Ειδοποιήσεις

A vulnerability exists in certain implementations of Bluetooth 4.0 through 5.0 which allows an attacker to overwrite or lower the strength of the pairing key, giving them access to authenticated services.

The bug was discovered independently by two teams of academic researchers and received the name BLURtooth. It affects “dual-mode” Bluetooth devices, like modern smartphones.

Read more »

Using standard tactics, the operators of ProLock ransomware were able to deploy a large number of attacks over the past six months, averaging close to one target every day.

Following a failed start in late 2019, under the name PwndLocker, due to a crypto bug that allowed unlocking the files for free, the operators rebooted the operation with fixing the flaw and renaming the malware to ProLock.

From the beginning, the threat actor aimed high, targeting enterprise networks and demanding ransoms between $175,000 to more than $660,000.

A fresh start in March under the ProLock label also meant increased activity and larger ransoms. Since then, the average figure swelled to $1.8 million, indicates incident response data from cybersecurity company Group-IB. Read more »

The French national cyber-security agency today published an alert warning of a surge in Emotet attacks targeting the private sector and public administration entities throughout the country.

French public administration has three sub-sectors: central public administrations (APUC), local government (LUFA), and social security administrations (ASSO).

Emotet, originally a run-of-the-mill banking Trojan first spotted in 2014, is now a malware botnet used by a threat group tracked as TA542 and Mummy Spider.

The malware is used by the threat actors to drop other malware families including the Trickbot (a known vector used to deploy Ryuk and Conti ransomware payloads) and the QakBot trojans on infected systems.

Read more »

Hackers are actively exploiting a critical remote code execution vulnerability allowing unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable File Manager plugin versions.

On the morning of September 1st, Seravo’s on-call security officer Ville Korhonen was the first to discover the flaw and the fact that threat actors were already attempting to exploit it in attacks designed to upload malicious PHP files onto vulnerable websites.

Within hours after Korhonen spotted the attacks and reported the vulnerability to the plugin’s developer, File Manager‘s devs patched the severe flaw with the release of versions 6.9.

The File Manager plugin is currently installed on more than 700,000 WordPress sites and the vulnerability impacts all versions between 6.0 and 6.8.

Read more »

Threat researchers discovered a new malware family that is fully focused on getting as much cryptocurrency as possible from its victims. For this purpose, it steals wallets, hijacks transactions, and starts mining on infected machines.

Named KryptoCibule, the malware has managed to stay under the radar for almost two years, extending its functionality with each new version.

Read more »