MountLocker ransomware / Four 0-day in Android / Scheme flooding / Mercedes-Benz with bugs

Welcome to the newest episode of the Xopero Security Center. What have we got in store this week? First, MountLocker ransomware has been enhanced with a new “skill”. The threat is now able to use Active Directory to efficiently search company networks and infect devices connected to it. We also describe the four most recent 0-day security vulnerabilities found in Android. We also introduce you to the new attack called scheme flooding. This is a very neat method of user profiling based on the applications installed on the device. Today’s release ends with the news about Mercedes. Researchers identified five vulnerabilities in the latest infotainment system in Mercedes-Benz cars. Are you curious and ready for more? Great, then let’s enjoy your ride… eh reading.

Read more

21Nails flaws in Exim servers / Dell with 12 years old security problem / Qualcomm

In today’s Security Center, we revolve around big numbers. We will start with… Dell. The popular computer vendor has a serious problem. Due to a bug that is over 12 years old, millions of users are vulnerable to attack. 2nd: nearly 30% of all mobile phones can become the “entry point” for a more complex attack. The culprit? The Qualcomm’s Mobile Station Modem. 3rd: 21 serious vulnerabilities were detected in Exim mail servers. They are a kind of package, so they also got a collective name – 21Nails. Are they really the proverbial final nails in the coffin? Check for yourself. In this issue, we also describe the apps – downloaded more than 100 million times – with the hard-coded Amazon Web Services private keys. At this point, we can only say that the risk of cyber attacks is really high. Hungry for knowledge? Then please, go ahead and read the rest.

Read more

Look out America! FluBot, the newest SMS phishing scam is coming for you next

Many SMS scams are mostly focused on phishing and trying to trick the user into filling in a form with valuable credentials, FluBot differs from these threats and goes one step ahead. This new banking malware – described in today’s Security Center issue – tries to install malicious software on the phone itself and then uses the device to spread into the user’s contact network. And even if the success rate of this campaign will be low, with the number of SMS being sent out, it will be very profitable for threat actors. Who is behind this most ‘successful’ smishing campaign? How dangerous the FluBot really is? Check the blog post below – and don’t click on any suspicious link or download applications from unreliable sources.

Read more

New QNAP NAS flaws exploited in recent Qlocker ransomware attacks

When we were preparing this Security Center issue, none of us thought that the new campaign which targets QNAP NAS devices is going to escalate in a such way. In just five days, attackers using only the 7zip archive program remotely encrypted QNAP NAS devices – with Qlocker ransomware – from all over the world. How was it possible? Threat actors scanned for devices connected to the Internet and exploited them using the recently disclosed vulnerabilities. More information about these security bugs can be found below.

Read more

Beware! Two new WhatsApp bugs expose you to a man-in-the-middle attack

Android users have new reasons to worry… again. About a week ago, we provided information about the FlixOnline application which operators were able to successfully bypass the application authentication system in the Google Play Store. This time we report two serious bugs found in WhatsApp. They enable the so-called ‘man-in-the-disk’ attack. What is it exactly? Attackers are able to manipulate the data exchanged between the application and external memory. Details can be found below.

Read more

FlixOnline – if you too have this app installed, delete it now

A promise of two months Premium Netflix subscription free of charge and there will always be someone willing to save some money. But in this case, some people got surprised with hijacked WhatsApp and stolen credit card data. While most of our readers were probably smart enough to avoid the FlixOnline app, we can see that this scam is totally working on many people. Everything in this campaign was designed to confuse and get them to believe they are getting free Netflix for real. Word of advice: there is no easy way to get Netflix for free.. Or HBO Max, Disney Plus or anything else.

Read more

Bugs in VMware vRealize Operations platform make RCE and admin’s credentials theft possible

Welcome to the next episode of the Xopero Security Center. Stealing admin credentials or gaining access to the platform capable of managing IT operations in various cloud deployments, allowing admins to monitor the health and capacity of virtual environments is a serious security breach. And these black scenarios become more than possible thanks to two newly discovered [and patched] vulnerabilities in VMware vRealize Operations platform. How severe is this new threat? To uncover this true check the whole post below.

Read more

Purple Fox malware has gained new and alarming worm capabilities

Welcome to the next episode of the Xopero Security Center. This week we are taking a break from MS Exchange and ProxyLogon vulnerabilities. Maybe except this small update: according to Microsoft, 92% of vulnerable Exchange servers are now patched or mitigated. But Microsoft’s ecosystems are profitable targets and attackers take advantage of newer vulnerabilities to infect systems over and over again. Thus, this time we are taking a closer look into an upgraded variant of Purple Fox malware with worm capabilities that targets Microsoft Windows machines. Which one exactly? To find out more, read the full post.

Read more

Microsoft releases a one-click ProxyLogon mitigation tool

Welcome to the next episode of the Xopero Security Center. Race against time – that’s the best description of the ProxyLogon situation. First Microsoft has released emergency patches for vulnerable systems. No more than a week later researchers spotted the first ransomware actively exploiting these vulnerabilities. Now users got a one-click ProxyLogon mitigation tool (details below). The keyword is „mitigation” – it mitigates the risk of exploit until the update will be applied. This is not an alternative. The good news – tens of thousands of Microsoft Exchange servers have been patched already. Experts have never seen patch rates this high for any system before. Still, there are about 82k devices vulnerable to the attack. Hence the new tool. Need to find out more? Check the rest of the article.

Read more