Security News

PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time
2020-05-28 15:59

A Java-based ransomware known as PonyFinal has galloped onto the scene, targeting enterprise systems management servers as an initial infection vector. As for the infection routine, "The PonyFinal ransomware is delivered through an MSI file that contains two batch files and the ransomware payload," researchers explained.

Valak Loader Revamped to Rob Microsoft Exchange Servers
2020-05-28 13:54

Threat actors have revamped a popular malware loader into a stealthy infostealer that targets Microsoft Exchange servers to pilfer enterprise mailing information, passwords and enterprise certificates, researchers have found. Valak was first observed as a loader in 2019 but has now gone through "a series of dramatic changes, an evolution of over 30 different versions in less than six months," Cybereason Nocturnus researchers Eli Salem, Lior Rochberger and Assaf Dahan said in a report posted online Thursday.

DNS this week stands for Drowning Needed Services: Design flaw in name server system can be exploited to flood machines offline
2020-05-21 10:52

Dubbed NXNSAttack, the flaw [PDF] can be abused to pull off a classic amplification attack: you send a small amount of specially crafted data to a DNS server, which responds by sending a lot of data to a victim's server. The recursive server contacts your DNS server for your dot.com for that information.

DNS this week stands for Drowning Needed Services: Design flaw in name server system can be exploited to flood machines offline
2020-05-21 10:52

Dubbed NXNSAttack, the flaw [PDF] can be abused to pull off a classic amplification attack: you send a small amount of specially crafted data to a DNS server, which responds by sending a lot of data to a victim's server. The recursive server contacts your DNS server for your dot.com for that information.

Woman stalked by sandwich server via her COVID-19 contact tracing info
2020-05-14 12:52

Mayo? Mustard? Creep who takes your sandwich order plus the personal details you handed over for contact tracing? You may well ask how you do contact tracing without collecting people's PII. Countries have certainly asked, and they've found what will hopefully turn out to be an approach that leaves people's privacy intact.

Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability
2020-05-06 01:18

Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and DigiCert. In a separate development, the Salt vulnerability was used to hack into DigiCert certificate authority as well.

Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability
2020-05-06 01:18

Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and DigiCert. In a separate development, the Salt vulnerability was used to hack into DigiCert certificate authority as well.

GoDaddy hack: Miscreant goes AWOL with 28,000 users' SSH login creds after vandalizing server-side file
2020-05-05 16:15

Hosting biz GoDaddy has admitted a hacker tampered with an SSH file on its servers, leading to the theft of 28,000 users' SSH credentials. The intrusion, which took place last month, involved one or more malicious persons "Alter" an SSH file on GoDaddy's infrastructure, the US giant told The Register.

Firm's MDM Server Abused to Deliver Android Malware to 75% of Its Devices
2020-05-04 16:21

A threat actor managed to compromise more than 75% of the devices within a company by distributing their malware through a mobile device management server, Check Point reports. As part of the attack, cybercriminals were distributing a new variant of the Cerberus Android malware that was designed to collect large amounts of sensitive data and exfiltrate it to a remote command and control server.

Oracle: Unpatched Versions of WebLogic App Server Under Active Attack
2020-05-04 14:57

Oracle is urging customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack. Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications.