Articles for May 2017

7-Year-Old Samba Flaw Lets Hackers Access Thousands of Linux PCs Remotely

A 7-year-old critical remote code execution vulnerability has been discovered in Samba networking software that could allow a remote attacker to take control of an affected Linux and Unix machines.

Samba is open-source software (re-implementation of SMB networking protocol) that runs on the majority of operating systems available today, including Windows, Linux, UNIX, IBM System 390, and OpenVMS.

Samba allows non-Windows operating systems, like GNU/Linux or Mac OS X, to share network shared folders, files, and printers with Windows operating system.

Read more here.

Newly Found Malware Uses 7 NSA Hacking Tools, Where WannaCry Uses 2

A security researcher has identified a new strain of malware that also spreads itself by exploiting flaws in Windows SMB file sharing protocol, but unlike the WannaCry Ransomware that uses only two leaked NSA hacking tools, it exploits all the seven.

Last week, we warned you about multiple hacking groups exploiting leaked NSA hacking tools, but almost all of them were making use of only two tools: EternalBlue and DoublePulsar.

Now, Miroslav Stampar, a security researcher who created famous ‘sqlmap’ tool and now a member of the Croatian Government CERT, has discovered a new network worm, dubbed EternalRocks, which is more dangerous than WannaCry and has no kill-switch in it.

Read more here.

WannaCry ransomware deadline passes, but few pay up | ZDNet

Despite the chaos caused by the recent ransomware attack, the criminals behind it have netted a relatively small amount of cash.
As the Wannacry ransomware worm wreaked havoc across the globe last week, claiming hundreds of thousands of victims in 150 countries, it issued victims with a simple demand: pay up or lose access to your data.

Those organisations which became infected were met with a ransom demand for $300 in Bitcoin to be sent to the attackers. If that payment wasn’t made within three days, the extortion demand rose to $600 — and those who left it a week were threatened with their files being deleted forever.

Source: WannaCry ransomware deadline passes, but few pay up | ZDNet

WikiLeaks Reveals ‘Athena’ CIA Spying Program Targeting All Versions of Windows

WikiLeaks has published a new batch of the ongoing Vault 7 leak, detailing a spyware framework – which “provides remote beacon and loader capabilities on target computers” – allegedly being used by the CIA that works against every version of Microsoft’s Windows operating systems, from Windows XP to Windows 10.

Dubbed Athena/Hera, the spyware has been designed to take full control over the infected Windows PCs remotely, allowing the agency to perform all sorts of things on the target machine, including deleting data or uploading malicious software, and stealing data and send them to CIA server.

Read more here.

Beware! Built-in Keylogger Discovered In Several HP Laptop Models

Do you own a Hewlett-Packard (HP) laptop?

Yes? Just stop whatever you are doing and listen carefully:

Your HP laptop may be silently recording everything you are typing on your keyboard.

While examining Windows Active Domain infrastructures, security researchers from the Switzerland-based security firm Modzero have discovered a built-in keylogger in an HP audio driver that spy on your all keystrokes.

Read more here.