Security Affairs Archives - Page 954 of 1047

Pierluigi Paganini June 05, 2018

The author of the Sigrun Ransomware decrypts Russian victims’ files for free

The author of the Sigrun Ransomware is providing the decryption key to Russian victims for free, others have to pay a ransom of $2,500 worth of Bitcoin or Dash for the victims. We have reported several cases where Russian malware authors avoid infecting computers in their country, but the case we are going to discuss is […]

Pierluigi Paganini June 05, 2018

Over 115,000 Drupal Sites still vulnerable to Drupalgeddon2, a gift to crooks

Two months after the release of the security updates for the drupalgeddon2 flaw, experts continue to see vulnerable websites running on flawed versions of Drupal that hasn’t installed security patches. In March, the Drupal developers Jasper Mattsson discovered a “highly critical” vulnerability, tracked as CVE-2018-7600, aka drupalgeddon2, affecting Drupal 7 and 8 versions. Both Drupal 8.3.x and 8.4.x are […]

Pierluigi Paganini June 04, 2018

NYT: Facebook APIs gave device makers deep access to user data. FB disagrees

Facebook APIs granted access to the data belonging to FB users to more than 60 device makers, including Amazon, Apple, Microsoft, Blackberry, and Samsung so that they could implement Facebook messaging functions. After the Cambridge Analytica privacy scandal, Facebook is now facing new problems because it is accused of sharing user data with over 60 […]

Pierluigi Paganini June 04, 2018

Updated: Microsoft reportedly acquires the GitHub popular code repository hosting service

Microsoft has reportedly acquired the popular code repository hosting service GitHub, but at the time of writing there is no news about how much Microsoft paid for the platform. Microsoft has reportedly acquired the popular code repository hosting service GitHub. GitHub was last valued at $2 billion in 2015, but at the time of writing […]

Pierluigi Paganini June 04, 2018

Thousands of organizations leak sensitive data via misconfigured Google Groups

Security experts reported widespread Google Groups misconfiguration exposes sensitive information. Administrators of organizations using Google Groups and G Suite must review their configuration to avoid the leakage of internal information. Security researchers from Kenna Security have recently discovered that 31 percent of 9,600 organizations analyzed is leaking sensitive e-mail information. The list of affected entities also includes […]

Pierluigi Paganini June 04, 2018

North Korea-Linked Covellite APT group stopped targeting organizations in the U.S.

A North Korea-linked APT group, tracked by experts at industrial cybersecurity firm Dragos as Covellite, has stopped targeting US organizations. Anyway, the group, that is believed to be linked to the notorious Lazarus APT group, is continuing to target organizations in Europe and East Asia. The group has been around at least since 2017 and is still active, […]

Pierluigi Paganini June 03, 2018

Imperva’s research shows 75% of open Redis servers are infected

According to the security experts at Imperva firm, three open Redis servers out of four are infected with malware. The discovery is the result of analysis conducted by running Redis-based honeypot servers for some months. Since their initial report on the RedisWannaMine attack that propagates through open Redis and Windows servers, the experts from Imperva have discovered a new […]

Pierluigi Paganini June 03, 2018

Crooks included the code for CVE-2018-8174 IE Zero-Day in the RIG Exploit Kit

Cyber criminals recently added the code for the CVE-2018-8174 Internet Explorer zero-day vulnerability to the infamous RIG exploit kit. Crooks recently added the code for an Internet Explorer zero-day vulnerability to the infamous RIG exploit kit. The Internet Explorer zero-day vulnerability, tracked as CVE-2018-8174, was first discovered a few weeks ago, it affects VBScript implemented in Internet Explorer and Microsoft […]

Pierluigi Paganini June 02, 2018

Flaws in Multidots WordPress Plugins expose e-Commerce websites to a broad range of attacks

Researchers at ThreatPress firm discovered security vulnerabilities in ten WordPress plugins developed by Multidots, a company for e-commerce websites. The vulnerable plugins are available on theWordPress.org and implement a set of features for WooCommerce installations that allow admins to manage their online shops, nearly 20,000 WordPress installs currently use them. “Recently our research team found serious security […]

Pierluigi Paganini June 02, 2018

Experts believe the botmaster of the VPNFilter is attempting to resume the botnet

Experts from security firms GreyNoise Intelligence and JASK believe that the threat actor behind the VPNFilter is now attempting to resume the botnet with a new wave of infections. A week ago security experts and law enforcement bodies reported the existence of a huge Russia-linked botnet tracked as VPNFilter. The botnet infected over 500,000 routers and […]