Tech support scams have diversified into new territory. They now use pop-up alerts and social engineering tactics to spread fake toll-free numbers and links of their fake tech support websites on popular social media platforms.Read More
The content management framework Drupal recently fixed a vulnerability (CVE-2019-6340) in their core software, identified as SA-CORE-2019-003. The flaw is categorized as highly critical, exposing vulnerable installations to unauthenticated remote code execution (RCE). The vulnerability affects a substantial portion of Drupal installations, since it impacts the widely installed RESTful Web Services (rest) module.Read More
On February 19, 2019, Simon Scannell of RIPS Technologies published his findings on core vulnerabilities in WordPress that can lead to remote code execution (RCE). These have been assigned as CVE-2019-8942 and CVE-2019-8943. In a nutshell, these security flaws, when successfully exploited, could enable attackers with at least author privileges to execute hypertext preprocessor (PHP) code and gain full system control. Affected versions of WordPress include versions 5 (prior to 5.0.1) and 4 (prior to 4.9.9). The vulnerabilities have also been disclosed to WordPress’ security team.
This blog post expounds the technical details of the vulnerabilities, specifically, how a potential attack could look like and the parameters that are added to take advantage of a vulnerable WordPress site.Read More
We noticed a sudden increase in hack tool installation attempts from various industries in China, Taiwan, Italy and Hong Kong. We found a trojan combining RADMIN and MIMIKATZ to drop a Monero miner by exploiting MS17-010 for propagation, likely taking advantage of the Lunar New Year holidays.Read More