Xopero Blog

PrintNightmare security update / Kaseya attack crisis / WD got new 0-day

The PrintNightmare case definitely dominated the media during the last few days. There was a heated discussion as to whether the patch (released by Microsoft) solves the problem at all. Why such different opinions? The patch turned out to work against all known exploits, but it was not without its flaws. So if you are wondering if it is worth updating – yes, and do it as soon as possible. If there will be another patch release, you can definitely read about it in the Security Center.

Detailed information about the emergency security update – and other IT news – can be found below. Let’s start then.

Read more

Monthly summary: Xopero ONE On-Premise Premiere / Online Tour 2021

It was a long-awaited event  – and we do not mean holidays and summer trips. We couldn’t wait for the official release of Xopero ONE Backup & Recovery. And finally, we can announce it – the Xopero ONE On-Premise version is now available for download on our brand new website! This is of course the hottest news this summer, but along with the release, we are preparing a series of events and activities for you. Stay tuned! 

Read more

REvil got a new target – ESXi VMs / PrintNightmare / Critical bug in NETGEAR routers

Welcome to the Xopero Security Center. Do you remember Dell’s and WD My Book NAS’ stories from last week? Can today’s topics beat them? Let’s find out. There is a new and disturbing trend in the cybercriminal world. More and more hacker groups are migrating towards ESXi virtual machines. Now also REvil operators have prepared a Linux encryptor that is able to encrypt virtual resources. A new PoC exploit also made its (accidentally) debut on the internet. PrintNightmare, the new critical Windows RCE, runs at the highest privilege level. This means that it is capable to dynamically load third-party binaries. As you can see, the problem is quite serious. There has also been a discussion about the critical vulnerabilities in NETGEAR routers which could be reliably abused as a jumping-off point to compromise a network’s security and gain unfettered access. We also have some bad news for LinkedIn users – a new database with 700 million records has just hit the black market. Details can be found below.

Read more

WD My Book Live NAS under active attack – how to not end with the wiped up device

Welcome to the Xopero Security Center! Another ransomware news? No, not this time. However, data can be lost in more ways than one. For example, as a result of an unplanned factory restore. No more than half a week ago WD My Book NAS users fell victim to such a massive “update” or rather some form of a cyberattack. As always, more information can be found below. In this review: Dell is having a serious problem. The pre-installed firmware updater available on their computers may expose almost 30 million users or if you like – 128 models of this manufacturer’s devices, to attack. Also: Microsoft tracks a new BazaCall malware campaign using a fake call center to trick you, and Linux Marketplace bugs allow wormable attacks. Let’s begin.

Read more

US nuclear weapons contractor hit by REvil Group / SolarMarker malware / Minecraft modpacks

Welcome to the Xopero Security Center! It’s a strange, strange world we live in… There is a new malware primary designed to block victims from entering torrent sites and other services with pirated content. And it doesn’t look like some sophisticated anti-piracy operation – generally, specialists have no idea what is going on. Victims should prepare themselves for some future scam or 2nd attack. This news open today’s review but what else our team prepared for you? REvil Group is getting more active again – this time the ransomware has hit US nuclear weapons contractor. There is also a new SolarMarker campaign that uses SEO poisoning to infect targets with a remote access trojan. The last news reports malicious Minecraft modpacks that hit Google Play Store. Ready for more details? Then check the text below.

Read more

6 new zero-days in Windows OS / Attack on Electronic Arts / Android with critical RCE bug

Welcome to the Xopero Security Center! This month’s patch harvest was an extremely big one. The IT world heated up the information about six new zero-days patched by Microsoft in recent days. No less serious update has got Android users. Google has released a fix for the critical RCE bug and other 90+ vulnerabilities … Let’s stop at Google for a little longer. Chrome also has got a series of urgent fixes – one of the bugs is currently being used in a series of attacks. Let’s not forget about the last data breaches and cyberattacks too. Electronic Arts, a game publisher that you probably associate with the FIFA series fell a victim to the hackers. They stole – among other things – Frostbite engine and FIFA 21 source codes. Details, as usual, can be found below.

Read more

Monthly summary: GitProtect.io / World Password Day / Media about us

Here in Poland, we apparently had one of the coldest May’s in the last 40 years! However, paradoxically, we have prepared some really HOT news from last month. Definitely, topic number 1 is GitProtect.io – our brand new GitHub and Bitbucket repository and metadata backup software. This completely breakthrough product lets us believe we have a pretty big chance to become a market leader in the repository backup market. Check it out!

Read more

Epsilon Red / Bug in Microsoft PatchGuard / Necro Python bot

Welcome to the Xopero Security Center! What technological news has captured the imagination of IT specialists and geeks around the world? There were quite a few of them, but we have selected four (plus 10 extra) most interesting. Today’s release opens the new strain of Barebones ransomware called Epsilon Red. Marvel’s comic book fans will probably be familiar with this name. What makes this “villain” different from other threats? Namely, the fact that it is basing the attack chain on PowerShell scripts. Another topic concerns vulnerabilities in Microsoft PatchGuard. The newly detected bug allows attackers to load malicious code directly into the Windows kernel. We also describe the changes that took place inside the Necro Python bot. The latest update brings a number of fresh features as well as exploits for 10 applications – including VMware. The last article is about malicious ads visible on the Google network that can be delivered to your computers by the info stealer.

Enough small talk it’s time to check the whole post.

Read more

New critical security bug in VMware vCenter allows a full takeover

Last week turned out to be extremely unfavorable for Apple. First, the world heard about a new 0-day vulnerability that allows attackers to secretly perform print screens. Yes, let’s forget about any privacy… And then just a few days later, news about M1RACLES has come to our attention too. What is all the hype about? The bug is a result of a flaw in the M1 design. And what is even worse… That information you will find below. In this issue, we also describe a new variant of the Rowhammer attack. Half-Double – this is the name it got – allows bypassing all current defenses. However, today’s Security Center opens the news about a new critical bug detected in VMware vCenter. Given the scale of the threat (9.8/10 CVSS!), exploiting the vulnerability is trivial. Hence the pressure from security experts and the vendor itself to urgently update vulnerable systems.

Read more

MountLocker ransomware / Four 0-day in Android / Scheme flooding / Mercedes-Benz with bugs

Welcome to the newest episode of the Xopero Security Center. What have we got in store this week? First, MountLocker ransomware has been enhanced with a new “skill”. The threat is now able to use Active Directory to efficiently search company networks and infect devices connected to it. We also describe the four most recent 0-day security vulnerabilities found in Android. We also introduce you to the new attack called scheme flooding. This is a very neat method of user profiling based on the applications installed on the device. Today’s release ends with the news about Mercedes. Researchers identified five vulnerabilities in the latest infotainment system in Mercedes-Benz cars. Are you curious and ready for more? Great, then let’s enjoy your ride… eh reading.

Read more