Latest News


Breach at IT Outsourcing Giant Wipro

Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. Wipro has refused to respond to questions about the alleged incident.

Earlier this month, KrebsOnSecurity heard independently from two trusted sources that Wipro — India’s third-largest IT outsourcing company — was dealing with a multi-month intrusion from an assumed state-sponsored attacker.

Nearly one billion Chrome users vulnerable to exploit patched in later versions

Exodus Intelligence security researcher István Kurucsai discovered and published a proof-of-concept of a vulnerability found in Google Chrome.

Although the security flaw has been patched in Chrome’s version 8 JavaScript engine, a fix hasn’t been developed for Chrome version 73 leaving at least an estimated billion users at risk. Kurucsai pointed out that this situation isn’t unique to Google, but said in his blog post it’s important that users dig deep into a patch to know if it applies to an exploitable security vulnerability.

Skilled adversaries could use the gap between the zero day’s announcement and the release of the patch to launch a more effective attack, said Craig Young, computer security researcher for Tripwire’s VERT (Vulnerability and Exposure Research Team) told SC Media.

Massive SIM swap fraud leaves traditional 2FA users at risk

As two-factor authentication becomes more popular, threat actors have proven once again how this security feature can be exploited if not implemented properly.

Kaspersky researchers uncovered large-scale SIM swap fraud operations targeting users in both the Portugese-speaking nations of Brazil and Mozambique were able to use social engineering, bribery, and simple phishing attacks to ultimately steal money from victims.

CryptoPokemon ransomware decryptor developed

A new ransomware dubbed CryptoPokemon encrypts user files and demands approximately $104 worth of Bitcoin to decrypt the files.

CryptoPokemon encrypts files using SHA256 + AES128 and comes with a note containing an email address and website to contact the threat actors who describe themselves as “valiant support [who] will help you solve this problem.”

Emsisoft researchers are urging victims to not pay the ransom after they were able to find bugs in the malware’s source code which allowed them to create a free decryptor shared in their April 11 blog post.

VMware issues critical-rated security updates

VMware has issued updates to fix two security issues the company rated as critical, one of which could lead to a remote session hijacking if exploited.

The hijacking issue, CVE-2019-5523, was in VMware vCloud Director for Service Providers resolves a remote session hijack vulnerability in the Tenant and Provider Portals. The problem attacker could access the Tenant or Provider Portals by impersonating a currently logged in session.