Latest News


Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable

Remember the Reverse RDP Attack—wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol?
Though Microsoft had patched the vulnerability (CVE-2019-0887) as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by replacing the backward slashes in paths with forward slashes.
Microsoft acknowledged the improper fix and re-patched the flaw in its February 2020 Patch Tuesday update earlier this year, now tracked as CVE-2020-0655.
In the latest report shared with The Hacker News, Check Point researcher disclosed that Microsoft addressed the issue by adding a separate workaround in Windows while leaving the root of the bypass issue, an API function "PathCchCanonicalize," unchanged.

ProLock Ransomware Teams Up With QakBot Trojan to Infect Victims

A relatively new ransomware, ProLock, has paired up with the QakBot banking trojan to access victims’ networks. ProLock’s leveraging of QakBot gives it bolstered persistence, anti-detection and credential-dumping techniques.

ProLock ransomware first emerged in March as a successor to another recent malware strain, PwndLocker, and has made its mark targeting financial, healthcare, government and retail organizations. ProLock’s first big attack targeted major ATM provider Diebold Nixdorf at the end of April.

Hackers Hijack Routers to Spread Malware Via Coronavirus Apps

Cybercriminals are hijacking routers and changing Domain Name System (DNS) settings, in order to redirect victims to attacker controlled sites promoting fake coronavirus information apps. If victims download these apps, they are infected with information-stealing Oski malware.

This latest attack shows that hackers are becoming more creative in how they leverage the coronavirus pandemic. And it appears to be working – researchers believe that at least 1,193 victims have been targeted by this cyberattack over just the past couple of days. Reports of the hacks began on March 18, and have since skyrocketed over the past week, with victims from the U.S., Germany and France being mostly targeted.

Microsoft RCE Vulnerabilities Affecting Windows, Windows Server

Microsoft has released a security advisory to address remote code execution vulnerabilities in Adobe Type Manager Library affecting all currently supported versions of Windows and Windows Server operating systems. A remote attacker can exploit these vulnerabilities to take control of an affected system. Microsoft is aware of limited, targeted attacks exploiting these vulnerabilities in the wild.

Virgin Media exposes data of 900,000 users via unprotected marketing database

Virgin Media, a provider of telephone, television, and internet services in the UK, disclosed today a data breach that was caused by a database server left exposed online without a password.

The incident exposed the personal details of approximately 900,000 customers, representing around 15% of the company's entire customer base.

Exposed data varies by user, but it could contain names, home addresses, emails, phone numbers, along with technical and product information.

Virgin Media said the database was used for marketing activities and, as a result, did not contain sensitive information, such as passwords or financial details.