebuild its Microsoft Edge browser from the ground up, ripping out its proprietary EdgeHTML rendering engine and replacing it with the open-source Chromium code base. Yes,  that  Chromium. The same one that's at the heart of archrival Google's Chrome browser. Mary Jo Foley has the details here:  "Microsoft's Edge to morph into a Chromium-based, cross-platform browser." It's an extraordinary capitulation from Microsoft, which has spent nearly four years and a staggering amount of engineering effort on a quixotic campaign to convince Windows 10 users to ditch their current browser in favor of Microsoft Edge. That eff...

More Than 100,000 PCs in China Infected by New Ransomware Strain

Image
  A new ransomware strain successfully infected more than 100,000 personal computers in China over a period of just four days. According to a  report  from Velvet Security, the first samples of this ransomware broke out on 1 December after users installed multiple social media-themed apps including “Account Operation V3.1,” an app designed to help users manage multiple QQ accounts. The Chinese anti-virus firm subsequently monitored the threat over the next few days. By the evening of 4 December, firm had identified at least 100,000 infections by the yet-unnamed virus. A screenshot of the ransomware. (Source: ZDNet) This particular threat stands out for several reasons. First, it doesn’t just lock users’ computers and encrypt their files. It also comes with a component designed to steal victims’ login credentials for Chinese digit wallet services, personal  cloud  file hosting platforms, email providers and online shopping portals. Second, the ransomware doesn’t ...

Dell announces security breach due to unauthorised intruder

Image
Company says it detected an intrusion at the start of the month, but financial data was not exposed. US-based hardware giant Dell announced today a security breach that took place earlier this month, on November 9. Dell says it detected an unauthorized intruder (or intruders) "attempting to extract Dell.com customer information" from its systems, such as customer names, email addresses, and hashed passwords. The company didn't go into details about the complexity of the password hashing algorithm, but some of these --such as MD5-- can be broken within seconds to reveal the plaintext password. "Though it is possible some of this information was removed from Dell's network, our investigations found no conclusive evidence that any was extracted," Dell said today in a   press release . In a statement, Dell said it's still investigating the incident, but said the breach wasn't extensive, with the company's engineers detecting the...