Posts

Showing posts with the label #2019-Jun

New Silex malware is bricking IoT devices, has scary plans

Image
  Over 2,000 devices have been bricked in the span of a few hours. Attacks still ongoing. A new strain of malware is wiping the firmware of IoT devices in attacks reminiscent of the old BrickerBot malware that destroyed millions of devices back in 2017. Named Silex, this malware began operating earlier today, about three-four hours before this article's publication. The malware had bricked around 350 devices when this reporter began investigating its operations, and the number quickly spiked to 2,000 wiped devices by the time we published, an hour later. Attacks are still ongoing, and according to an interview with the malware's creator, they are about to intensify in the coming days. HOW THE SILEX MALWARE WORKS According to Akamai researcher  Larry Cashdollar , who  first spotted the malware earlier today , Silex works by trashing an IoT device's storage, dropping firewall rules, removing the network configuration, and then halting the device. It's as destructive as it...

Mozilla fixes second Firefox zero-day exploited in the wild

Image
  Two days after patching the first zero-day, Mozilla fixes a second one, used in the same attacks as the first. Mozilla has released a second security update this week to patch a second zero-day that was being exploited in the wild to attack Coinbase employees and other cryptocurrency organizations. Firefox 67.0.4 and Firefox ESR 60.7.2 are now available for Firefox users through the browser's built-in update mechanism. This second bug was used together with another one that Mozilla patched two days ago, through the release of Firefox 67.0.3 and Firefox ESR 60.7.1. THE TWO ZERO-DAYS The first one was described as a "remote code execution" vulnerability that allowed remote attackers to run malicious code inside Firefox's native process. The bug ( CVE-2019-11707 ) was discovered on April 15 by a Google Project Zero researcher and reported to Mozilla, who only patched it this week after the Coinbase security team reported attacks exploiting the vulnerability, together w...

Windows 10 Hit Repeatedly By Serious New Vulnerability

Image
  Windows 10  desperately   needed   changes  to its upgrade system and they are  finally rolling out . That said, they’re  not a magic bullet  and Microsoft has now warned users about an update which is going to be hit multiple times over the next few weeks, and before the company can do anything about it.  The threat comes from SandboxEscaper, a well-known  exploit broker , who has found multiple holes in Microsoft’s CVE-2019-0841 security update. Moreover, while Microsoft has posted a  warning  on June 7 and has attempted three fixes so far, SandboxEscaper has now released a fourth and promised to further exploits of it will follow. The result is Microsoft is left playing whack-a-mole and Windows 10 users should be vigilant. As reported by   security researcher Nabeel Ahmed  states  that SandboxEscaper has found a way to give anyone with access to a Windows 10 and Server 2019 machine permis...

Windows 10 security: Are ads in Microsoft's own apps pushing fake malware alerts?

Image
  Windows 10 users say they're being targeted by fraudsters through ads being delivered to Microsoft's apps. Windows 10 users are complaining of being targeted by fraudsters through in-app ads delivered through Microsoft's own software.  The fraudulent apps are being delivered through native Windows 10 applications like the Microsoft News app, according to Windows-focused site Ghacks.  Much like online ads promoting tech-support scams, the in-app ads are using bogus system alerts to warn users of non-existent security threats and other issues. The  example Ghacks noticed  claims that a PC is infected with multiple viruses and contains a warning that "personal and banking information is at risk". The ad then encourages users to click a 'Scan now' button, which likely leads to a phishing page or will download unwanted software.  Other scam ads appearing in Microsoft apps claim that the viewer of the ad has won a new iPhone while other ads ask users to pa...

Canva faced security breach, 139 million users data hacked

Image
Canva is a popular Sydney-based startup which offers a graphic design service. According to the hacker, who directly contacted, data of roughly 139 million users has been compromised during the breach. Responsible for the data breach is a hacker known as GnosticPlayers online. Since February this year, they have put up the data of 932 million users on sale, which are reportedly stolen from 44 companies around the world. “I download everything up to May 17,” the hacker said to news reports. “They detected my breach and closed their database server.” In a  statement on the Canva website , the company confirmed the attack and has notified the relevant authorities. They also tweeted about the data breach on 24th May as soon as they discovered the hack and recommended their users to change their passwords immediately. “At Canva, we are committed to protecting the data and privacy of all our users and believe in open, transparent communication that puts our communities’ needs first,” the...