Ειδοποιήσεις

Freepik says that hackers were able to steal emails and password hashes for 8.3M Freepik and Flaticon users in an SQL injection attack against the company’s Flaticon website.

Freepik is the company behind Freepik (one of the largest online graphic resources sites in the world) and  Flaticon (an icon database platform) totaling 18 million monthly unique users, 50 million monthly views, and 100 million monthly downloads

The threat actors behind the Freepik security breach were able to steal the oldest 8.3M users’ emails and password hashes, where available.

“To clarify, the hash of the password is not the password, and can not be used to log into your account,” Freepik added.

Read more »

Low-skilled hackers likely from Iran have joined the ransomware business targeting companies in Russia, India, China, and Japan. They are going after easy hits, using publicly available tools in their activity.

The new group is deploying Dharma ransomware. Based on forensic artifacts, this is a non-sophisticated, financially-motivated gang that is new to cybercrime.

Read more »

The group has added a management console and a USB worming function to its main malware, Crimson RAT.

The APT group Transparent Tribe is mounting an ongoing cyber-espionage campaign, researchers said, which is aimed at military and diplomatic targets around the world. The effort features a worm that can propagate from machine to machine while stealing files from USB removable drives.

Transparent Tribe (a.k.a. ProjectM and Mythic Leopard), is a prolific group that has been active [PDF] since at least 2013, specializing in widespread spy-craft. In the latest campaign, Kaspersky has observed spearphishing emails going out with malicious Microsoft Office documents containing a custom remote-access trojan (RAT) called Crimson. So far, researchers have found 1,093 targets across 27 countries, with the most-affected being Afghanistan, Germany, India, Iran and Pakistan.

Read more »

Microsoft has issued an emergency out of band Windows security update designed to address privilege escalation bugs found to impact the Windows Remote Access service.

“An out of band security update has been released for Windows 8.1 and Windows Server 2012 R2,” Microsoft says. “We recommend that you install these updates promptly.”

The KB4578013 security update fixes two Windows Remote Access elevation of privilege vulnerabilities affecting all supported versions of Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2.

The security issues tracked as CVE-2020-1530 and CVE-2020-1537 could allow attackers to gain elevated privileges after successful exploitation. For the vulnerabilities to be exploited, attackers would first need to code execution privileges on victims’ devices to run a specially crafted application. KB4578013 addresses the vulnerabilities by correcting how Windows Remote Access handles memory and file operations.

Read more »