Secrets are meant to be hidden or, at the very least, only known to a specific and limited set of individuals (or systems). Otherwise, they aren't really secrets. In personal life, a secret revealed can damage relationships, lead to social stigma, or, at the very least, be embarrassing. In a developer's or application security engineer's professional life, the consequences of … [Read more...] about Secrets, Secrets Are No Fun. Secrets, Secrets (Stored in Plain Text Files) Hurt Someone
Files
Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware
The notorious Emotet botnet has been linked to a new wave of malspam campaigns that take advantage of password-protected archive files to drop CoinMiner and Quasar RAT on compromised systems. In an attack chain detected by Trustwave SpiderLabs researchers, an invoice-themed ZIP file lure was found to contain a nested self-extracting (SFX) archive, the first archive acting as a … [Read more...] about Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware
This New Malware Family Using CLFS Log Files to Avoid Detection
Cybersecurity researchers have disclosed details about a new malware family that relies on the Common Log File System (CLFS) to hide a second-stage payload in registry transaction files in an attempt to evade detection mechanisms. FireEye's Mandiant Advanced Practices team, which made the discovery, dubbed the malware PRIVATELOG, and its installer, STASHLOG. Specifics about the … [Read more...] about This New Malware Family Using CLFS Log Files to Avoid Detection
Secret Chat in Telegram Left Self-Destructing Media Files On Devices
Popular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats. The vulnerability was discovered by security researcher Dhiraj Mishra in version 7.3 of the app, who disclosed his findings to Telegram on December 26, 2020. The issue has since … [Read more...] about Secret Chat in Telegram Left Self-Destructing Media Files On Devices
How to decrypt files encrypted by Fonix
When the Fonix ransomware group suddenly announced the end of its activities and published a master key for decoding encrypted files, our experts immediately updated the Rakhni Decryptor tool to automate the process. You can download the tool right here. The Fonix example illustrates yet again why even if you don’t plan to pay the ransom (a smart choice), you should hold on to … [Read more...] about How to decrypt files encrypted by Fonix
How to recover files encrypted by Yatron and FortuneCrypt
Ransomware has been and remains a big headache for both users and experts alike. It is not a simple task to recover files encrypted by ransomware, and in many cases it’s impossible. But we have good news for the victims of Yatron and FortuneCrypt malware: Kaspersky experts have developed and published decryptors for the files this particular malware encrypts. How to decrypt … [Read more...] about How to recover files encrypted by Yatron and FortuneCrypt
KDE Linux Desktops Could Get Hacked Without Even Opening Malicious Files
If you are running a KDE desktop environment on your Linux operating system, you need to be extra careful and avoid downloading any ".desktop" or ".directory" file for a while.A cybersecurity researcher has disclosed an unpatched zero-day vulnerability in the KDE software framework that could allow maliciously crafted .desktop and .directory files to silently run arbitrary code … [Read more...] about KDE Linux Desktops Could Get Hacked Without Even Opening Malicious Files
17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device
Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer.Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he … [Read more...] about 17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device