Misconfigured Amazon S3 Buckets that allow public writes are enabling 3rd party, unbeknownst to either the data owner or the data consumer, launch a surreptitious man-in-the-middle (MITM) attack. This problem is called GhostWriter and described by researchers from Skyhigh Networks. According to researchers, GhostWriter technique is dangerous both for the customer and storage provider.
The ransomware encrypts files in the system and displays ransom note demanding 0.05 bitcoin (~ $285) from victims to unlock their systems.
According to Trend Micro research, Bad Rabbit spreads t via fake Flash installer “install_flash_player.exe” from compromised sites. At the present time, the link for downloading a fake installer is inaccessible.
KnockKnock is discovered by Skyhigh Networks experts, who noted that the key distinction of this new attack is the nature of the accounts that are being targeted. The attack targets on system accounts that are not assigned to any one individual user. System accounts have more privileges and, in addition, they have a more loyal password policy. Having access to the account, it is easier for hackers to continue attacking the corporate network.
A group of scientists from Adelaide, Pennsylvania, Maryland and Graz University of Technology published a study that describes a new way to bypass the defense against Rowhammer attacks.
To launch an attack, hacker need to narrow down the Rowhammer data bombardment to one single row of memory cells, instead of multiple locations. According to the test results, the revised Rowhammer attack may take between 44 to 138 hours, but this shouldn’t be a problem if an attacker targets online servers and cloud providers.
Nowadays, it is difficult to surprise someone by malicious advertising campaigns, but the experts of Proofpoint have discovered a new trend in this area. Now attackers are targeting not on the users ‘ browsers and in their routers. The final goal of the attacker is to inject ads into every page visited by infected victim. Interestingly, the campaign focused not on IE users, as it happens often, but for Chrome users (both desktop and mobile versions).
The owners of the routers do not show a harmless ad. Advertising will take them straight to the exploit kit DNSChanger, which continues the attack. Using steganography, the attacker sends router of the victim image, which contains the AES key. Malicious advertising uses this key to decrypt further traffic received from DNSChanger. So attackers hide their operations from the attention of is professionals.
After receiving AES key, DNSChanger sends the victim a list of the distinguishing features of 166 router (including various models of Linksys, Netgear, D-Link, Comtrend, Zyxel, and Pirelli), which is set based on the type of router, which is then transmitted to the attackers control server. The server has a list of vulnerabilities and hard-coded credentials from different devices, which are used to intercept control over the victim’s router. Proofpoint experts noted that in some cases (if the model allows), the attackers are trying to create an external connection to an administrative port on the router and take control directly.