Author: Sevan Makaracı


New ‘hover link’ method used to spread malware via PowerPoint files

Since macros are an appropriate way to automate some common tasks in Microsoft Office, sometimes cyber criminals prefer to use macros to download malicious software and infect computers. However, in recent versions of Microsoft Office, macros are disabled by default, which means cyber criminals need to convince you to turn on macros or grant special privilages so that the malware can...

1,121 total views, no views today


A dangerous Android banking trojan discovered that targets 22 Turkish mobile banking apps

ESET researchers have discovered a dangerous Android banking trojan that masquerades as a weather forecast application on Google Play. The malware, dubbed Trojan.Android/Spy.Banker.HU, targeted the users of 22 Turkish mobile banking apps, whose credentials were harvested using fake login forms. Banking trojans are sophisticated piece of malware which designed to steal banking information by using message interception, form grabbing, keystroke logging, screen capturing, fake login...

1,061 total views, 2 views today


Filecoder.E: The new macOS-targeting ransomware distributed through Torrent websites

Experts from antivirus firm Eset have discovered a new ransomware variant, called OSX/Filecoder.E, that targets Macintosh users. It’s not the first time Mac-targeting ransomware has been detected by security researchers. In 2014, Kaspersky Labs discovered OSX.FileCoder.a ransomware, though it wasn’t complete at the time. And the next one, OSX.KeRanger was discovered in 2016 by Palo Alto researchers. The new Filecoder ransomware, designed...

943 total views, no views today


A new denial-of-service (DoS) vulnerability was discovered in BIND DNS, updates available

A serious vulnerability was discovered in multiple versions of BIND DNS software that allows a remote attacker to conduct denial-of-service (DoS) attack. BIND is the most widely used Domain Name System (DNS) on the internet that enables you to publish your Domain Name System (DNS) information on the Internet, and to resolve DNS queries for your users. On Unix-like operating systems it...

1,057 total views, 2 views today


European Banks targeted by new version of ‘SmsSecurity’ Android malware

In 2014, Trend Micro discovered a cybercriminal operation, called ‘Operation Emmental’, that uses malicious apps to intercept SMS messages and hijack victim’s banking session. They uncovered that the malicious applications were posing as a banking application that supposedly generates one-time passwords (OTPs) in order to trick victims. These fake OTP generators were named as ‘SmsSecurity’. Two years later, Trend Micro researchers...

1,259 total views, no views today


New CryptoLuck ransomware infects victims through legitimate GoogleUpdate.exe application and DLL hijacking

A Proofpoint security researcher has discovered a new ransomware, called CryptoLuck, that infects target computers through the legitimate GoogleUpdate.exe executable and DLL hijacking. According to security researcher and exploit kit expert ‘Kafeine‘, CryptoLuck ransomware has been spotted being distributed via RIG-E exploit kit after redirection from compromised websites and malvertising. While Kafeine only specifically saw this sample through advertising in the Adult web site...

1,292 total views, no views today


Cisco ASR 5000 series router vulnerability allows remote attackers to cause DoS

A  vulnerability was reported in Cisco ASR 5000 and 5500 series routers that allows an unauthenticated remote attacker to conduct denial of service (DoS) attack by sending specially crafted Internet Key Exchange (IKE) messages. Cisco ASR 5000/5500 series routers are popular devices that provide single Multimedia Core Platform for common services across Wi-Fi, 3G, 4G packet core and small cells. These devices also uses...

1,307 total views, 2 views today


Three Mobile data breach: 6 million customers’ personal data at risk

Three Mobile, one of Britain’s biggest mobile operators has admitted that hackers have managed to successfully access its customer upgrade database. It has been reported that the data accessed included names, phone numbers, addresses and dates of birth of some 6 million ‘Three Mobile’ customers. Luckily, sensitive financial data were not exposed, according to Telegraph report. It has been revealed that cyber criminals used...

1,120 total views, no views today


Massive security hole in iOS allows anyone to bypass iPhone’s passcode and access personal data

A critical security flaw was discovered in iOS 8 and newer versions of the Apple OS, including 10.2 beta 3, that allows anyone to bypass iPhone’s passcode on Lockscreen and gain acces to personal data. Passcode is simply a password that consist of 4-digits (6 digits or alphanumeric characters on some devices) which helps to prevent other people from accessing your device....

2,206 total views, no views today


Linux vulnerability grants Root Shell access by pressing ‘Enter’ for 70 seconds!

Cyber security researchers Hector Marco and Ismael Ripoll have discovered a serious vulnerability in many Linux distributions, including Debian, Ubuntu, Fedora and Red Hat Enterprise Linux, that allows both remote and local attackers to bypass authentication and launch a shell with ROOT permissions just by pressing the ‘Enter’ key for 70 seconds! This vulnerability is specially serious in environments like libraries, ATMs,...

1,297 total views, no views today


Telecrypt ransomware uses Telegram Messenger to communicate with C&C. Here is how to decrypt your files.

Kaspersky Lab researchers have discovered a new ransomware, called Telecrypt, that uses Telegram Messenger as a covert channel between the Command and Control (C&C) server and the compromised device. By using Telegram Messenger’s communication protocol, Telecrypt ransomware performs secure key exchange with the C&C server, which becomes hard to track through network traffic monitoring. It is also noticed that Telecrypt is the first ransomware...

1,129 total views, no views today


F5 BIG-IP ASM Web Application Firewall vulnerability allows remote attackers to launch DoS attack

A ‘high severity’ vulnerability was discovered in ‘F5 Networks BIG-IP Application Security Manager (ASM)’ web application firewall that allows a remote attacker to conduct denial-of service (DoS) attack. BIG-IP ASM is one of the popular enterprise web application firewalls (WAF). According to F5 Networks, it is deployed in more data centers than any enterprise WAF.  It is available as an appliance, virtual...

1,061 total views, no views today


Payment company recommends banks to block over 100.000 Danish-issued debit cards due to increasing abuse

Last week, several banks in India, including SBI, HDFC Bank, ICICI, YES Bank and Axis, started procedures to block and reissue over 3.2 million payment cards due to malware infection on the system of a local payment processor. It has been discovered that attackers managed to infect malware on Hitachi Payment services (which provides ATM, PoS and other services)  and collected credit card...

1,039 total views, no views today


Apple released security updates to patch critical iOS, macOS, watchOS and tvOS vulnerabilities.

If you own Mac, iPhone (5 and later), iPad (4th generation and later), iPod touch (6th generation and later), Apple TV (4th generation) or Apple watch, you need to install the latest Apple security updates. Company has released security updates for it’s operating systems including iOS, macOS, OS X, tvOS and watchOS to patch critical vulnerabilities. Some of these vulnerabilities allows an attacker...

947 total views, no views today


Linux.BackDoor.FakeFile.1, the new Linux backdoor detected in the wild

Although the vast majority of malware is created to attack Windows operating systems, Linux systems can be infected as well. Because Linux is one of the most widely and constantly used operating systems in desktop computers, web servers, IoT devices, embedded systems, routers, surveillance cameras or different server infrastructures, it becomes a valuable target for cyber criminals. Security firms observing increase in malware types...

1,268 total views, no views today


Over 43 million Weebly accounts leaked. FourSquare breach claimed.

Unfortunately data breach news keeps coming every week. After LinkedIn, Dropbox, Tumblr, MySpace and record-breaking Yahoo data breach (500 million accounts was compromised), now popular web-hosting company Weebly confirmed that more than 43 million user’s account information including usernames, passwords, email and ip addresses obtained by an unauthorized party. According to Weebly, this data breach affects customers who registered before March...

985 total views, no views today


Juniper released software updates to fix vulnerabilities in Junos CLI, Junos Space, CTPView, vMX and Junos J-Web interface.

Juniper released software updates to fix some critical vulnerabilities in Junos OS Command Line Interface, Junos Space, CTPView, Virtual MX series (vMX) router software and Junos OS J-Web interface. Junos Space Network Management Platform vulnerabilities Junos Space Network Management Platform contains critical vulnerabilities and any Juniper products/platforms running Junos Space prior to version 15.2R2 need to be updated as soon as possible. According...

1,194 total views, no views today


Mirai malware infecting AirLink Cellular Gateway devices, password change needed!

Mirai is a dangerous malware that is designed to infect Internet of Things (IoT) devices by scanning the internet for devices with factory default passwords in order to make these devices a part of a botnet and to perform DDoS attacks. Mirai is also the bot used in one of the largest DDoS attacks. Brain Kreb’s blog was recently targeted by a...

1,060 total views, no views today


Ongoing DoS attacks against BIND DNS software reported, update needed!

BIND is the most widely used ‘Domain Name System’ (DNS) software on the Internet, which originally designed for BSD operating systems. And it is a de facto standard on Unix-based systems. On September 27, Internet Systems Consortium (ISC) released a security advisory to highlight a critical vulnerability that allows remote attackers to cause a denial-of-service (DoS) via a crafted query. It is one...

1,177 total views, no views today


Windows Script File ( WSF ) attachments being increasingly used for ransomware delivery.

Spam emails are one of the mostly used mediums by attackers in an attempt to trick the user into opening the mail and clicking on the links within the mail or opening a malicious attachment, which leads to malware infection. And it seems that malicious Windows Script Files (WSF) are the latest file types being used by cyber criminals recently to spread ransomware....

1,187 total views, no views today