Posts

D3c3mb3r hackers exploit ThinkPHP flaw to hack thousands of Chinese websites

Image
  ThinkPHP flaw to hack thousands of Chinese websites A hacker group named D3c3mb3r has been found exploiting the vulnerability in the wild. Another hacker group was also found exploiting the vulnerability to infect servers with the Miori malware. A bug in the ThinkPHP framework has left over 45,000 websites open to a barrage of attacks. Hackers have been exploiting the bug to gain access to web servers. A hacker group named D3c3mb3r has been found exploiting the vulnerability in the wild. Another hacker group was also found exploiting the vulnerability to infect servers with the Miori malware. According to the attacks began after a Chinese cybersecurity firm, VulnSpy, posted a proof-of-concept (PoC) of the exploit for ThinkPHP on ExploitDB - a popular website that hosts free exploit code. The PoC points out that by exploiting the vulnerability, attackers could execute malicious code on the underlying server. "The PoC was published on December 11, and we saw internet-wide scans le...

Thousands of Jenkins servers will let anonymous users become admins

Image
  Two vulnerabilities discovered and patched over the summer expose Jenkins servers to mass exploitation. Thousands, if not more, Jenkins servers are vulnerable to data theft, takeover, and cryptocurrency mining attacks. This is because hackers can exploit two vulnerabilities to gain admin rights or log in using invalid credentials on these servers. Both vulnerabilities were discovered by security researchers from CyberArk , were privately reported to the Jenkins team, and received fixes over the summer. But despite patches for both issues, there are still thousands of Jenkins servers available online Jenkins  is a web application for  continuous integration  built in Java that allows development teams to run automated tests and commands on code repositories based on test results, and even automate the process of deploying new code to production servers. Jenkins is a popular component in many companies' IT infrastructure and these servers are very popular with both f...

Microsoft Edge: What went wrong, what's next

Image
  Microsoft's grand browser experiment flopped in the marketplace, so the company is turning to an unlikely successor: the open-source Chromium project. Can it succeed where EdgeHTML failed? Microsoft today confirmed the rumors that have been swirling all week. As part of a sweeping change to one of the flagship components of Windows 10, it will rebuild its Microsoft Edge browser from the ground up, ripping out its proprietary EdgeHTML rendering engine and replacing it with the open-source Chromium code base. Yes,  that  Chromium. The same one that's at the heart of archrival Google's Chrome browser. Mary Jo Foley has the details here:  "Microsoft's Edge to morph into a Chromium-based, cross-platform browser." It's an extraordinary capitulation from Microsoft, which has spent nearly four years and a staggering amount of engineering effort on a quixotic campaign to convince Windows 10 users to ditch their current browser in favor of Microsoft Edge. That eff...

More Than 100,000 PCs in China Infected by New Ransomware Strain

Image
  A new ransomware strain successfully infected more than 100,000 personal computers in China over a period of just four days. According to a  report  from Velvet Security, the first samples of this ransomware broke out on 1 December after users installed multiple social media-themed apps including “Account Operation V3.1,” an app designed to help users manage multiple QQ accounts. The Chinese anti-virus firm subsequently monitored the threat over the next few days. By the evening of 4 December, firm had identified at least 100,000 infections by the yet-unnamed virus. A screenshot of the ransomware. (Source: ZDNet) This particular threat stands out for several reasons. First, it doesn’t just lock users’ computers and encrypt their files. It also comes with a component designed to steal victims’ login credentials for Chinese digit wallet services, personal  cloud  file hosting platforms, email providers and online shopping portals. Second, the ransomware doesn’t ...

Dell announces security breach due to unauthorised intruder

Image
Company says it detected an intrusion at the start of the month, but financial data was not exposed. US-based hardware giant Dell announced today a security breach that took place earlier this month, on November 9. Dell says it detected an unauthorized intruder (or intruders) "attempting to extract Dell.com customer information" from its systems, such as customer names, email addresses, and hashed passwords. The company didn't go into details about the complexity of the password hashing algorithm, but some of these --such as MD5-- can be broken within seconds to reveal the plaintext password. "Though it is possible some of this information was removed from Dell's network, our investigations found no conclusive evidence that any was extracted," Dell said today in a   press release . In a statement, Dell said it's still investigating the incident, but said the breach wasn't extensive, with the company's engineers detecting the...

New Linux crypto-miner steals your root password and disables your antivirus

Image
Trojan also installs a rootkit and another strain of malware that can execute DDoS attacks. Malware targeting Linux users may not be as widespread as the strains targeting the Windows ecosystem, but Linux malware is becoming just as complex and multi-functional as time passes by. The latest example of this trend is a new trojan discovered this month by Russian antivirus maker Dr.Web. This new malware strain doesn't have a distinctive name, yet, being only tracked under its generic detection name of Linux.BtcMine.174. But despite the generic name, the trojan is a little bit more complex than most Linux malware, mainly because of the plethora of malicious features it includes. The trojan itself is a giant shell script of over 1,000 lines of code. This script is the first file executed on an infected Linux system. The first thing this script does is to find a folder on disk to which it has write permissions so it can copy itself and later use to download other modules. O...

Workday customers starting to run on AWS Cloud

Image
Workday said the early batch of customers running its finance and HR software on AWS represents a milestone. Workday is beginning to scale customers who are running the company's finance and human resources software on Amazon Web Services. While multiple software providers such as Infor, Salesforce and SAP have customers running their products on AWS, Workday's move to the public cloud is relatively new. Workday said customers running its software on AWS "signals a milestone" and broadens the company's reach. At Workday Rising Europe, the company highlighted Twitch and Fresche Solutions as customers running Workday applications on top of AWS. The company added that Workday Financial Management and Human Capital Management is available to enterprises based in the U.S. and Canada. Workday will extend AWS support to Germany in the first half of 2019 and expand to other geographies. Workday said running on AWS gives it more freedom to choose how and wh...

The Samsung foldable phone is here and will be in customer hands shortly

Image
A tantalizing glimpse was all Samsung gave. It was still enough to make one ponder. He just   pulled it out of his inside jacket pocket , as if this was just another little thing he carried around with him all the time. And there it was. What is the core excitement here? The sheer relief that it's possible to have a phone that folds? Well, what, exactly? A   camouflaged phone   created to show off Samsung's Infinity Flex Display, the fancy wording for the company's new foldable phone. Samsung's SVP of Mobile Product Marketing, Justin Denison, was effusive at yesterday's Samsung Developer Conference. He used creative phrases such as "taking it to the next level" and "big milestone." He insisted he was "honored" to reveal this whole new generation of smartphones.And then he held the phone up and unfolded it. At least one gasp was heard. "When it's open, it's a tablet offering a big screen experience,...

Intel CPUs impacted by new PortSmash vulnerability

Image
Vulnerability confirmed on Skylake and Kaby Lake CPU series. Researchers suspect AMD processors are also impacted. Intel processors are impacted by a new vulnerability that can allow attackers to leak encrypted data from the CPU's internal processes. The new vulnerability, which has received the codename of PortSmash, has been discovered by a team of five academics from the Tampere University of Technology in Finland and Technical University of Havana, Cuba. Researchers have classified PortSmash as a  side-channel attack . In computer security terms, a side-channel attack describes a technique used for leaking encrypted data from a computer's memory or CPU, which works by recording and analyzing discrepancies in operation times, power consumption, electromagnetic leaks, or even sound to gain additional info that may help break encryption algorithms and recovering the CPU's processed data. Researchers say PortSmash impacts all CPUs that use a  Simultaneous Mu...

Oracle acquires DataFox, brings AI-based company data management to cloud apps

Image
DataFox uses artificial intelligence to help clients gain an up-to-date view of customer accounts and organizations. Oracle   has announced plans to acquire data management and AI solutions provider DataFox. Financial details were not disclosed. Founded in 2013, San Francisco, CA-based   DataFox   is the developer of an artificial intelligence (AI)-based engine which automatically locates and pulls the most current information available on public and private businesses. The engine currently manages the information of over 2.8 million companies, with 1.2 million being added on an annual basis. Customers, including Goldman Sachs, Bain & Company and Twilio, use the platform for account management, lead generation, and to keep customer-relationship management (CRM) solutions current. On Monday,   Oracle said   the acquisition will merge DataFox technologies with Oracle Cloud Applications, giving customers an "extensive set of trusted company-level ...