Security News

Are you using Komodo’s Agama Wallet to store your KMD and BTC cryptocurrencies? Were your funds also un-authorisedly transferred overnight to a new address? If yes, don’t worry, it’s probably safe, and if you are lucky, you will get your funds back.

Komodo, a cryptocurrency project and developer of Agama wallet, adopted a surprisingly unique way to protect its customers’ funds.

The company hacked its customers and unauthorisedly transferred nearly 8 million KMD and 96 Bitcoins from their cryptocurrency wallets to a new address owned by the company.

Why? To secure funds of its customers from hackers.

This may sound weird, but it’s true.

Komodo recently learned about a malicious open source, third-party JavaScript library that the company was using in its Agama Wallet app.
Read more »

The Pacha Group is a threat actor discovered by Intezer and profiled in a blog post published on February 28, 2019. Dating back to September 2018 the Pacha Group has deployed undetected crypto-mining malware to infiltrate Linux servers and mine cryptocurrency without user permissions.

One of the more notable observations discerned by Intezer researchers was the remarkably aggressive behavior exhibited by the Pacha Group’s crypto-mining malware, named Linux.GreedyAntd, which was using a large number of techniques to disable or eliminate other miners on the servers.

Intezer researchers have discovered that the Pacha Group is now targeting cloud-based infrastructures, while identifying new, undetected variants of Linux.GreedyAntd which share significant amounts of code with previous variants. Like previous versions, the malware being used is mainly focused on cryptomining, this time with some updated operational mechanisms.

Read more »

Elastic, the company behind the most widely used enterprise search engine ElasticSearch and the Elastic Stack, today announced that it has decided to make core security features of the Elastic Stack free and accessible to all users.

ELK Stack or Elastic Stack is a collection of three powerful open source projects—Elasticsearch, Logstash, and Kibana—that many large and small companies are using to format, search, analyze, and visualize a large amount of data in real time.

In recent months, we have seen how thousands of instances of insecure, poorly configured Elasticsearch and Kibana servers had left millions of users sensitive data exposed on the Internet.

Since the free version of Elastic Stack by default does not have any authentication or authorization mechanism, many developers and administrators fail to properly implement important security features manually.
Read more »

Project Zero’s team mission is to “make zero-day hard”, i.e. to make it more costly to discover and exploit security vulnerabilities. They primarily achieve this by performing their own security research, but at times they also study external instances of zero-day exploits that were discovered “in the wild”. These cases provide an interesting glimpse into real-world attacker behavior and capabilities, in a way that nicely augments the insights we gain from our own research.
Today, they shared their tracking spreadsheet for publicly known cases of detected zero-day exploits, in the hope that this can be a useful community resource:

 

Spreadsheet link: 0day “In the Wild”
The data described in the spreadsheet is nothing new, but they think that collecting it together in one place is useful.
For example, it shows that:

Read more »

Emsisoft has released a decryptor for the MegaLocker and NamPoHyu ransomware that has been targeting exposed Samba servers. Victims can now use this decryptor to recover their files for free.

Last month we reported that the MegaLocker NamPoHyu Ransomware infections are targeting exposed Samba servers and encrypting their data remotely. At that time we stated that users should not pay the ransomware as a method to decrypt the files may have been discovered.

We are happy to announce that a decryptor is now available from Emsisoft that can decrypt victims of the MegaLocker and NamPoHyu for free.

Read more »