German researchers devised a method, dubbed SEVered, to defeat the security mechanisms Secure Encrypted Virtualization implemented by the AMD Epyc server microchips to automatically encrypt virtual machines in memory. The attack could allow them to exfiltrate data in plaintext from an encrypted guest via a hijacked hypervisor and simple HTTP requests to a web server running […]
Researchers from Avast the antivirus firm are investigating the discovery of pre-installed malware found in 141 low-cost Android devices in over 90 countries. Security experts from Antivirus firm Avast have discovered a new case of pre-installed malware on low-cost Android devices, crooks injected the malicious code in the firmware of 141 models. The operation is […]
Schneider Electric issued a security update for its EcoStruxure Machine Expert (aka SoMachine Basic) product that addresses a high severity vulnerability, tracked CVE-2018-7783, that could be exploited by a remote and unauthenticated attacker to obtain sensitive data. “SoMachine Basic suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and […]
Researchers from Pen Test Partners have conducted an analysis of Z-Wave wireless communications protocol used by millions of IoT devices and discovered that it is vulnerable to cyber attacks. The Z-Wave protocol is widely adopted for home automation, it leverages low-energy radio waves for wireless communications over distances of up to 100 meters (330 feet). The protocol is […]
As part of an engagement for one of our clients, we analyzed the patch for the recent Electron Windows Protocol handler RCE bug (CVE-2018-1000006) and identified a bypass. Under certain circumstances, this bypass leads to session hijacking and remote code execution. The vulnerability is triggered by simply visiting a web page through a browser. Electron apps designed to run […]
Moscow, May 24, 2018 â law enforcement, with support from Group-IB, has arrested a 32-year-old hacker, accused of stealing funds from Russian banks’ customers using Android mobile malware. At the height of their activity, victims reportedly lost between 1,500 to 8,000 dollars daily and levered cryptocurrency for laundering. Group-IBâs analysis reviewed the tools and techniques […]
An unknown hacker made over $18 Million worth of BTG (Bitcoin Gold) powering “double spend” attacks on the Bitcoin Gold cryptocurrency network. The attacks started on May 18, the attacker used a large number of servers that allowed him to take the control of the majority of the Bitcoin Gold’s network hashrate, an attack technique dubbed “51% […]
In the past weeks, many Mac users have been infected with a new strain of Monero miner, the infections confirm the rise of this kind of malware. According to researchers at Malwarebytes, many Mac users in the past weeks have been infected with a new strain of Monero miner. The owners of the infected Mac systems […]
The threat actor behind the Triton malware (aka Trisis, Xenotime, and HatMan) is now targeting organizations worldwide and safety systems. The attackers are expanding their targets and new variants are able to attacks also other than Schneider Electricâs Triconex systems. The malware was first spotted in December 2017 by researchers at FireEye that discovered that it was specifically designed to […]
The Justice Department announced an effort to disrupt the VPNFilter botnet of hundreds of thousands of infected home and office (SOHO) routers and other networked devices under the control of a Russia-linked APT group. Yesterday Talos and other security firm revealed the discovery of a huge botnet tracked as VPNFilter composed of more than 500,000 compromised routers and […]