Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Windscribe
Login or Register to Hide ads and Accessing all features on the forum
Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  





Search Forums

(Advanced Search)

Forum Statistics
» Members: 909
» Latest member: YumMil4
» Forum threads: 1,068
» Forum posts: 1,996

Full Statistics

Online Users
There are currently 18 online users.
» 0 Member(s) | 14 Guest(s)
Bing, Google, MJ12, SEMrush

Latest Threads
Windows Running MS-SQL Se...
Forum: News
Last Post: Mr.Kurd
6 hours ago
» Replies: 0
» Views: 26
Critical RCE Bug in WordP...
Forum: News
Last Post: Mr.Kurd
Yesterday, 11:19 AM
» Replies: 0
» Views: 47
Hackers Deliver LimeRAT M...
Forum: News
Last Post: Mr.Kurd
Yesterday, 11:17 AM
» Replies: 0
» Views: 62
Vulnerability In WPvivid ...
Forum: News
Last Post: Mr.Kurd
Yesterday, 11:11 AM
» Replies: 0
» Views: 51
Hackers Using Zoom’s Popu...
Forum: News
Last Post: Mr.Kurd
03-31-2020, 07:36 AM
» Replies: 0
» Views: 87
Tekya Clicker Malware Hid...
Forum: News
Last Post: Mr.Kurd
03-27-2020, 11:47 AM
» Replies: 0
» Views: 108
FBI takes down hacker pla...
Forum: News
Last Post: Mr.Kurd
03-27-2020, 11:34 AM
» Replies: 0
» Views: 86
Microsoft Alerts Users Of...
Forum: News
Last Post: Mr.Kurd
03-26-2020, 09:03 AM
» Replies: 0
» Views: 135
[Cornavirus Messege] We a...
Forum: General
Last Post: Mr.Kurd
03-25-2020, 09:31 AM
» Replies: 0
» Views: 48
Critical Remote Code Exec...
Forum: News
Last Post: Mr.Kurd
03-25-2020, 08:11 AM
» Replies: 0
» Views: 113

 
Question Windows Running MS-SQL Servers Under Attack!! Hackers Installing 10 Secret Backdoors
Posted by: Mr.Kurd - 6 hours ago - Forum: News - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: sql2005onw2008r2_3.jpg]

Looks like after WP attacks Microsoft MS-SQL Server was the victim.....
Quote:Researchers uncovered a massive attack on Windows running Microsoft SQL servers by a group of hackers using the new wave of long-running attack campaign called Vollgar.


Microsoft SQL Server is a relational database management system developed by Microsoft with 3rd most used Popular Database Platforms deployed in various organization networks around the globe.

This massive long-running attack campaign observed back to 2018 via the honeypot system, since then it was continuously attacking thousand of internet-facing MS-SQL servers for the past two years.

Researchers observed that the Vollgar campaign originated in more than 120 IP addresses and the most of the hits comes from China. some of the attacks initiated from the IP’s that are short lived and the couple of IP’s are living more than 3 months.

“Threat actors are attempting to various forms of attack including password brute force to breach victim machines, deploys multiple backdoors and executes numerous malicious modules, such as multi-functional remote access tools (RATs) and crypto miners”. researchers from Guardicore told GBHackers.

The Source
Wa Salam Alekum

Print this item

Sad Critical RCE Bug in WordPress Plugin Let Hackers Gain Admin Access on 200,000 Website
Posted by: Mr.Kurd - Yesterday, 11:19 AM - Forum: News - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: wordpress+plugin+bug.jpg]

I told you looks like WP having and facing a big hole Big Grin

Quote:Researchers from Wordfence uncovered two RCE vulnerabilities in WordPress SEO plugin called Rank Math let hackers hijack nearly 200,000 vulnerable Websites and gain remote access.


Rank Math is an SEO plugin for WordPress and it gives various SEO features such as Setup Wizard, Google Schema Markup, Optimizes Unlimited Keywords with 200,000 active installations.

The first vulnerability is the most critical one that allows attackers to update arbitrary metadata, including the ability to grant or revoke administrative privileges.

The second vulnerability lets attackers redirect the victims to any website for their choice and any location on the site.

Rank Math’s one of the SEO features allow users to update Metadata on the post. To use this feature, plugin registered a REST-API endpoint that failed to include a permission_callback used for capability checking.

A function called “update_metadata” which you can see in the below image is used to update the slug existing posts or could be used to delete or update metadata for posts which enable this critical vulnerability and it can be exploited



The Source
Wa Salam Alekum

Print this item

Exclamation Hackers Deliver LimeRAT Malware Using Password Protected Excel Spreadsheet’s
Posted by: Mr.Kurd - Yesterday, 11:17 AM - Forum: News - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: limerat-administration-panel.jpg]

Be careful with opining all those files your getting and touching online, always use Sandboxi...

Quote:The Microsoft Office is one of the most popular tools, it’s popularity was abused by cybercriminals to deliver malware.


With this current campaign attacker used Excel file with password-protected, to open the file victims should enter the password and it is included in the social engineered email.

To decrypt the password-protected file victims need to enter the password “VelvetSweatshop“, once decrypted it onboards the malicious macros embedded.

The final payload is the LimeRAT malware, a malicious remote access trojan that gives the attacker complete access to the victim’s machine.

“In this specific attack, the cybercriminals also used a blend of other techniques in an attempt to fool anti-malware systems by encrypting the content of the spreadsheet hence hiding the exploit and payload,” researchers told.


The Source
Wa Salam Alekum

Print this item

Rainbow Vulnerability In WPvivid Backup Plugin Could Expose Files Of WordPress Sites
Posted by: Mr.Kurd - Yesterday, 11:11 AM - Forum: News - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: WordPress-plugin.png]

Hey guys looks like WP came back again with a big hole lol!

Quote:Reportedly, the security team from WebARX found a vulnerability in the WPvivid Backup WordPress plugin. As stated in their advisory, the critical flaw could allow an authenticated user to meddle with the default backup location.

The most critical registered wp_ajax action that does not have an authorization check would be wp_ajax_wpvivid_add_remote.

It allows any authenticated user, regardless of their user role, to add a new remote storage location and set it as the default backup location.

This would result in the backup being made on the new default location set up by the attacker upon execution of the plugin.


This not only causes an unwanted exposure of sensitive data files of the website but may also cause data loss. Likewise, this would also allow the adversary to lure a site admin to execute an action from the plugin.



The Source
Wa Salam Alekum

Print this item

Shocked Hackers Using Zoom’s Popularity in Coronavirus Outbreak to Infect Computers
Posted by: Mr.Kurd - 03-31-2020, 07:36 AM - Forum: News - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: coronavirus-crypto-bitcoin.jpg]

Zoom is very popular now due to online studying on the other hand hackers are not silly also they have took advantage of this process of education:

Quote:Cybercriminals continue to use the Coronavirus outbreak to launch various attacks such as malware, phishing, fraud, and disinformation campaigns.

In the current situation, most of the organization has been closed and the employees are provided with options to work from home. So the RDP and the video communication platforms usage will be high.

It was observed more than 5000+ domains registered for creating infrastructure to support malicious campaigns referring to COVID-19.


Checkpoint observed a huge number of domain’s registered with the names that include “Zoom”, the Zoom is one of the biggest video communication platform used in the world.

“Since the beginning of the year, more than 1700 new domains were registered and 25% of them were registered in the past week. Out of these registered domains, 4% have been found to contain suspicious characteristics.”



The Source
Wa Salam Alekum

Print this item

Rainbow Tekya Clicker Malware Hides in 56 Apps that Downloaded 1 Million Times on GooglePlay
Posted by: Mr.Kurd - 03-27-2020, 11:47 AM - Forum: News - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: Tekya+Clicker.png]

Actually you need to very careful with apps you are downloading and enjoying as they can be harmful!

Quote:Security researchers from Check Point identified 56 malicious apps in play store that aimed to commit mobile fraud with new malware families dubbed ‘Tekya’.

The malware aims to steal user data such as credentials, emails, text messages, and geographical location.

The Tekya malware founded to be hidden with 56 apps that were downloaded more than 1 million times worldwide. Out of 56 apps, 24 of the infected apps targeting apps used by kids such as puzzles to racing games.



The Source
Wa Salam Alekum

Print this item

Tongue FBI takes down hacker platform Deer.io
Posted by: Mr.Kurd - 03-27-2020, 11:34 AM - Forum: News - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: david-rangel-4m7gmLNr3M0-unsplash-1024x682.jpg]

Looks like FBI doing well by taking down hacker platforms Big Grin

Quote:The FBI on Tuesday shut down Deer.io, a Russia-based platform catering to cybercrooks that offered turnkey online storefront design and hosting and a place where they could sell and advertise their wares, including ripped-off credentials, hacked servers, hacking services, gamer accounts and more.

Earlier this month, the bureau nabbed the guy they think was running the show: 28-year-old Kirill Victorovich Firsov, whom the FBI arrested on 7 March 2020 in New York City. He’s been federally charged with unauthorized solicitation of access devices, which carries a maximum penalty of 10 years in prison, though maximum sentences are rarely handed out.


Deer.io was a top market for stolen accounts: a place where crooks could buy and sell credentials for hacked accounts siphoned off of malware-infected computers, PII, and financial and corporate data.

The FBI’s investigation included a Deer.io shopping spree. Earlier this month, agents made these buys:
  •     About 1,100 gamer accounts, including usernames and passwords, for under $20 in Bitcoin. Those accounts often have linked payment methods that hackers can use to make purchases on the real owners’ dime.
  •     About 999 individual PII accounts for about $170 in Bitcoin.
  •     On the same day, it bought another 2,650 accounts for about $522 in Bitcoin. That bought them names, dates of birth and US Social Security numbers: all the data you need to do identity theft and pull off financial fraud.


Wa Salam Alekum

Print this item

Rainbow Microsoft Alerts Users Of Zero-Day RCE Vulnerability In Windows 7 Under Active Exploi
Posted by: Mr.Kurd - 03-26-2020, 09:03 AM - Forum: News - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: Microsoft-fixed-800x445.jpg]

Why I feel that Microsoft doing this attack itself????? to get rid of Win7 users at least.

Quote:Reportedly, Microsoft has issued an alert for all users regarding a vulnerability that ships with the Windows operating system. The bug exists in Adobe Type Manager Library (atmfd.dll) which facilitates rendering PostScript Type 1 fonts inside the OS.


What’s troublesome is that before catching the attention of the vendors for a fix, it attracted hackers. Hence, this vulnerability is now under active exploitation. Microsoft have noted the exploitation of this zero-day vulnerability against Windows 7.

Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.

There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.



The Source
Wa Salam Alekum

Print this item

Heart [Cornavirus Messege] We are all equal now?!
Posted by: Mr.Kurd - 03-25-2020, 09:31 AM - Forum: General - No Replies

In The Name Of Allah
Al-Salam Alekum

[Image: Coronavirus-696x522.jpg]

Hey guys, I hope you spending time right now with your family healthy and happily. IF we could get in deeps with corona virus everyone saying this was a biological weapon used by whoever! This weapon was under control at the very first time when arrived but looks like it is out of control and everyone in jail. As human we don't feel whom are starving before we feel the same feeling. We don't care about whom don't have money before we are fired of our job. What I'm trying to say, it is really and we will be the dumbest one to stay in the same situation after corona virus. Right now we are equal to those people who live in Iraq, Libya, Syria and Yemen. Many more countries in Asia and Africa. We feel them! They are in jail actually internal jail inside their houses which are not really safe and you hope the next target wont be your house and not going to blow on your face.

Don't you really think it is time to think about them?? Don't you think it is out duty to work hard and help those in need?! IF you can't reach Asia but you can give a hand to the homeless down your street near you!!!

We are human but the chances you had to grow they never had!!! The chance you are right now safe inside your house they never hard. The environment you grow in away of bombs blowing your family face!!

I can't stop, but I will stop here and will let you think about it? Would you be the same person before and after corona crisis?! Aren't we all human beings?? Don't you have right to live in peace? What about them? Where are whom once said they have best health system?! These questions and many more can be corona-virus message to us.

Thank you for reading.

We have got you my little friend, now please leave and don't hurt us more
Wa Salam Alekum

Print this item

Question Critical Remote Code Execution Bug in Linux Based OpenWrt OS Affects Millions of Netw
Posted by: Mr.Kurd - 03-25-2020, 08:11 AM - Forum: News - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: Critical-RCE-Bug-Affects-Millions-of-Ope...78x380.jpg]

After Windows 10 Big Grin Linux also affected guys don't be so happy Linux users.

Quote:Security researcher uncovered a critical remote code execution vulnerability in OpenWrt operating system that allows attackers to inject the malicious payload on the vulnerable systems.


OpenWrt is a Linux based operating system that is mainly used in embedded devices and network routers to route the network traffic and is installed on millions of devices around the globe.

The RCE bug addressed in the package list parse the logic of OpenWrt’s opkg (Opkg Package Manager) fork let package manager ignore the SHA-256 checksums embedded in the signed repository index which allows an attacker to bypass the integrity checking of downloaded .ipk artifacts.



The Source
Wa Salam Aelkum

Print this item