Node.js zlib Module DoS (Jan 27, 2018)

Node.js is an open-source, cross-platform JavaScript run-time environment for executing JavaScript code server-side. A denial of service vulnerability exists in Node.js. When the zlib v1.2.9 component in Node.js handles the 8-bit Z_STREAM_ERROR error code, there is an logic error that ignored certain values, causing an unhandled exception. An attacker could cause denial of service by sending a certain crafted HTTP request via the WebSocket protocol. The affected version includes node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0.

Read More…

Sudden surge in Android miner malware observed (Jan 8, 2018)

Sonicwall Threats Research team observed a sudden spike in Android apps with hidden crypto miner functionality. Such apps masquerade themselves as legitimate apps – such as games, music or video apps but in the background they start mining cryptocurrency using the resources of the infected victim’s hardware.

Malicious Android apps with mining capability have been existing already but we saw a sudden surge in such apps on January 8, 2018. With the recent popularity of crypto-currencies like Bitcoin, Ethereum and Ripple the rise in such malware apps is not surprising.

Read More…

Genasom Ransomware operator requests remote access for fix (Jan 5th, 2018)

The SonicWall Capture Labs Threat Research Team has conducted an experimental dialog similar to our previous PayDay ransomware SonicAlert. This time we look at a ransomware threat known as Genasom where the operators use email to communicate and negotiate payment with their victims. In this case the operator wanted direct access to the infected machine in order to “fix” the problem after which a small donation is requested (according to them).

Read More…