] The Mad Hacker [

online
mad hacker

Collecting all the news about Cybersecurity, computer security, cracking, hacking, infosec, netsec, & security vunerabilities in one convenient place

Whitehat, greyhat, blackhat, tinker, tailor, solider, spy
We trawl the web so you don't have to
Since 2000

the mad hacker overlay

The Life of a Bad Security Fix

(Saturday January 25, 2020)
In this blog we follow the journey of another bad security fix that passed repeated apparent review and was backported to several LTS kernels.

Weekly Update 175

(Saturday January 25, 2020)
. I've had heaps of dramas in the past with recordings being lost and the first time I do a 3-person weekly update only 2 of them recorded (mine being the exception). I

No big deal, Rogers, your internal source code and keys are only on the open web. Don't hurry to take it down

(Saturday January 25, 2020)
'CLOSED SOURCE' BLUEPRINTS AVAILABLE FOR ALL TO GAWP AT – AND POTENTIALLY EXPLOIT By Shaun Nichols in San Francisco [/Author/Shaun-Nichols] 24 Jan 2020 at 01:12 13 [Reg comments] SHARE ▼ [reddit] [Twitter] [Facebook] [linkedin] [Canadian flag merging into a rack of servers] UPDATED Source code, internal user names and passwords, and private keys, for the website and online account systems of Canadian telecoms giant Rogers have been found sitting on the open internet. The...

Everything you should know about the CurveBall Bug

(Saturday January 25, 2020)
In this article, we have learned many things regarding “CurveBall” bug and some measures that we can take to avoid its occurrence.

The End of Breach Dark Days

(Saturday January 25, 2020)

Technical Report of the Bezos Phone Hack

(Friday January 24, 2020)
SEARCH blog essays whole site SUBSCRIBE Newsletter (Crypto-Gram)] [/crypto-gram-sub.html] TECHNICAL REPORT OF THE BEZOS PHONE HACK Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone, which is being attributed to Saudi Arabia, specifically to Crown Prince Mohammed bin Salman. The Motherboard article also quotes forensic experts on the report: Tags: Amazon hacking malware Saudi Arabia smartphones spyware Posted on January 24, 2020 at 8:34...

New Social Engineering Event to Train Business Pros on Human Hacking

(Friday January 24, 2020)
The DEF CON Social Engineering Capture the Flag contest inspired a new event aimed at teaching both security and non-security professionals on the fine art of hacking human behavior.

ThreatList: Ransomware Costs Double in Q4, Sodinokibi Dominates

(Friday January 24, 2020)
Ransomware actors are turning their sights on larger enterprises, making both average cost and downtime inflicted from attacks skyrocket.

'CardPlanet' Operator Pleads Guilty in Federal Court

(Friday January 24, 2020)
Russian national faced multiple charges in connection with operating the marketplace for stolen credit-card credentials, and a forum for VIP criminals to offer their services.

New York wants to ban paying ransomware demands

(Friday January 24, 2020)
Two bills have been introduced in the New York State Senate which would prevent local municipalities and governments from paying ransoms.

Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings

(Friday January 24, 2020)
The flaw could allow a remote, unauthenticated attacker to enter a password-protected video conference meeting.

VirusTotal is not an Incident Responder

(Friday January 24, 2020)
Show how VirusTotal can be manipulated and how attackers do it. Defenders use VirusTotal to aid your analysis, not BE the analysis. Red Teamers will get ideas on how to emulate this behavior

Tool Release - Enumerating Docker Registries with go-pillage-registries

(Friday January 24, 2020)
Containerization solutions are becoming increasingly common throughout the industry due to their vast applications in logically separating and packaging processes to run consistently across environments. Docker represents these processes as images by packaging a base filesystem and initialization instructions for the runtime environment. Developers can use common base images and instruct Docker to execute a…

7 Steps to IoT Security in 2020

(Friday January 24, 2020)
There are important steps security teams should take to be ready for the evolving security threats to the IoT in 2020.

New Bill Proposes NSA Surveillance Reforms

(Friday January 24, 2020)
The newly-introduced bill targets the Patriot Act's Section 215, previously used by the U.S. government to collect telephone data from millions of Americans.

TestSSL 3.0

(Friday January 24, 2020)
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Russian Pleads Guilty to Running 'CardPlanet' to Sell Stolen Credit Cards

(Friday January 24, 2020)
Russian Hacker Aleksei Burkov Pleads Guilty to Running 'CardPlanet' Marketplace for Selling Stolen Credit Card Numbers.

Debian Security Advisory 4609-1

(Friday January 24, 2020)
Debian Linux Security Advisory 4609-1 - Two security issues were found in the Python interface to the apt package manager; package downloads from unsigned repositories were incorrectly rejected and the hash validation relied on MD5.

OLK Web Store 2020 Cross Site Request Forgery

(Friday January 24, 2020)
OLK Web Store 2020 suffers from a cross site request forgery vulnerability.

WebKitGTK+ / WPE WebKit Code Execution

(Friday January 24, 2020)
WebKitGTK+ and WPE WebKit suffer from multiple memory handling vulnerabilities that can result in arbitrary code execution. Versions affected include WebKitGTK before 2.26.3 and WPE WebKit before 2.26.3.

Webtareas 2.0 SQL Injection

(Friday January 24, 2020)
Webtareas version 2.0 suffers from a remote SQL injection vulnerability.

TP-Link TP-SG105E 1.0.0 Unauthenticated Remote Reboot

(Friday January 24, 2020)
TP-Link TP-SG105E version 1.0.0 suffers from an unauthenticated remote reboot vulnerability.

Genexis Platinum-4410 2.1 Authentication Bypass

(Friday January 24, 2020)
Genexis Platinum-4410 version 2.1 suffers from an authentication bypass vulnerability.

Fake SWAT Calls Hit Tech Execs

(Friday January 24, 2020)

Does Your Domain Have a Registry Lock?

(Friday January 24, 2020)
If you're running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company's domain name and doing whatever they wish with it. Even so, most major Web site owners aren't taking full advantage of the security tools available to protect their domains from being hijacked. Here's the story of one recent victim who was doing almost everything possible to avoid such a situation and still had a key domain stolen by scammers.

Google finds privacy holes in Safari’s ITP anti-tracking system

(Friday January 24, 2020)
Apple’s much-vaunted Intelligent Tracking Prevention (ITP) could leave users exposed to a raft of privacy issues, including - ironically - being tracked.

We’re dung for! Hackers hit firms with ransomware by exploiting Shitrix flaw

(Friday January 24, 2020)
The REvil (also known as Sodinokibi) ransomware is being planted on corporate networks by hackers exploiting the Shitrix flaw in Citrix servers.

Want your photo removed from our facial recognition database? Just send us your photo and government-issued ID…

(Friday January 24, 2020)
Controversial firm Clearview AI which stole your photographs from social media sites to feed their facial recognition database expects you to send them your photos and a scan of your ID if you want to have your data removed. Uhh, yeah. Right.

5 Resume Basics for a Budding Cybersecurity Career

(Friday January 24, 2020)
You'll need to add resume tactician to your skill set in order to climb up the next rung on the security job ladder. Here's how.

Another WordPress site management plugin (wpCentral) is vulnerable to authentication issues.

(Friday January 24, 2020)
The wpCentral plugin allows you to manage your sites on a single panel to login to any website, install/delete/activate plugins, upload files and more.

Online Employment Scams on the Rise, Says FBI

(Friday January 24, 2020)
Looking to change jobs? Watch out for fraudsters who use legitimate job services, slick websites, and an interview process to convince applicants to part with sensitive personal details.

Fake Smart Factory Honeypot Highlights New Attack Threats

(Friday January 24, 2020)
The honeypot demonstrates the various security concerns plaguing vulnerable industrial control systems.

BrandPost: Integrating Smart Systems: From Connected Cars to Security

(Friday January 24, 2020)
There is probably no better example of the potential for digital innovation, and the challenges we will need to overcome to get there, than the . Over the past several years, cars have become increasingly sophisticated. Safety systems include back-up cameras and alarms, side traffic indicators, lane deviation warnings and correction, and automatic all-wheel drive based on real-time assessments of road conditions. The list goes on, including automatic tire pressure gauges, GPS navigation, radar-enhanced cruise control, and even assisted parking and driving. The potential of fully...

Security In 5: Episode 666 - Tools, Tips and Tricks - WizTree

(Friday January 24, 2020)
This week's tools, tips and tricks talks about a lightweight, fast storage analyzer called WizTree. Be aware, be safe. Become A Patron! *** Support the podcast with a cup of coffee *** - —————— Where you can find Security In Five —————— - , , , , , Email -

Sonos backtracks (a little) over its software updates fustercluck

(Friday January 24, 2020)
The maker of wireless home sound systems got itself into hot water after it announced that if you had a mixture of new and old Sonos hardware in your home then *none* of it would be receiving software updates after May.

Whoops! LastPass accidentally deleted its browser extension from the Chrome store. But it’s back now

(Friday January 24, 2020)
Someone at LastPass must be feeling 5!ck as a p4rr0t right now, after human error meant that its browser extension was accidentally deleted from the Chrome web store. Although an embarrassing goof, it’s something of a storm in a teacup security-wise.

Protestors petition equity firm over .org buyout

(Friday January 24, 2020)
The street outside ICANN's offices in Playa Vista, California, is likely a little more crowded than normal.

9th Methbot suspect arrested in massive clickfraud ring

(Friday January 24, 2020)
How Sergey Denisoff described his early ad-buying ventures: buying BS popup traffic and reselling it to buyers demanding BS traffic.

Over 3 Million Buchbinder Car Renter Customers Information Exposed

(Friday January 24, 2020)
German car rental company Buchbinder exposed the personal information of over 3.1 million customers including federal ministry employees, diplomats, and celebrities, all of it stored within a ten terabytes MSSQL backup database left unsecured on the Internet. Source: Bleeping Computer The post Over 3 Million Buchbinder Car Renter Customers Information Exposed [https://www.itsecurityguru.org/2020/01/24/over-3-million-buchbinder-car-renter-customers-information-exposed/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

U.S. Government Agency have been Hit with New Malware Dropper

(Friday January 24, 2020)
A new malware called CARROTBALL, used as a second-stage payload in targeted attacks, was distributed in phishing email attachments delivered to a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea. Source: Bleeping Computer The post U.S. Government Agency have been Hit with New Malware Dropper [https://www.itsecurityguru.org/2020/01/24/u-s-government-agency-have-been-hit-with-new-malware-dropper/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

250M customer support records exposed by Microsoft database misconfiguration

(Friday January 24, 2020)
Microsoft last December misconfigured five Elasticsearch servers – each one containing the same data set of 250 million customer support records – leaving their information publicly exposed on the internet, according to researchers. The data leak was detailed today in a blog post by pro-consumer website Comparitech and separately disclosed in a Microsoft Security Response Center (MSRC) blog […] The post 250M customer support records exposed by Microsoft database misconfiguration [https://www.itsecurityguru.org/2020/01/24/250m-customer-support-records-exposed-by-microsoft-database-mis

Malaysia site blocked under online falsehoods law by Singapore orders

(Friday January 24, 2020)
Operated by Lawyers for Liberty, the website appears to have been blocked in Singapore following an order issued after the human rights group failed to comply with a previous correction directive. The group has sued the Singapore government over the order. Source: ZD Net The post Malaysia site blocked under online falsehoods law by Singapore orders [https://www.itsecurityguru.org/2020/01/24/malaysia-site-blocked-under-online-falsehoods-law-by-singapore-orders/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

Privacy watchdog throws wider net to protect children online

(Friday January 24, 2020)
A new, comprehensive code will compel online services to put children's health and safety before data-collecting profits.

Mac users are getting bombarded by laughably unsophisticated malware

(Friday January 24, 2020)
For malware so trite and crude, Shlayer is surprisingly prolific.

A collection of UNIX hacking tips & tricks curated by THC

(Friday January 24, 2020)
Various tips & tricks. Contribute to hackerschoice/thc-tips-tricks-hacks-cheat-sheet development by creating an account on GitHub.

Jeff Bezos phone hack shows hackers are winning in the 'arms race' between governments and tech firms according to a cybersecurity expert

(Friday January 24, 2020)
The phone of Amazon founder and CEO Jeff Bezos was reportedly hacked and the Saudi crown prince might have been behind it. Check Point Software, the company

Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack

(Friday January 24, 2020)
Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent fix. I wish I could say, "better late than never," but since hackers don't waste time or miss any opportunity to exploit

Created a simple credential finder -- currently uses github, but will add more things like bitbucket, gitlab maybe even google dorks too

(Friday January 24, 2020)
Find leaked credentials on Github. Contribute to filtration/pullit development by creating an account on GitHub.

Red Hat Security Advisory 2020-0222-01

(Friday January 24, 2020)
Red Hat Security Advisory 2020-0222-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

PoC (DoS) for CVE-2020-0609 & CVE-2020-0610 - RD Gateway RCE

(Thursday January 23, 2020)
PoC (DoS + scanner) for CVE-2020-0609 & CVE-2020-0610 - RD Gateway RCE - ollypwn/BlueGate

Someone is uninstalling the Phorpiex malware from infected PCs and telling users to install an antivirus | ZDNet

(Thursday January 23, 2020)
Malware analysts believe someone has hijacked the Phorpiex botnet from its creator and is sabotaging its operations by alerting users they've been infected.

The Annoying MacOS Threat That Won't Go Away

(Thursday January 23, 2020)
In two years, the adware-dropping Shlayer Trojan has spread to infect one in 10 MacOS systems, Kaspersky says.

Amazon Engineer Leaked Private Encryption Keys. Outside Analysts Discovered Them in Minutes

(Thursday January 23, 2020)
An Amazon Web Services (AWS) engineer last week inadvertently made public almost a gigabyte’s worth of sensitive data, including their own personal documents as well as passwords and cryptographic keys to various AWS environments.

DHS Warns of Increasing Emotet Risk

(Thursday January 23, 2020)
Emotet is considered one of the most damaging banking Trojans, primarily through its ability to carry other malware into an organization.

NSA Offers Guidance on Mitigating Cloud Flaws

(Thursday January 23, 2020)
A new document separates cloud vulnerabilities into four classes and offers mitigations to help businesses protect cloud resources.

Critical, Unpatched ‘MDhex’ Bugs Threaten Hospital Devices

(Thursday January 23, 2020)
The Feds have warned on six vulnerabilities in GE medical equipment that could affect patient monitor alarms and more.

Ubuntu Security Notice USN-4230-2

(Thursday January 23, 2020)
Ubuntu Security Notice 4230-2 - USN-4230-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.

Ubuntu Security Notice USN-4233-2

(Thursday January 23, 2020)
Ubuntu Security Notice 4233-2 - USN-4233-1 disabled SHA1 being used for digital signature operations in GnuTLS. In certain network environments, certificates using SHA1 may still be in use. This update adds the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1 priority strings that can be used to temporarily re-enable SHA1 until certificates can be replaced with a stronger algorithm. Various other issues were also addressed.

Red Hat Security Advisory 2020-0215-01

(Thursday January 23, 2020)
Red Hat Security Advisory 2020-0215-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

Red Hat Security Advisory 2020-0218-01

(Thursday January 23, 2020)
Red Hat Security Advisory 2020-0218-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

Red Hat Security Advisory 2020-0216-01

(Thursday January 23, 2020)
Red Hat Security Advisory 2020-0216-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

Red Hat Security Advisory 2020-0217-01

(Thursday January 23, 2020)
Red Hat Security Advisory 2020-0217-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

Ubuntu Security Notice USN-4247-3

(Thursday January 23, 2020)
Ubuntu Security Notice 4247-3 - USN-4247-1 fixed several vulnerabilities in python-apt. This update provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.

U.S. Gov Agency Targeted With Malware-Laced Emails

(Thursday January 23, 2020)
The malicious email campaign included a never-before-seen malware downloader called Carrotball, and may be linked to the Konni Group APT.

Shlayer, No. 1 Threat for Mac, Targets YouTube, Wikipedia

(Thursday January 23, 2020)
The malware uses thousands of partner websites to spread malvertising code.

Deconstructing Web Cache Deception Attacks: They're Bad; Now What?

(Thursday January 23, 2020)
Expect cache attacks to get worse before they get better. The problem is that we don't yet have a good solution.

Severe Vulnerabilities Discovered in GE Medical Devices

(Thursday January 23, 2020)
CISA has released an advisory for six high-severity CVEs for GE Carescape patient monitors, Apex Pro, and Clinical Information Center systems.

Insecure configurations expose GE Healthcare devices to attacks

(Thursday January 23, 2020)
Researchers have found insecure configurations of the remote access and administration features present in several patient monitoring devices and servers made by GE Healthcare that are used in clinics and hospitals around the world. The identified issues involve the use of shared hard-coded credentials or no credentials at all for remote management features, as well as the use of outdated applications with known vulnerabilities. [ Learn . ] These types of issues have plagued embedded devices for many years and are the result of old product design practices that focused more on usability and...

Anatomy of a Facebook-Hosted Phishing Attack

(Thursday January 23, 2020)
A number of First Look Media staff reported receiving a clever phishing attack to the security team. The attack, very similar to the one recently reported in the news, attempts to harvest Facebook user login credentials by leveraging Facebook’s own blogging platform, Notes, to lend a false air of legitimacy to the phishing campaign by making it appear as if the landing page is an official Facebook-hosted page.

Securing Bare Metal with Service Mesh

(Thursday January 23, 2020)
A step-by-step guide on how to use HashiCorp Consul to create a service mesh and secure data in motion between physical hosts and services.

Creating a world-class communications organization (and having fun along the way!)

(Thursday January 23, 2020)
When I joined Cisco last year, I was thrilled to be joining a company with a unique culture that’s innovative, talented, and progressive. Soon after, our ranking as the No. 1 place to work was announced, confirming my decision. The post Creating a world-class communications organization (and having fun along the way!) [https://blogs.cisco.com/news/creating-a-world-class-communications-organization-and-having-fun-along-the-way] appeared first on Cisco Blogs [https://blogs.cisco.com].

Azure Security Benchmark—90 security and compliance best practices for your workloads in Azure

(Thursday January 23, 2020)
Azure Security Benchmark offers a collection of over 90 security best practices and recommendations you can employ to increase the overall security and compliance of all your workloads in Azure. The post Azure Security Benchmark—90 security and compliance best practices for your workloads in Azure [https://www.microsoft.com/security/blog/2020/01/23/azure-security-benchmark-90-security-compliance-best-practices-azure-workloads/] appeared first on Microsoft Security.

Microsoft and Zscaler help organizations implement the Zero Trust model

(Thursday January 23, 2020)
Microsoft has built deep integrations with Zscaler—a cloud-native, multitenant security platform—to help organizations with their Zero Trust journey. The post Microsoft and Zscaler help organizations implement the Zero Trust model [https://www.microsoft.com/security/blog/2020/01/23/microsoft-zscaler-help-organizations-implement-zero-trust-model/] appeared first on Microsoft Security.

How to use OODA in #DFIR Series: Post 2 - Observe

(Thursday January 23, 2020)
In this post on applying OODA to the incident response process, you'll learn from expert Brian Carrier how to approach phase one: observe.

Falco 0.19.0

(Thursday January 23, 2020)
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Ransomware: The average ransom payment has doubled in just three months

(Thursday January 23, 2020)
A new report into the state of ransomware at the tail end of 2019 has revealed that things aren’t getting any better. Read more in my article on the Tripwire State of Security blog.

VirusTotal is not an Incident Responder - a tool that aids in analysis should not be a “one-stop-shop” in determining if content is malicious. Attackers can easily manipulate these results.

(Thursday January 23, 2020)
Show how VirusTotal can be manipulated and how attackers do it. Defenders use VirusTotal to aid your analysis, not BE the analysis. Red Teamers will get ideas on how to emulate this behavior

qdPM 9.1 Remote Code Execution

(Thursday January 23, 2020)
qdPM version 9.1 suffers from a remote code execution vulnerability.

Cisco Warns of Critical Network Security Tool Flaw

(Thursday January 23, 2020)
The critical flaw exists in Cisco's administrative management tool, used with network security solutions like firewalls.

Traffic jams could be worse than normal, because of the Shitrix vulnerability

(Thursday January 23, 2020)
Your trip into work today might be delayed by slippery roads, dense fog, and a Citrix vulnerability.

Umbraco CMS 8.2.2 Cross Site Request Forgery

(Thursday January 23, 2020)
Umbraco CMS version 8.2.2 suffers from cross site request forgery vulnerabilities.

Red Hat Security Advisory 2020-0214-01

(Thursday January 23, 2020)
Red Hat Security Advisory 2020-0214-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945.130. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-4249-1

(Thursday January 23, 2020)
Ubuntu Security Notice 4249-1 - It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code.

Ubuntu Security Notice USN-4247-2

(Thursday January 23, 2020)
Ubuntu Security Notice 4247-2 - USN-4247-1 fixed vulnerabilities in python-apt. The updated packages caused a regression when attempting to upgrade to a new Ubuntu release. This update fixes the problem. It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. Various other issues were also addressed.

Weathering the Privacy Storm from GDPR to CCPA & PDPA

(Thursday January 23, 2020)
A general approach to privacy, no matter the regulation, is the only way companies can avoid a data protection disaster in 2020 and beyond.

Ryuk Ransomware Hit Multiple Oil & Gas Facilities, ICS Security Expert Says

(Thursday January 23, 2020)
Attackers 'weaponized' Active Directory to spread the ransomware.

Cryptomining Malware Vivin Uses Pirated Software as Attack Vector

(Thursday January 23, 2020)
Vivin, a cryptomining malware that likes munching on Monero, is one of the many examples of such software roaming the dark corners of the Internet. Security researchers have been tracking it for the last couple of years, and it shows no sign of slowing down. Cryptomining took a bit of a tumble as the cryptocurrency […]

Pachev FTP Server 1.0 Path Traversal

(Thursday January 23, 2020)
Pachev FTP Server version 1.0 suffers from a path traversal vulnerability.

Five Microsoft Elasticsearch Servers with Private Data for 250 Million People Found Unsecured Online

(Thursday January 23, 2020)
Security researchers found a total of 250 million Microsoft customer records spread on five unsecured servers that could have been accessed by anyone using just a web browser. Microsoft has since secured the servers. Unsecured Elasticsearch servers seem to be all the rage, as various companies leave them unsecured and accessible from the Internet. While […]