Alerts

Someone hacked the official website of the Monero cryptocurrency project and quietly replaced legitimate Linux and Windows binaries available for download with malicious versions designed to steal funds from users’ wallets.

The latest supply-chain cyberattack was revealed on Monday after a Monero user spotted that the cryptographic hash for binaries he downloaded from the official site didn’t match the hashes listed on it.

Following an immediate investigation, the Monero team today also confirmed that its website, GetMonero.com, was indeed compromised, potentially affecting users who downloaded the CLI wallet between Monday 18th 2:30 am UTC and 4:30 pm UTC.

At this moment, it’s unclear how attackers managed to compromise the Monero website and how many users have been affected and lost their digital funds.

According to an analysis of the malicious binaries done by security researcher BartBlaze, attackers modified legitimate binaries to inject a few new functions in the software that executes after a user opens or creates a new wallet.

Read more »

Linux users running the enterprise-search platform Solr are potentially vulnerable to remote code execution attack.

A bug impacting the Linux enterprise-search platform called Apache Solr has been revised from low to high-severity after researchers discovered a new remote code execution exploit. The warning comes from Tenable, which is reporting that the newly-identified default configuration vulnerability could allow attackers to remotely execute code on affected hardware.

The vulnerability (CVE-2019-12409) was first reported in July and patched in August. “Originally, the issue surfaced as being a low severity warning where anyone with access to the Java Management Extensions (JMX) port would be able to access monitoring data exposed over JMX,” said Scott Caveza, research engineering manager at Tenable.

Since the bug was initially discovered, researchers have reevaluated the threat and escalated its severity to high-risk.

Read more »

A new keylogger called Phoenix that started selling on hacking forums over the summer has now been linked to more than 10,000 infections, researchers from Cybereason said today in a report.

Released in July on HackForums, the Phoenix Keylogger is a new threat that has slowly gained a following on the malware scene.

New malware distribution campaigns are being spotted every few weeks, according to threat intelligence shared on Twitter.

Read more »

Two critical security vulnerabilities discovered in Oracle’s E-Business Suite (EBS) could allow potential attackers to take full control over a company’s entire enterprise resource planning (ERP) solution.

“Over 21,000 global organizations use Oracle EBS for financial management, customer relationship management (CRM), supply chain management (SCM), human capital management (HCM), logistics, procurement and more,” according to Onapsis Research Labs.

Onapsis reported the issues to the Oracle Security Response Team in December 2018 and helped fix the vulnerabilities, with patches released as part of Oracle’s April 2019 Critical Patch Update Advisory.

Read more »