Thus, users will no longer be able to upload files via FTP, as well as view the contents of FTP links and folders in the browser.

The refuse from FTP had to be postponed due to the coronavirus pandemic, and so did the Google developers, who even managed to disable FTP in their browser, but then temporarily turned on support for the protocol back.

Google developers have been talking about ditching FTP since 2014, as very few browser users (0.1-0.2%) use the protocol. In 2018, the company first announced plans to officially move away from FTP, and Google engineers began implementing those plans last summer.

As such, it was planned that FTP support would be disabled by default with the release of Chrome 81, and after the release of version 82, all traces of the protocol would be permanently removed from the code.

But the fact is that many government agencies, including the National Institutes of Health, are still actively using FTP, and the developers decided not to create additional problems for them during the crisis.

Now Mozilla engineers have returned to the issue of dropping FTP support by default. In Firefox 88, released today, protocol support was disabled by default, and now Firefox, when faced with an FTP link, tries to pass it to an external application.

In the next release (Firefox 90), the developers are going to permanently remove all code related to the FTP implementation from the browser. Firefox for Android will also be affected by these changes. That is, in the end, users will need a separate client to work with FTP.

The post Mozilla Drops FTP Support Permanently with Firefox 88 Release appeared first on Gridinsoft Blog.

The Lucifer botnet attracted the attention of researchers after numerous incidents involving the exploitation of the critical vulnerability CVE-2019-9081 in the Laravel framework, which could lead to remote execution of arbitrary code.

Version of the malware that uses CVE-2019-9081, was spotted on May 29, 2020, after which the campaign stopped on June 10 and resumed after a few days, but with an updated version of the malware.

“If initially it was believed that the malware was quite simple and designed for mining cryptocurrency (Monero), it has now become clear that Lucifer also has a DDoS component and self-distribution mechanism, built on a number of serious vulnerabilities and brute force”, – say the experts.

For distribution on the network, Lucifer uses such well-known exploits as EternalBlue, EternalRomance and DoublePulsar, stolen from special services and in 2017 published in the public domain by The Shadow Brokers. But the attackers are not limited only to this bug, so the list of exploits taken by Lucifer into service is as follows:

• CVE-2014-6287
• CVE-2018-1000861
• CVE-2017-10271
• CVE-2018-20062 (RCE-vulnerability in ThinkPHP)
• CVE-2018-7600
• CVE-2017-9791
• CVE-2019-9081
• RCE-backdoor in PHPStudy
• CVE-2017-0144
• CVE-2017-0145
• CVE-2017-8464

It is worth noting that all these vulnerabilities have already been fixed, and patches are available for them.

“After using exploits, an attacker can execute arbitrary commands on a vulnerable device. Considering that the attackers use the certutil utility in the payload to distribute the malware, in this case, the targets are both Windows hosts on the Internet and on the intranet”, — write the researchers.

Lucifer is also able to scan machines with open TCP 135 (RPC) and 1433 (MSSQL) ports and check if certain combinations of usernames and passwords are suitable for them. For brute force attacks, the malware uses a dictionary with 300 passwords and seven user names: sa, SA, su, kisadmin, SQLDebugger, mssql and Chred1433.

“The malware is able to infect devices using IPC, WMI, SMB and FTP, using brute force, as well as using MSSQL, RPC and network sharing”,- say the researchers.

Having infected the system, Lucifer places its copy there using the shell command, and also installs XMRig for secret mining of the Monero cryptocurrency (XMR). Judging by the fact that criminals currently earned only 0.493527 XMR (about $30 at the current exchange rate), experts believe that the malicious campaign is just beginning.

Also, gaining a foothold in the system, Lucifer connects to the management server to receive commands, for example, to launch a DDoS attack, transfer stolen system data or inform its operators about the state of the miner.

A newer version of malware also comes with analysis protection and checks the username and the infected machine before attacking. If Lucifer discovers that it is running in an analytical environment, it ceases all activity.

Recall also that according to the observations of information security experts, Evil Corp returns to criminal activity with WastedLocker ransomware.

The post Lucifer malware uses many exploits, is engaged in mining and DDoS attacks appeared first on Gridinsoft Blog.

Google developers have been talking about abandoning FTP since 2014, since very few browser users (0.1-0.2%) use the protocol. In 2018, the company first announced plans officially abandon FTP, and last summer Google engineers began to implement these plans. So, it was planned that FTP support would be disabled by default with the release of Chrome 81, and after version 82 was released, all traces of the protocol would be permanently deleted from the code.

Opt-out of FTP will be gradual. For example, the browser will still download FTP directory lists now, but it will no longer display the files themselves in the browser, but will instead download them”, – say Google engineers.

With the release of Chrome 80, the company began abandoning FTP support by adding the chrome://flags/#enable-ftp flag to its settings, which determines whether FTP support is enabled or not.

FTP support was enabled by default in Chrome 80, but developers have already tested disabling protocol support for 1% of the user base. Disabling FTP support by default was planned in Chrome 81 (but for now, is possible re-enabling using the #enable-ftp flag).

The release of Chrome 81 took place last week (although this version was originally supposed to be released in mid-March, coronavirus pandemic violated company’s plans), and only a couple of days later, one of the browser developers posted a message on the company’s bugtracker.

Due to the current crisis, Google engineers decided to postpone the abandonment of FTP in a stable release, that is, the protocol will work again”, — said the Chrome developer.

Enabling FTP support by default is explained by the fact that developers do not want to create problems with access to FTP content during a pandemic. The fact is that many government agencies, including national health institutes, are still widely using FTP.

The post Due to the pandemic Google developers re-enabled FTP support for Chrome appeared first on Gridinsoft Blog.

Therefore, users will no longer be able to upload files via FTP, and may not be able to view the contents of FTP links and folders in a browser.

“We do this for security reasons. FTP is an insecure protocol, and there is no reason to choose it to download resources instead of HTTPS. Also, a part of the FTP code is very old, unsafe and hard to maintain and we found a lot of security bugs in it in the past», — said Michal Novotny, a software engineer at the Mozilla Corporation, the company behind the Firefox browser.

Mozilla plans to abandon FTP support with the release of Firefox 77, which is scheduled for release this June. If users want to be able to view and upload files via FTP in spite of the ban, they can temporarily manually enable protocol support through the settings on the about: config page.

However, at the beginning of 2021, Mozilla will remove all code that supports the FTP protocol from its browser. After that, returning the protocol to Firefox will fail. Let me remind you that the plans of browser developers to abandon FTP became known back in 2018.

Let me also remind you that in the “parallel universe” Microsoft fixed 0-day vulnerability in Internet Explorer.

Most likely, Mozilla came up with decision on FTP after Google made a similar decision regarding the FTP protocol in Chrome last year.

In August 2019, Google announced plans to remove access and option of viewing FTP links from Chrome.

FTP support will be disabled by default in Chrome v81 and all traces of the FTP protocol will be removed from the Chrome codebase in Chrome 82, which is scheduled for release in late spring or early summer this year. ,

However, Google was forced to suspend the release of new versions of Chrome and Chrome OS due to the coronavirus pandemic. The main reason is “adjusted work schedules”. The fact is that due to the global distribution of COVID-19, Google engineers work at home, like employees of other companies.

“Due to the adjusted work schedules, we are suspending the release of new versions of Chrome. Our main goals are to ensure their stability, security and reliable operation for all who rely on them. We will continue to give priority to the release of security updates that will be included in Chrome 80,” – the Google blog said.

When the company announced that it was removing FTP support from Chrome, Google said that only a small part of its user base had access to and use FTP channels, which was the main factor in making this decision.

The post Firefox Refuses to Support FTP Protocol appeared first on Gridinsoft Blog.