Emotet malware was hosted on a third-party website but was shared via a domain associated with McAfee ClickProtect. The malicious link was found by the researcher under the pseudonym Benkow. This link redirected users to the malicious Word document, after downloading and opening of which on the victim system Emotet was loaded. After it installs, the malware collected confidential data to hack into accounts and sent them to its command and control server.
Because of attacks leveraging Dynamic Data Exchange Microsoft is releasing security advisory to provide information regarding security settings for Office applications.
As email attachments are a primary method an attacker could use to spread malware, Microsoft strongly recommends that customers exercise caution when opening suspicious file attachments.
Misconfigured Amazon S3 Buckets that allow public writes are enabling 3rd party, unbeknownst to either the data owner or the data consumer, launch a surreptitious man-in-the-middle (MITM) attack. This problem is called GhostWriter and described by researchers from Skyhigh Networks. According to researchers, GhostWriter technique is dangerous both for the customer and storage provider.
Among the main updates: modern interface with customizable themes, chat media gallery, view missed events in own notification panel, easy and fast way to send files up to 300 MB. A full list of the new features is posted on the Skype blog.
If you’re using Skype for Mac, Windows 10 November Update (2016) and lower, Windows 8, Windows 7, or Linux and have automatic updates enabled, the update will be delivered when it’s ready. You can download the new version from the official site.
The ransomware encrypts files in the system and displays ransom note demanding 0.05 bitcoin (~ $285) from victims to unlock their systems.
According to Trend Micro research, Bad Rabbit spreads t via fake Flash installer “install_flash_player.exe” from compromised sites. At the present time, the link for downloading a fake installer is inaccessible.
KnockKnock is discovered by Skyhigh Networks experts, who noted that the key distinction of this new attack is the nature of the accounts that are being targeted. The attack targets on system accounts that are not assigned to any one individual user. System accounts have more privileges and, in addition, they have a more loyal password policy. Having access to the account, it is easier for hackers to continue attacking the corporate network.
A group of scientists from Adelaide, Pennsylvania, Maryland and Graz University of Technology published a study that describes a new way to bypass the defense against Rowhammer attacks.
To launch an attack, hacker need to narrow down the Rowhammer data bombardment to one single row of memory cells, instead of multiple locations. According to the test results, the revised Rowhammer attack may take between 44 to 138 hours, but this shouldn’t be a problem if an attacker targets online servers and cloud providers.
According to the researchers, malicious code was introduced into CCleaner by professional hackers – cybergroup called Axiom (APT17, Group 72, DeputyDog, Tailgater Team, Hidden Lynx, Voho or AuroraPanda). This assumption was made by Kaspersky Lab’s specialist Costin Raiu. Later, Cisco Talos experts published a detailed report of their research, which also allowed the possibility of the involvement of Group 72 in hacking CCleaner.
Cisco Talos researchers have already notified the affected tech companies about a possible breach. Avast has not commented on the situation.
The company-developer of the popular application detected malware in the 32-bit version of the v5.33.6162 of CCleaner and the v1.07.3191 of CCleaner Cloud. According to Piriform, 3% of the users used the affected software – about 2.3 million people. Piriform claims that the authors of the malware haven’t used the stolen information and the problem was eliminated.
We don’t recommend installing such programs and, if necessary, use a separate virtual machine with hard firewall settings.
Microsoft simplifies privacy settings in Windows 10 Fall Creators Update and gives more control over app-level permissions.
Within the setup process users will have easy access to privacy information and how to use the data. In Windows 10 Fall Creators Update users will be prompted to provide permission before an app can access key device capabilities or information such as your contacts, camera, microphone, calendar and etc.
This rule applies only to applications that were installed after upgrading to Windows 10 Fall Creators Update. In order to review and manage your existing app permissions, head on to Start → Settings → Privacy.