Friday, 29 May 2020


#HappyFriday #programming #creativity #idea #quotes


Posted by at No comments:
Labels: , ,

PonyFinal Ransomware Attack.




Microsoft security team is warning about human-operated ransomware attacks. Attacks were reported in US, India and Iran.
In this attacks PonyFinal, a Java-based ransomware, was deployed manually by hackers.
Microsoft said that a target for intrusion is usually system management server where using a brute-force attack PonyFinal get credentials. After getting inside attackers deploys a Visual Basic script that runs a PowerShell reverse shell to steal the local data, after what attackers spread to other local systems and deploy PonyFinal ransomware.
The PonyFinal attack chain by Microsoft:


Posted by at No comments:
Labels: , , , ,

Thursday, 28 May 2020


#cybersecurity #report #wef #forum #attack #prepared




Posted by at No comments:
Labels: , , ,

Apple macOS Catalina: more than 40 vulnerabilities patched.



This week Apple release security update for macOS and Safari. More than 40 vulnerabilities related to different components (such as WiFi, Bluetooth, Sandbox, Audio, AirDrop etc.) and OS versions (Catalina, High Sierra, Mojave) were patched.
The most impacted component with 10 vulnerabilities was Kernel, WiFi with 5 flaws takes a second position.
As for types of issues fixed, we see a big range: from privilege escalation and memory leak to leak of private information and denial of service.
10 vulnerabilities in Safari were fixed as well. Most of them were related to arbitrary code execution, XSS or disclosure of process memory.

Posted by at No comments:
Labels: , , , , , ,

#cybersecurity #hacker #cyberattack #quotes


Posted by at No comments:
Labels: , ,

GitLab tested their employees with phishing emails.



Recently GitLab tested their employees with a phishing campaign. The goal of this test was to check security level of the remote working.
By using a domain name “gitlab.company” GitLab Red team created a phishing campaign with an open-source GoPhish and GSuite. The employees were asked to click on the link in the email and type their credentials on the fake login page.
More than 30% of company’s employees clicked on the link, 20% have submitted their credentials and only 12% reported observed attack to security team.
While this marks are less than average response, but still more that GitLab expected to see.

Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)