https://bit.ly/3WLm7w3 - 🔎 A new macOS vulnerability, named "Migraine", could allow an attacker with root access to bypass System Integrity Protection (SIP). This flaw, now identified as CVE-2023-32369, was shared with Apple via Microsoft's Coordinated Vulnerability Disclosure and was patched in the latest Apple security updates on May 18, 2023. #CyberSecurity #macOS #Vulnerability 🔒 SIP is a security technology in macOS that restricts a root user from potentially compromising system integrity. A bypass could increase the risk of successful installation of rootkits and persistent malware, potentially expanding the attack surface for further exploits. #SIP #RootAccess 🛠 The discovery of Migraine followed extensive research into system processes, their entitlements, and how they can be tampered with for arbitrary code execution, thus bypassing SIP checks. The vulnerability was uncovered during routine malware hunting and is akin to the previously reported Shrootless vulnerability. #MalwareHunting #CodeExecution 🖥 Migration is a complex procedure involving several components. The research team noted the interaction between Migration Assistant, Setup Assistant, and systemmigrationd and discovered that the Setup Assistant could be run with specific arguments to successfully complete migration without user sign-out. #SystemMigration 🚫 The implications of arbitrary SIP bypasses are severe. Potential impacts include the creation of indestructible malware, expanding the attack surface for further exploits, tampering with system integrity, and enabling rootkits. A full TCC bypass could also grant applications access to private data. #SIPBypass #Malware 🤝 Collaborative research and protection technologies remain vital for securing devices against these potential threats. It's crucial to continue identifying unpatched vulnerabilities and misconfigurations that attackers may exploit.

Tired of malware or hacking issue of your website? We can help you to fix that. Contact us at [email protected] or DM us. #website #websitehacking #websitemalwarecleanup #malware #malwarehunter #websitesecurity #security #malwareprotection #wordpress #psdtoany https://www.instagram.com/p/B0GZT4HgDBk/?igshid=qnnctx74cpfm

[Media] ​​Vultriever

​​Vultriever Vulnerability scoring with Nmap A small tool that allows you to convert to Excel and JSON formats the results of using the #Nmap scanner in conjunction with the built-in Vulners snap-in. It was created to automate the process of inventory of open ports and running network services on the server and scoring of existing vulnerabilities determined based on the versions of the software used. Implemented the use of Vultriever from the terminal and as an imported module in native Python scripts. In the process, Vultriever collects and provides the following information about the server in a structured form: ▫️ Server IP address ▫️ Network port number ▫️ Network port status ▫️ Protocol used by the network port ▫️ Network service operating on the network port and its version ▫️ Vulnerability CVE-identifier ▫️ Vulnerability rating ▫️ URL-link to the description of the vulnerability on the platform Vulners.com https://github.com/MalwareHunters/vultriever

Oekraïne kampt met grootschalige uitbraak van ransomware

Oekraïne kampt met grootschalige uitbraak van ransomware

Opnieuw is er sprake van een grootschalige aanval met ransomware. Na WannaCry gaat het nu om Xdata, al lijkt de infectie zich vooralsnog te beperken tot Oekraïne. Vooralsnog is er geen tool beschikbaar om de bestanden die door Xdata worden versleuteld weer vrij te krijgen.

De verspreiding van de Xdata-ransomware begon vorige week, met een groot aantal infectiehaarden in Oekraïne, zo meldtWired…

View On WordPress

Новый шифровальщик XData Ransomware распространяется стремительнее WannaCry

Исследователи безопасности MalwareHunter обнаружил новую масштабную вспышку заражений новым шифровальщиком XData. Больше всего атак регистрируется на всей территории Украины

#XData #Ransomware #windows #security #WannaCry

via Антивирусы, обзоры и тесты http://ift.tt/2q5omOK

New Ransomware Steals More Than Half Million Dollars Worth Bitcoin

A new ransomware named Ryuk is making the rounds, and, according to current reports, the group behind it has already made over $640,000 worth of Bitcoin. Over the past two weeks, Ryuk, a targeted and well-planned Ransomware, has attacked various organizations worldwide. So far the campaign has targeted several enterprises while encrypting hundreds of PC, storage and data centers in each infected company. Reports leading cyber threat intelligence team at Check Point on their latest analysis. Attacks with this ransomware strain were first spotted last Monday, August 13, according to independent security researcher MalwareHunter, who first tweeted about this new threat. From 13th this month, we seen 5 victims of a ransomware. At least 3 of them are companies (from those, 2 are from US, 1 from Germany, and 1 of the 3 is healthcare related). The ransom note seems Bitpaymer, encrypted files seems Hermes. Strange. 🤔@BleepinComputer @demonslay335— MalwareHunterTeam (@malwrhunterteam) August 17, 2018 While the ransomware’s technical capabilities are relatively low, at least three organizations in the US and worldwide were severely hit by the malware. Furthermore, some organizations paid an exceptionally large ransom in order to retrieve their files. Although the ransom amount itself varies among the victims (ranging between 15 BTC to 50 BTC) it has already netted the attackers over $640,000 reveals 'Check Point'. Check Point also shares an image showing the Bitcoin Transaction Flow, from the ransom payment to the cashing out stage.

Unlike the common ransomware, systematically distributed via massive spam campaigns and exploit kits, Ryuk is used exclusively for tailored attacks. In fact, its encryption scheme is intentionally built for small-scale operations, such that only crucial assets and resources are infected in each targeted network with its infection and distribution carried out manually by the attackers. Screenshots shared by MalwareHunterTeam on Twitter.

The research team at Check Point also says that from the exploitation phase through to the encryption process and up to the ransom demand itself, the carefully operated Ryuk campaign is targeting enterprises that are capable of paying a lot of money in order to get back on track. Their analysis concludes by saying that Check Point’s SandBlast Agent Anti-Ransomware product can protect its users from the vicious Ryuk ransomware. Sources: https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/ https://twitter.com/malwrhunterteam/status/1030529747174998016 Read the full article

Ryuk Ransomware Crew Makes $640,000 in Recent Activity Surge

Ryuk Ransomware Crew Makes $640,000 in Recent Activity Surge

A new ransomware strain named Ryuk is making the rounds, and, according to current reports, the group behind it has already made over $640,000 worth of Bitcoin.

Attacks with this ransomware strain were first spotted last Monday, August 13, according to independent security researcher MalwareHunter, who first tweeted about this new threat.

Ryuk used in targeted attacks only

There have been several…

View On WordPress

Beware of #Thanatos, the latest #cyber-extortion #scam

Another ransomware program is infecting computers, and it’s demanding Bitcoin Cash to let users unlock their files. A report at Bleeping Computer highlights the new ransomware, dubbed Thanatos, that was unearthed by security experts at MalwareHunter Team.

What makes this particular infection noteworthy is that it creates an encrypted file, but the key is not saved anywhere. Whether by accident or…

View On WordPress

В Сети обнаружили новый вирус-вымогатель криптовалют

Специалисты компании MalwareHunter обнаружили в интернете новый вирус-вымогатель Data Keeper.

Украинцев атакует новый вирус-вымогатель, еще опаснее WannaCry

Украинцев атакует новый вирус-вымогатель, еще опаснее WannaCry

В четверг исследователи MalwareHunter, который стоят за сервисом ID-Ransomware, обнаружили новый вирус-вымогатель XData. Состоянием на пятницу, 19 мая, было подтверждено 135 уникальных случаев инфицирования, 95% из них пришлось на украинских пользователей. Для сравнения, в MalwareHunter утверждают, что в нашей стране они зафиксировали всего 30 пострадавших от атаковавшего более 200 000…

View On WordPress

New XData ransomware spreads faster than WannaCry

New Post has been published on https://www.aheliotech.com/blog/new-xdata-ransomware-spreads-faster-than-wannacry/

New XData ransomware spreads faster than WannaCry

Following the emergence of the WannaCry ransomware attack campaign last week, another, possibly bigger outbreak raging predominantly across the Ukraine is underway. The culprit? A new ransomware called XData.

It was spotted over the weekend by security researcher MalwareHunter. MalwareHunter is one of the people behind the ID-Ransomware service that enables users to submit ransomware samples for analysis. XData was submitted via the service.

The infections with XData across Ukraine have been increasing so rapidly it has raised XData to the second most active ransomware strain, second to the ever dominant Cerber.

XData caught the attention of the team due to its rapid spread across Ukraine where, in one day, XData made four times as many victims when compared with the total for the entire week of WannaCry’s reign.

WannaCry has already infected hundreds of thousands of systems across the globe, but if you consider the current rate of XData infection in Ukraine, Russia and Germany, the global impact of XData would far outshine that of WannaCry.

Meet XData

TheXData ransomware was initially spotted in May 2017 and while its distribution method is currently unknown, these are the files and processes currently found on an infected host:

mssql.exe msdns.exe msdcom.exe mscomrpc.exe

XData utilises AES encryption to encrypt files, to which it changes the extension to~xdata~. 

For example, a file named photo.png becomes photo.png.~xdata~.

Source: Bleeping Computer

Once the encryption process is complete, the following ransom note appears:

Source: Bleeping Computer

Unfortunately, at this stage, there is no way to decrypt files locked by the XData ransomware. Researchers will continue to look into this latest outbreak.

We’ll keep you updated on any changes.

Related Posts:

Global WannaCry ransomware outbreak uses known NSA exploits

Decrypt Amnesia ransomware with Emsisoft’s free decrypter

WannaCry Ransomware: Interview with Emsisoft’s…

Remove Cry9 ransomware with Emsisoft’s free decrypter

Emsisoft releases free decrypter for CryptON ransomware