Alerts

Cybersecurity researchers have released an updated version of GandCrab ransomware decryption tool that could allow millions of affected users to unlock their encrypted files for free without paying a ransom to the cybercriminals.

GandCrab is one of the most prolific families of ransomware to date that has infected over 1.5 million computers since it first emerged in January 2018.

Created by BitDefender, the new GandCrab decryption tool [download] can now unlock files encrypted by the latest versions of the ransomware, from 5.0 to 5.2, as well as for the older GandCrab ransomware versions.

As part of the “No More Ransom” Project, BitDefender works in partnership with the FBI, Europol, London Police, and several other law enforcement agencies across the globe to help ransomware affected users.

Read more »

If you use the Firefox web browser, you need to update it right now.  Mozilla earlier today released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browsing software that hackers have been found exploiting in the wild.

Discovered and reported by Samuel Groß, a cybersecurity researcher at Google Project Zero, the vulnerability could allow attackers to remotely execute arbitrary code on machines running vulnerable Firefox versions and take full control of them.

Read more »

Researchers monitoring malware that affects Android devices discovered malicious apps that can steal one-time passwords (OTP) from the notification system. This development bypasses Google’s ban on apps that access SMS and call logs without justification.

Google enforced the restriction earlier this year specifically to lower the risk of sensitive permissions where they are not necessary. In theory, this also translated into stronger protection for two-factor authentication (2FA) codes delivered via the short message service.

Cybercriminals found a way around this limitation and instead tap into the notifications to obtain the sensitive information. This method also opens up the door to getting short-lived access codes that are delivered via email.

Read more »

A new phishing campaign is underway that pretends to be an alert from your email server that it has received an encrypted message for you. It then prompts you to login to a fake OneDrive site in order to read the message.

As phishing campaigns are getting easier to spot, scammers are coming up with new and more interesting ideas to trick people into entering their email credentials.

An example of this is a new campaign that uses the subject line of “Encrypted Message Received” and pretends to be a notice from your mail server stating that you need to login to read an encrypted message.

Read more »

A widespread campaign is exploiting a vulnerability in the Exim mail transport agent (MTA) to gain remote command-execution on victims’ Linux systems. Researchers say that currently more than 3.5 million servers are at risk from the attacks, which are using a wormable exploit.

Specifically under attack is a flaw in Exim-based mail servers, which run almost 57 percent of the internet’s email servers. Attackers are exploiting the flaw, discovered last week, to take control of the victim machines, search the internet for other machines to infect, and to initiate a cryptominer infection.

Exim mail servers are open-source MTAs, which essentially receive, route and deliver email messages from local users and remote hosts. Exim is the default MTA included on some Linux systems.

 

Read more »