Tag Archive for: “oneclick”

Winter Vivern APT Blasts Webmail Zero-Day Bug With One-Click Exploit


Low-profile threat group Winter Vivern has been exploiting a zero-day flaw in Roundcube Webmail servers with a malicious email campaign targeting governmental organizations and a think tank in Europe that requires only that a user view a message.

Earlier this month, researchers at ESET Research observed the group sending a specially crafted email message that loads an arbitrary JavaScript code in the context of the Roundcube user’s browser window to exploit a newly discovered cross-site scripting (XSS) flaw tracked as CVE-2023-5631. The one-click exploit requires no manual interaction on the part of the user other than viewing the message in a Web browser, the researchers reported in a blog post published Oct. 25.

Roundcube is a freely available, open source webmail solution that’s especially popular with small-to-midsize organizations. The flaw affects versions before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4, and allows for stored XSS via an HTML email message with a crafted SVG document due to the behavior of “program/lib/Roundcube/rcube_washtml.php,” according to its CVE listing. This, in turn, allows a remote attacker to load arbitrary JavaScript code.

ESET Research reported the vulnerability to the Roundcube team on Oct. 12 and received a response and patch from the company two days later on Oct. 14. On Oct. 16, Roundcube released security updates with new versions 1.6.4, 1.5.5, and 1.4.15 to address the flaw.

Long-Term Targeting

Winter Vivern’s activity is often underreported by security researchers but the group has been active since at least December 2020 and shows sympathies with Russia and Belarus, conducting cyber espionage that serves the interest of those nations. The group typically uses malicious documents, phishing websites, and a custom PowerShell backdoor to compromise its targets and may be linked to a sophisticated Belarus-aligned group MoustachedBouncer.

The latest activity observed by ESET— which has been tracking Winter Vivern closely for about a year is consistent with the group’s typical methods, though previously they exploited flaws that already were public, notes ESET Researcher Mathieu Faou.

“Since at least 2022, they have been exploiting XSS…

Source…

NeuShield Introduces One-Click Restore for Windows Servers


FREMONT, Calif., Nov. 17, 2020 (GLOBE NEWSWIRE) — NeuShield, developers of the world’s first mirror shielding technology to instantly recover data and files when other malware defenses fail, today announced the award-winning NeuShield Data Sentinel now supports One-Click Restore on Windows Desktops and Servers. One-Click Restore brings operating system files and settings back to a known good state, allowing organizations to quickly regain access to servers and desktops after a ransomware attack. One-Click Restore also removes both known and unknown malware.

“We are excited to offer our next-generation version of One-Click Restore,” said Yuen Pin Yeap, CEO at NeuShield. “With this ground-breaking technology we can take a snapshot of any Windows Server or Desktop operating system (OS) daily and allow network administrators to revert back to any snapshot to remove ransomware and malware and undo any damage that may exist in the Server OS. This new technology improves performance dramatically and allows NeuShield to restore the Server OS, even when other technologies would otherwise fail.”

According to a report by cybersecurity firm Emsisoft, victims of the 11 largest ransomware attacks reported in the first half of 2020 accounted for $144.2 million in costs related to the attack. And the attacks show no sign of slowing down. According to the 2020 Verizon Data Breach Report, ransomware attacks continue to increase with the number of attacks doubling in the past year.

NeuShield Data Sentinel is unique because it provides another layer of protection beyond what competitive ransomware solutions offer. NeuShield’s anti-ransomware technology allows organizations to recover damaged data without a backup utilizing Mirror Shielding to protect files and ensure instant recovery of important data. This new approach allows customers to instantly recover from any unknown or zero-day threat because NeuShield protects the data, rather than try and find specific threats, without requiring continuous updates and without signatures.

“The availability of One-Click Restore for servers is a game-changer for me and my clients,” said David Macias, CEO at ITRMS, a…

Source…

More Windows 9 rumors: one-click upgrades, interactive tiles, notification center

Rumors about the next major version of Windows continue to trickle out in the run up to an anticipated public preview in September.

Neowin reports that internal builds of the operating system currently sport a one-click upgrade feature to update from one build to the next. While there’s no guarantee that such a feature will necessarily ship, it would be consistent with Microsoft’s move to more rapid releases and continuous improvement rather than infrequent major updates.

Currently, upgrading Windows is a major undertaking. During betas and previews, there’s often no good ability to move from one build to the next without performing a full reinstall. Even when moving between stable versions, upgrading can be failure-prone and time-consuming. While it’s possible that the upgrade capability will be limited to previews, it looks like a strong indication that Microsoft wants to make this process easier.

Read 4 remaining paragraphs | Comments


Ars Technica » Technology Lab