The Security Blog From Gridinsoft

Invisible Challenge in TikTok Became a Place to Spread Malware

TikTok Invisible Challenge Is Used to Spread Malware

TikTok Invisible Challenge became yet another host for threat actors. Crooks found a way to spread the WASP information stealer…

Ragnar Locker Ransomware Accidentally Attacked Belgian Police

The operators of the ransomware Ragnar Locker published on their “leak site” the data stolen from the police unit of…

WhatsApp Hacked, Almost 500 Million Users Exposed

On November 28, 2022, information regarding a new WhatsApp breach appeared. The hacker offers a database with stolen data for…

“Password” Topped the List of the Most Common Passwords in 2022

The NordPass password manager team has prepared annual statistics by analysing the most commonly used and weakest passwords of 2022.…

Fake MSI Afterburner Infects Users’ Machines with Miners and Stealers

According to cybersecurity specialists from Cyble, attackers distribute miners and the RedLine infostealer using download sites for the fake MSI…

Chrome 0-day vulnerability

Google engineers fixed Chrome 0-day vulnerability that was already under attacks

Google engineers have released an updated version of Google Chrome (86.0.4240.111) and warn that they have fixed in browser 0-day vulnerability that has been already under active attacks. The error…

Bughunter stole Monero exploit

Bughunter stole a Monero exploit from another cybersecurity specialist and received a reward for it

Bleeping Computer reporters drew attention to an interesting case that occurred as part of the bug bounty of the Monero program on HackerOne. Bughunter stole a Monero vulnerability exploit discovered…

P2P botnet Interplanetary Storm

P2P botnet Interplanetary Storm accounts more than 9000 devices

Bitdefender experts gave a detailed description of the work of the P2P botnet Interplanetary Storm (aka IPStorm), which uses infected devices as a proxy. According to researchers, the botnet includes…

the most powerful DDoS attack

Google revealed the most powerful DDoS attack in history

This week, the Google Cloud team talked about a previously unknown DDoS attack that targeted a Google service back in September 2017 and peaked at 2.54 TB/sec, making it the…

Dangerous Bluetooth bugs in Linux

Google and Intel experts warn of dangerous Bluetooth bugs in Linux

Google and Intel engineers warn of dangerous Bluetooth bugs that threaten all but the latest Linux kernel versions. The bugs are collectively known as BleedingTooth and are associated with the…

Hackers use open source tools

Hackers are increasingly using open source tools for attacks

Speaking at the Virus Bulletin conference, Intezer Labs analysts said that hackers are increasingly using open source tools for attacks, and listed freely available tools that hackers majorly abuse. Such…

Malicious Windows Update client

Attackers can use Windows Update client to execute malicious code

Hackers can exploit Windows Update client to execute malicious code on the system as part of the Living off the Land (LotL) method. The Windows Server Update Services (WSUS)/Windows Update…

Five Eyes India and Japan

Five Eyes Alliance, India and Japan Call for Backdoors in Software

Countries participating in the Five Eyes Alliance (which brings together intelligence agencies in Australia, Canada, New Zealand, the United States and the United Kingdom), as well as India and Japan,…

MalLocker ransomware tricks Russians

MalLocker ransomware easily tricks Russians, pretending to be a screen lock from the police

Microsoft experts talked about the new Android ransomware AndroidOS/MalLocker. (hereinafter simply MalLocker), which easily tricks Russians by pretending to be a screen lock from the police. Android ransomware abuses the…

Cellmate chastity belts vulnerable

Cellmate men’s chastity belts are vulnerable to attacks and dangerous for users

Pen Test Partners analysts have studied an extremely unusual device: the Cellmate male chastity belts, manufactured by the Chinese company Qiui. So Cellmate chastity belts turned out to be quite…

collecting data npm packages

Researchers discovered four npm packages that were collecting user data

Sonatype identified four npm packages that collected and sent to their creator’s data about user machines, such as IP addresses, computer username, home directory path, processor model, and country and…

The legendary John McAfee arrested

US authorities arrested legendary John McAfee for tax avoidance

The US Department of Justice reported that the legendary John McAfee was arrested in Spain. The fact is that the former head of MacAfee is accused of tax avoidance, deliberate…