This vulnerability allows remote attackers to execute arbitrary code on affected installations of GnuPG libksba. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
Daily Archives: October 25, 2022
ZDI-22-1466: TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
Ransomware Masquerading as Microsoft Update Targets Home Computers
A new ransomware threat is currently sweeping its way across home computers. And what’s making it extra tricky is that it’s disguised as an operating system update.
Be on the lookout for this new ransomware scheme and protect yourself from ransomware with a few of these tips.
What Is Magniber Ransomware?
Magniber is a new type of ransomware that is disguised at almost every touchpoint until it seemingly pops out of nowhere demanding money. The attack begins when someone visits a fake Windows 10 update website owned by the Magniber cybercriminal group. Once someone clicks on a malicious link on that site, file-encrypting malware downloads onto the device.
Another stealth maneuver of Magniber is that the encryption malware downloads as a JavaScript file straight to the memory of the device, which can often slide under an antivirus’ radar. This malware allows the criminal to view, delete, and encrypt files and gain administrator access of the device. Usually, before the person even knows their device is in danger, Magniber reveals itself and demands a ransom payment in exchange for releasing the documents and giving back control of the computer. If the device owner refuses to pay, the criminal threatens to delete the files forever.1
Personal Ransomware May Be on the Rise
For the last several years, large companies fell left and right to breaches. Hacker groups infiltrated complex cybersecurity defenses, got ahold of sensitive company or customer information, and threatened to release their findings on the dark web if not paid a hefty ransom. The reasons cybercriminals targeted corporate databases versus personal devices wasn’t just because they could demand multiple millions, but because companies were better equipped to make ransom transactions anonymously. Often, cryptocurrency transactions are untraceable, which allows criminals to remain at large.
Now that more everyday people are proficient in cryptocurrency, ransomware may shift to targeting personal devices. Though the ransom payments won’t be as lucrative, there also won’t be corporate cybersecurity experts hot on the cybercriminal’s tail.
How to Keep Your Device Safe
To avoid ransomware schemes similar to Magniber, adopt these three habits to better protect your device and digital privacy:
Turn on automatic updates. It’s best practice to accept all new software and device updates, which makes Magniber an especially difficult threat to detect. Consider configuring your device to auto-update. If you enable automatic updates, you can then treat any other popups or update websites with skepticism. To validate if an update prompt is genuine, go to your operating system or device’s corporate page and search for any announcements about new updates.
Regularly back up your important files. If you store sensitive documents (like your tax returns) or sentimental files (like your wedding photos) on your computer, consider also backing them up on an external hard drive. Not only will that free up memory on your device, but it’ll also protect them in case a cybercriminal takes control of your computer. When your device is scrubbed of these important files in the first place, you can factory reset your device without losing anything. That way, the cybercriminal gets nothing: neither your personal information nor your money.
Avoid risky sites. Magniber downloaded onto devices after a person visited a site controlled by the cybercriminal. If you’re ever suspicious about any site, it’s best to leave and not click on any links while you’re there. Even sites that attempt to mimic legitimate ones leave a few clues that they’re fake. Check for typos, blurry logos, incorrect grammar, and hyperlinks that direct to long, unfamiliar URLs.
Ransomware Protection
If a cybercriminal gets in touch with you and demands a ransom, immediately contact your local FBI field office and file a report with the FBI’s Internet Criminal Complaint Center. From there, the authorities will advise you on how to proceed.
Something you can start with now to defend against ransomware is to invest in McAfee+ Ultimate. It provides the most thorough device, privacy, and identity protection, including $25,000 in ransomware coverage.
1ZDNET, “This unusual ransomware attack targets home PCs, so beware”
The post Ransomware Masquerading as Microsoft Update Targets Home Computers appeared first on McAfee Blog.