Developers Club geek daily blog

Microsoft stops support of Windows 8

1 year, 2 months ago
The Microsoft company stops support of Windows 8 from tomorrow (on January 12). The termination of support is caused in advance fixed date of support lifecycle. Users of this OS can upgrade to the actual version Windows 8.1 OS (updating for Windows 8), to be updated to Windows 10 or to be rolled away back to Windows 7. After this date for Windows 8 security and other updates will cease to leave, thus users of this OS will remain with lifelong 0day vulnerabilities in it.



The 12th the company will let out a set of the patch tuesday updates which will concern also Windows 8. It will be the last set of updates which is let out for it. Then the company will stop supporting outdated versions of the Internet Explorer 7-10 web browser.

Read more »


Google corrected vulnerabilities in Android

1 year, 2 months ago
Google released a security update for Android Nexus Security Bulletin — January 2016 which closes 12 vulnerabilities in this mobile OS. One of the corrected vulnerabilities of CVE-2015-6636 (Remote Code Execution Vulnerability in Mediaserver) belongs to the Remote Code Execution (RCE) type and allows malefactors to perform far off a code with the raised privileges in Android with use of the harmful multimedia file. For delivery of this file the MMS message or a phishing web resource for the browser can be used. Four more critical vulnerabilities belong to the Elevation of Privilege (EoP) type and allow attacking to raise privileges of the code in system to OS kernel level.



Other two vulnerabilities belong to the High type, one of them allows attacking to be connected by CVE-2015-6641 in the Bluetooth component on wireless connection to the device and to get access to personal information of the user. Other vulnerability of CVE-2015-6642 of the Information Disclosure type in a kernel allows to bypass the built-in mechanisms of safety Android and to receive the raised privileges in system.

Read more »


The trojan of BlackEnergy is used in cyberattacks to mass media and industrial facilities of Ukraine

1 year, 2 months ago
BlackEnergy is family of malicious software which was active since 2007. In 2014 the trojan continued the activity and returned in new modification (1,2). BlackEnergy was also active in 2015 and was used by cybergroup of malefactors for attacks to users. Our analysts recorded new activity of this trojan which was used against the media companies of Ukraine and the enterprises of power industry. With use of a trojan malefactors delivered the special KillDisk component specializing in destruction of files on a disk to computers of the victims.



Except BlackEnergy, the cybergroup used one more tool for receipt of access to the infected systems. It is SSH a backdoor. We continue to monitor activity of BlackEnergy and to fix new opportunities of this trojan. Behind receipt of additional information or providing that, send to us the message on the e-mail address threatintel@eset.com.

Read more »


Specialists of Emsisoft found the racketeer on JavaScript

1 year, 2 months ago
Specialists of the Emsisoft company found a malicious application — the racketeer which is written on JavaScript. She received the name Ransom32 and is used by malefactors for the harmful campaigns similar to distribution of many other families of this kind of malicious software. Malefactors selected the high level of anonymity for work with Ransom32, for communication with the managing director C&C-;сервером the racketeer uses the Tor anonymous network, and payment of the redemption is performed in bitcoins.



Use of JavaScript is done by the racketeer cross-platform, it can be used both for Microsoft Windows, and for Linux and Apple OS X. Key feature of Ransom32 is the model of distribution of this racketeer for cybercriminals. It is the Software as a service model (SaaS), at the same time for receipt of access to an administrative control bar a malicious application and its generation, they need to specify the address of the purse Bitcoin only.

Read more »


Microsoft will notify users on state-sponsored cyberattacks

1 year, 2 months ago
The Microsoft company published at itself in the blog information on additional measures for safety of users. She will report to the users that their accounts Microsoft, including, Outlook.com and OneDrive were compromised with the person or a group of persons belonging to state-sponsored to cybergroup.



Microsoft specifies that the used state-sponsored cybergroups methods of a compromise of users differ in the complexity from those which are used by the simple malefactors acting from the personal and mercenary interests. The notification of the user on a compromise will unambiguously not say that the account was compromised, but indicates that the company recorded suspicious activity. Activity means that the user needs to take additional measures for the protection and protection of the accounts of Microsoft.

Read more »


The malicious software of Nemucod specializes in distribution of the racketeer of Teslacrypt

1 year, 3 months ago
From time to time, different campaigns for distribution of malicious applications reach rather high level of activity in one or several countries within several days. In such days, those users who do not protect the computer properly become especially vulnerable. We observed one of similar scenarios last week when the huge growth of number of detection of a trojan of Nemucod was recorded.



Nemucod is usually used by malefactors as the loader or a daunloader for loading of other malicious applications on the computer of the user and their subsequent installation. The number of detection was very high both in the certain countries, and on the world in general. It indicates that harmful campaign was not aimed at the specific country, and was used for infection of the maximum number of users in the different countries of the world.

Read more »


Specialists of FireEye found new butkit

1 year, 3 months ago
Specialists of the FireEye company published data on a butkit under the name BOOTRASH which is used by cybergroup with the name FIN1. FIN1 resorts to use of different malicious software under the general name Nemesis for a compromise of banks and payment terminals. FireEye specifies that the cybergroup uses the mechanism of infection of system at the level of sectors of the hard drive, compromising the known structure of Volume Boot Record (VBR) in which data structures of file system and a code of the loader are located.



The so-called platform of malefactors of Nemesis includes a set of different files and tools, including the keylogger, tools of a file transfer, capture of screenshots and management of the working processes. All these tools are used by malefactors for theft of financial information at banks and payment terminals.

Read more »


Google corrected vulnerabilities in Android

1 year, 3 months ago
Google released a security update for Android Nexus Security Bulletin — December 2015 which closes 19 vulnerabilities in OS. Some of them are rather serious and allow attacking far off to perform a code on the device with use in a special way of the created multimedia files, and these files can be delivered to the user through e-mail, the web browser or the MMS message.



Vulnerability of CVE-2015-6616 in the system Mediaserver component allows malefactors to perform far off a code with the raised privileges on the device through sending the MMS message (Remote Code Execution). Other critical LPE vulnerability in a kernel with the CVE-2015-6619 identifier allows the application to acquire the maximum rights of root in system and full access to all resources of the device. The similar type of vulnerabilities is used for operation rooting execution.

Read more »


The Google Chrome web browser was supplied with the next security-improvement

1 year, 3 months ago
The Google company released the 47th version of the popular Chrome web browser in release. Except correction of a large amount of vulnerabilities in the web browser, for it added new function which was already implemented in a beta. We wrote about it in March of this year. It is about prohibition on use of the win32k.sys driver in sandboxed-processes of Chrome. Then it was in the test mode and was present only at a beta.



Added special setup under the name "Use the Closed Win32k Environment for PPAPI Windows Plug-ins" which allows to specify the plug-ins ought to special control to the new version of the web browser. It is first of all about plug-ins of Flash Player and PDF Reader for which exploits are not a rarity. With the exposed setup, for sandboxed-processes of Chrome in which contexts these players are started prohibition on use of win32k.sys will join.

Read more »


Adobe says goodbye to Flash

1 year, 3 months ago
Adobe urged web developers to refuse use of Flash and to pass to such modern web standards as HTML5. In the post on the official blog the company pointed to importance of development HTML5 and withdrawal from the Flash platform which can be successfully replaced with the new standard. The name Flash will also be replaced in a flagman product of Flash Professional CC with Animate CC. It in turn will become the main product for creation of contents of HTML5.



It should be noted that this is not about the termination of support of the Flash Player player for popular web browsers, his company will continue to support. It is about Flash as technology and about stimulating developers to transition to the modern HTML5 platform which will be supported now also by Adobe. The Flash Player player is known for a large amount of the vulnerabilities for which exploits are constantly used attacking for installation of malicious applications.

Read more »