Using a network of honeypots, researchers from McAfee examined the tools and tactics used by the Sodinokibi Ransomware (REvil) affiliates to infect their victims with ransomware and compromise other machines on the network.
Malicious plugins for WordPress websites are being used not just to maintain access on the compromised server but also to mine for cryptocurrency.
Researchers at website security company Sucuri noticed the number of malicious plugins increase over the past months. The components are clones of legitimate software, altered for nefarious purposes.
Normally, these fake plugins are used to give attackers access to the server even after the infection vector is removed. But they can include code for other purposes, too, such as encrypting content on a blog.
Attackers behind a new malicious campaign are using WAV audio files to hide and drop backdoors and Monero cryptominers on their targets’ systems as BlackBerry Cylance threat researchers discovered.
While various other malware peddlers were previously observed injecting payloads in JPEG or PNG image files [1, 2, 3] with the help of steganography, a well-known technique used to evade anti-malware detection, this is only the second time threat actors were seen abusing audio files for their malicious purposes.
Adobe has released security updates to resolve vulnerabilities that could allow attackers to gain unauthorized access, execute commands on vulnerable computers, or elevate their privileges.
Of particular concern are the 45 Critical vulnerabilities found in Adobe Acrobat and Reader. As both programs are widely used, and these vulnerabilities could allow attackers to execute code on a vulnerable machine, it is strongly advised that they are updated as soon as possible.
Symantec fixed an issue causing Blue Screens Of Death (BSOD) for customers running the company’s Endpoint Protection Client software on Windows versions ranging from Windows 7 to Windows 10 per reports.
According to users outlining the issue on Twitter, Reddit, and Symantec’s support forums [1, 2], their Windows devices were impacted by BSODs after applying the October 14 intrusion prevention system (IPS) definitions.
While Symantec did not provide official information regarding which Windows versions are impacted by this issue, customer reports say that at least Windows 7, Windows 8, and Windows 10 systems are affected [1, 2, 3], with tens if not thousands of machines experiencing BSODs according to other accounts.
New Intrusion Prevention signatures released
“When run LiveUpdate, Endpoint Protection Client gets a Blue Screen Of Death (BSOD) indicates IDSvix86.sys/IDSvia64.sys is the cause of the exception BAD_POOL_CALLER (c2) or KERNEL_MODE_HEAP_CORRUPTION (13A),” acknowledged Symantec in a support article earlier today.
“When BSOD happens, Intrusion Prevention signature version is 2019/10/14 r61,” also added the company.
Symantec later addressed this issue by releasing Intrusion Prevention signature version 2019/10/14 r62 which will be automatically applied when users will run LiveUpdate again.
Users who haven’t yet experienced any BSODs are advised to “rollback to an earlier known good content revision to prevent the BSOD situation,” following the step-by-step definition rollback procedure detailed here.
Customers who cannot apply the new signatures by running LiveUpdate on their systems can use the following workaround:
- Boot in Safe Mode and perform the following for x64 or x86 installations of SEP,
- Run sc config idsvia64 start= disabled or sc config idsviax86 start=disabled from cmd,
- Reboot in normal mode,
- Update the IPSdefs,
- Run sc config idsvia64 start= system or sc config idsviax86 start=system from cmd
Those who cannot grab the new definitions without a BSOD, can also grab the Network-Based Protection (IPS) update from here and install it offline.