Ειδοποιήσεις

Microsoft today released an updated version of its “Outlook for Android” that patches an important security vulnerability in the popular email app that is currently being used over 100 million users.

According to an advisory, Outlook app with versions before 3.0.88 for Android contains a stored cross-site scripting vulnerability (CVE-2019-1105) in the way the app parses incoming email messages.

If exploited, remote attackers can execute malicious in-app client-side code on the targeted devices just by sending them emails with a specially crafted message.

Read more »

A couple of bugs in some versions of Samba software can help an attacker crash key processes on the network in charge of accessing directory, application, and server services.

The two vulnerabilities can be leveraged separately to crash the LDAP (Lightweight Directory Access Protocol) and the RPC (remote procedural call) server processes in Samba Active Directory Domain Controller, supported since version 4.0 of the software.

Read more »

A new variant of the Ryuk Ransomware has been discovered that adds IP address and computer blacklisting so that matching computers will not be encrypted.

This new sample was discovered yesterday by MalwareHunterTeam, who saw that it was signed by a digital certificate. After this sample was examined by security researcher Vitali Kremez, it was discovered that a few changes were made to this variant that was not seen in previous samples.

Kremez found that with this new variant, the ransomware will check the output of arp -a for particular IP address strings, and if they are found, will not encrypt the computer.

Read more »

Researchers discovered a new JavaScript-based and modular downloader Trojan camouflaged and distributed to targets in the form of game cheats via websites owned by its developers.

The malware was discovered by Yandex which subsequently sent it over to Doctor Web’s research team for further analysis together with additional info on how the Trojan sample was distributed. The researchers were able to find that the Trojan — dubbed MonsterInstall — uses Node.js to execute itself on the victims’ machines.

“When users attempt to download a cheat they download a password-protected 7zip archive to their computers. Inside there is an executable file; which upon launch, will download the requested cheats alongside other trojan’s components,” says Doctor Web.

Read more »

Cybersecurity researchers have released an updated version of GandCrab ransomware decryption tool that could allow millions of affected users to unlock their encrypted files for free without paying a ransom to the cybercriminals.

GandCrab is one of the most prolific families of ransomware to date that has infected over 1.5 million computers since it first emerged in January 2018.

Created by BitDefender, the new GandCrab decryption tool [download] can now unlock files encrypted by the latest versions of the ransomware, from 5.0 to 5.2, as well as for the older GandCrab ransomware versions.

As part of the “No More Ransom” Project, BitDefender works in partnership with the FBI, Europol, London Police, and several other law enforcement agencies across the globe to help ransomware affected users.

Read more »