FlixOnline – if you too have this app installed, delete it now

A promise of two months Premium Netflix subscription free of charge and there will always be someone willing to save some money. But in this case, some people got surprised with hijacked WhatsApp and stolen credit card data. While most of our readers were probably smart enough to avoid the FlixOnline app, we can see that this scam is totally working on many people. Everything in this campaign was designed to confuse and get them to believe they are getting free Netflix for real. Word of advice: there is no easy way to get Netflix for free.. Or HBO Max, Disney Plus or anything else.

Read more

Bugs in VMware vRealize Operations platform make RCE and admin’s credentials theft possible

Welcome to the next episode of the Xopero Security Center. Stealing admin credentials or gaining access to the platform capable of managing IT operations in various cloud deployments, allowing admins to monitor the health and capacity of virtual environments is a serious security breach. And these black scenarios become more than possible thanks to two newly discovered [and patched] vulnerabilities in VMware vRealize Operations platform. How severe is this new threat? To uncover this true check the whole post below.

Read more

Purple Fox malware has gained new and alarming worm capabilities

Welcome to the next episode of the Xopero Security Center. This week we are taking a break from MS Exchange and ProxyLogon vulnerabilities. Maybe except this small update: according to Microsoft, 92% of vulnerable Exchange servers are now patched or mitigated. But Microsoft’s ecosystems are profitable targets and attackers take advantage of newer vulnerabilities to infect systems over and over again. Thus, this time we are taking a closer look into an upgraded variant of Purple Fox malware with worm capabilities that targets Microsoft Windows machines. Which one exactly? To find out more, read the full post.

Read more

Microsoft releases a one-click ProxyLogon mitigation tool

Welcome to the next episode of the Xopero Security Center. Race against time – that’s the best description of the ProxyLogon situation. First Microsoft has released emergency patches for vulnerable systems. No more than a week later researchers spotted the first ransomware actively exploiting these vulnerabilities. Now users got a one-click ProxyLogon mitigation tool (details below). The keyword is „mitigation” – it mitigates the risk of exploit until the update will be applied. This is not an alternative. The good news – tens of thousands of Microsoft Exchange servers have been patched already. Experts have never seen patch rates this high for any system before. Still, there are about 82k devices vulnerable to the attack. Hence the new tool. Need to find out more? Check the rest of the article.

Read more

Z0Miner malware / DearCry ransomware and ProxyLogon exploits / reCAPTCHA phishing

Welcome to the next episode of the Xopero Security Center. This time we are taking a closer look into the Z0Miner malware case – a new threat against unpatched ElasticSearch and Jenkins servers. MS Exchange servers are under attack too. Remember the four new zero-day vulnerabilities discovered a few weeks ago? They have got a fancy name now – ProxyLogon exploits – and very effective [DearCry] ransomware which is targeting vulnerable devices. What’s next? There is also a novel phishing attack that uses fake Google reCAPTCHA to swipe Microsoft 365 credentials. There were also some problems with the GitHub logging mechanism. Details can be found below.

Read more

MS Exchange got emergency patches for four critical zero-day flaws

Microsoft is pressing customers to install emergency patches as soon as possible. So far, there is only one highly skilled hacker group actively exploiting the vulnerabilities – named Hafnium – but the situation could change at any time. The best protection against this attack will be applying new patches now, not tomorrow or one week from today. More information about MS Exchange zero-days can be found below.

Read more

Critical RCE flaw in VMware vCenter – fixed, so update now

After multiple proof-of-concept exploit scripts of VMware RCE new bug were published on GitHub, hackers started mass scanning for vulnerable Internet-exposed servers. The company patched the critical vulnerability already, but thousands of unpatched vCenter servers are still reachable over the Internet. This is a serious problem. It does look like this is the last moment for a safe update. More information about vCenter vulnerability can be found below.

Read more

Masslogger comeback – a new and powerful variant steals Outlook and Chrome credentials

MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform for years. (Brand)New and better? Yes. We are dealing with a Trojan horse that tries to steal usernames and passwords from Microsoft Outlook, the Thunderbird email client, and password managers built into Google Chrome, Mozilla Firefox, Microsoft Edge and other browsers. Have you got any suspicious-looking email? Better never open it. Want to find out more about MassLogger? Check the article below for more information.

Read more

Dependency Confusion – a new cyberattack method takes advantage of open ecosystems

A novel supply chain attack, called dependency confusion or a substitution attack, takes advantage of the open ecosystem that many businesses use as part of their app development process. And given that business apps have become increasingly important, any threat to the app development supply chain could potentially have huge implications. Found this short intro interesting? Then click and read the whole new episode of the Xopero Security Center.

Read more