Updated:05:48 PM EST Nov 18


this is ggmania.com subsite Critical WinRAR flaw exploited - TechAmok

TOP STORIES

HEADLINES

7nm Intel Xe GPUs Codenamed 'Ponte Vecchio'
Windows 10 Nov 2019 Update 1909 Released
iPhone 11 Pro vs Original iPhone!
OZZY OSBOURNE - "Under the Graveyard"
NVIDIA Releases GeForce 441.12 WHQL Game Ready Drivers
Death Stranding Rick & Morty ad
2020 Mercedes-Maybach S 650 BRABUS 900 - Details
Slipknot - Psychosocial in 25 styles
No shots Dr. Vet man! I am fierce! Ok, one shot... But I didn't
PCI-Express Gen 6.0 Specification to Finalize by 2021
Greta Thunberg sings Swedish Death Metal
2 Hands 2 Drawings at the same Time - DP Truong
Naruto Running in Area 51
App vs website
Experiment: Coca Cola and Mentos Under Water
Wi-Fi 6 Launches Today As 802.11ax
How Close Are We to Immortality?
20 MOST EMBARRASSING MOMENTS IN SPORTS

Google Stadia - Early reviews
Why Car Windows Have Little Black Dots
Google Maps Can Now Speak Aloud Places in Foreign Languages
NVIDIA Announces Financial Results for Third Quarter Fiscal 2020
AMD Releases Radeon Software Adrenalin 19.11.2
7nm Intel Xe GPUs Codenamed 'Ponte Vecchio'
Insane SpaceX Starlink Pass Nov 12, 2019
Minecraft Earth Launches in US
Windows 10 Nov 2019 Update 1909 Released
NVIDIA Releases GeForce 441.20 WHQL Drivers
Samsung Faces Factory Contamination
The Best Selling Recording Artists From 1969 To 2019
Which is the best graphics card for Red Dead Redemption 2?
iPhone 11 Pro vs Original iPhone!
New Alcatel 3V Offers Huge Screen and Battery
Google Expands Effort to Block Bad Apps
OZZY OSBOURNE - "Under the Graveyard"
AMD Announces Ryzen 9 3950X

Critical WinRAR flaw exploited - [security]
03:51 AM EDT - Mar,28 2019 - post a comment

In one campaign, according to a report published by researchers from security firm FireEye, attackers are spreading files that purport to contain stolen data. One file, titled leaks copy.rar, contains email addresses and passwords that were supposedly compromised in a breach. Attackers claim another file, cc.rar, contains stolen credit card data. Other files have names including zabugor.rar, ZabugorV.rar, Combolist.rar, Nulled2019.rar, and IT.rar.

Hidden inside the files are payloads from a variety of different malware families. They include a keylogger known as QuasarRat and malware containing Chinese language text known as Buzy.

The FireEye report identified three other campaigns, including:

  • One that impersonates an educational accreditation body that seems to use a PDF letter copied from the website of the Council on Social Work Education as a decoy. When extracted, the RAR file plants a Visual Basic script in the computer's startup folder. The script causes the computer to install a remote-access trojan called Netwire.
  • An attack targeting the Israeli military industry that uses decoy files related to SysAid, a helpdesk service based in Israel. A malicious payload, dubbed SappyCache, will decrypt a file stored in a temporary folder to obtain the address of a command and control channel. SappyCache will then attempt to download and install a second-stage malware file from the server. The server never responded during the FireEye analysis.
  • An attack potentially targeting a single person in Ukraine that uses a purported PDF message from the country's former President Viktor Yanukovych. The exploit drops a batch file into the startup folder that, when executed, installed a payload dubbed Empire.

FireEye isn't the only firm that's seeing such exploits. A separate report from security firm Symantec said that an espionage hacking outfit known both as Elfin and APT33 has been spotted exploiting the WinRAR vulnerability against a target in the chemical industry of Saudi Arabia.

Attackers sent a spear-phishing email to at least two employees in the targeted company. The email included a file dubbed JobDetails.rar. If extracted on a computer using a vulnerable version of WinRAR, the attack could install any file of the attackers' choice. Prior to the attack, Symantec updated its software to block exploits. The protection prevented the attack from working against the targeted company.


Short overview of recent news articles

Nov,06 2019 Seagate's Roadmap Calls for 18TB, 20TB Drives in 2020,50TB by 2026
Nov,06 2019 Microsoft's New Unified Office App Available in Public Preview
Nov,06 2019 Google Play Launches Points Rewards Program in US
Nov,06 2019 Epic Games Store exploit allows you to play and keep a game forever
Nov,05 2019 Microsoft Unveils Project Silica
Nov,04 2019 NVIDIA Releases GeForce 441.12 WHQL Game Ready Drivers
Nov,03 2019 Arnold Schwarzenegger Breaks Down His Most Iconic Characters
Nov,03 2019 Death Stranding Rick & Morty ad
Nov,03 2019 How This Blob Solves Mazes
Nov,01 2019 AT&T Tweaks Unlimited Plans
Nov,01 2019 Google Buys Fitbit
Nov,01 2019 Diablo 4 has been officially announced
Oct,31 2019 How a Single Math Error Caused a $500 Million Satellite to Crash
Oct,31 2019 Intel Ice Lake-SP and Cooper Lake-SP Details Leaked
Oct,31 2019 Netflix's The Witcher live-action series trailer
Oct,31 2019 Salma Hayek shows off her curves in seductive beach video
Oct,28 2019 Intel Announces Core i9-9900KS
Oct,28 2019 Apple AirPods Pro Add Active Noise Cancellation
Oct,27 2019 Supercars Accelerating - AC SCHNITZER ACS8, F12Tdf, BRABUS 700...
Oct,27 2019 2020 Mercedes-Maybach S 650 BRABUS 900 - Details
Oct,27 2019 What Happens When Lightning Strikes a Plane
Oct,27 2019 How Your Cat Is Secretly Psychologically Manipulating You
Oct,27 2019 Lenovo ThinkPad P1 unboxing and first impressions
Oct,26 2019 Netflix Testing Variable Speed Playback on Android
Oct,25 2019 Star Wars: The Rise of Skywalker - Final Trailer
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs