Cybersecurity researchers have released an updated version of GandCrab ransomware decryption tool that could allow millions of affected users to unlock their encrypted files for free without paying a ransom to the cybercriminals.

GandCrab is one of the most prolific families of ransomware to date that has infected over 1.5 million computers since it first emerged in January 2018.

Created by BitDefender, the new GandCrab decryption tool [download] can now unlock files encrypted by the latest versions of the ransomware, from 5.0 to 5.2, as well as for the older GandCrab ransomware versions.

As part of the “No More Ransom” Project, BitDefender works in partnership with the FBI, Europol, London Police, and several other law enforcement agencies across the globe to help ransomware affected users.

The cybersecurity company in recent months released ransomware removal tools for some older GandCrab versions that helped nearly 30,000 victims recover their data for free, saving roughly $50 million in unpaid ransoms.

The GandCrab creators recently announced retirement of their Ransomware-as-a-Service (RaaS) operations that allowed criminal hackers affiliated with the organised crime extort more than a total of $2 billion from victims.

images from Hacker News

Important Update [21 June 2019]—Mozilla on Thursday released another update Firefox version 67.0.4 to patch a second zero-day vulnerability.

If you use the Firefox web browser, you need to update it right now.

Mozilla earlier today released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browsing software that hackers have been found exploiting in the wild.

Discovered and reported by Samuel Groß, a cybersecurity researcher at Google Project Zero, the vulnerability could allow attackers to remotely execute arbitrary code on machines running vulnerable Firefox versions and take full control of them.

The vulnerability, identified as CVE-2019-11707, affects anyone who uses Firefox on desktop (Windows, macOS, and Linux) — whereas, Firefox for Android, iOS, and Amazon Fire TV are not affected.

images from Hacker News

Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server.

According to Oracle, the vulnerability—which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of 10—is already being exploited in the wild by an unnamed group of attackers.

Oracle WebLogic is a Java-based multi-tier enterprise application server that allows businesses to quickly deploy new products and services on the cloud, which is popular across both, cloud environment and conventional environments.

The reported vulnerability is a deserialisation issue via XMLDecoder in Oracle WebLogic Server Web Services that could allow unauthorised remote attackers to execute arbitrary code on the targeted servers and take control over them.

“This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password,” the advisory said.

In a separate note, the company also revealed that the flaw is related to a previously known deserialisation vulnerability (CVE-2019-2725) in Oracle WebLogic Server that it patched in April this year.

The previously patched RCE flaw in Oracle WebLogic was also exploited by attackers as a zero-day i.e., to distribute Sodinokibi ransomware and cryptocurrency mining malware.

Reported independently by a separate group of individuals and organisations, the new vulnerability affects Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0

images from Hacker News

Important Update (21 June 2019) ➤ The Tor Project on Friday released second update (Tor Browser 8.5.3) for its privacy web-browser that patches the another Firefox zero-day vulnerability patched this week.

Following the latest critical update for Firefox, the Tor Project today released an updated version of its anonymity and privacy browser to patch the same Firefox vulnerability in its bundle.

Earlier this week, Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical actively-exploited vulnerability (CVE-2019-11707) that could allow attackers to remotely take full control over systems running the vulnerable browser versions.

Besides updating Firefox, the latest Tor Browser 8.5.2 for desktops also includes updated NoScript version 10.6.3 that fixes a few known issues.

According to the Tor Project Team, if you are already using Tor browser with “safer” and “safest” security levels, the flaw doesn’t affect you.

For some reason, the team hasn’t yet released an updated Tor version for Android users, which should be available anytime soon in the next few days. However, Android users have been advised to switch on “safer” or “safest” security levels in order to mitigate the issue until a patched app becomes available.

images from Hacker News

At its developer conference held earlier this week in New York, the MongoDB team announced the latest version of its database management software that includes a variety of advanced features, including Field Level Encryption, Distributed Transactions, and Wildcard Indexes.

The newly introduced Field Level Encryption (FLE), which will be available in the upcoming MongoDB 4.2 release, is an end-to-end encryption feature that encrypts and decrypts sensitive users’ data on the client-side, preventing hackers from accessing plaintext data even if the database instance left exposed online or the server itself gets compromised.

Almost every website, app, and service on the Internet today usually encrypt (particularly “hashing”) only users’ passwords before storing them into the databases, but unfortunately left other sensitive information unencrypted, including users’ online activity data and their personal information.

Moreover, even if there is an encryption mechanism to store data securely on the server, the private keys to unlock it and decryption operation also remain available on the server, which if get compromised, can be used by hackers to decrypt the data.

images from Hacker News