Infosec bits for week 12/21

Kgwadi Matenche

2021-03-26 13:33

Vulnerabilities & Patches:
- OpenSSL 1.1.1k Patches Two High-Severity Vulnerabilities [Eduard Kovacs, SecurityWeek]
- RCE flaw in Apache OFBiz could allow to take over the ERP system [Pierluigi Paganini, Security Affairs]
- New Zoom Screen-Sharing Bug Lets Other Users Access Restricted Apps [Ravie Lakshmanan, The Hacker News]
- Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online [Ravie Lakshmanan, The Hacker News]
- Cisco addresses critical bug in Windows, macOS Jabber clients [Sergiu Gatlan, Bleeping Computer]
Breaches:
- Ransomware gang leaks data stolen from Colorado, Miami universities [Lawrence Abrams, Bleeping Computer]
- Ministry of Defence academy hit by state-sponsored hackers [Pierluigi Paganini, Security Affairs]
- Computer giant Acer hit by $50 million ransomware attack [Lawrence Abrams, Bleeping Computer]
News:
- Standard Bank blocks spoofed Web sites, millions of e-mails [Sibahle Malinga, ITWeb]
- Microsoft: Ongoing, Expanding Campaign Bypassing Phishing Protections [Ionut Arghire, SecurityWeek]
- PPS works to restore full functionality after cyber attack [Simnikiwe Mzekandaba, ITWeb]
- Russian Pleads Guilty in Tesla Hacking Scheme [Scott Ferguson, BankInfoSecurity]
Others:
- New Windows 10 emergency updates fix remaining printing issues [Lawrence Abrams, Bleeping Computer]
- Can We Stop Pretending SMS Is Secure Now? [Brian Krebs, Krebs on Security]
- Microsoft Defender adds automatic Exchange ProxyLogon mitigation [Sergiu Gatlan, Bleeping Computer]
- Purple Fox Rootkit Now Propagates as a Worm [Amit Serper, Guardicore]

Infosec bits for week 11/21

Schalk Peach

2021-03-19 11:10

Data Leaks (NOT Breaches)
- Utah Company Stored Passport Scans on Unsecured Server [Sarah Coble, InfoSecurity Magazine]
Microsoft Exchange
- Updates on Microsoft Exchange Server Vulnerabilities [US CERT]
- Microsoft releases one-click mitigation tool for Exchange Server hacks [Charlie Osborne, ZDNet]
Education
- FBI warns of escalating Pysa ransomware attacks on education orgs [Sergiu Gatlan, Bleeping Computer]
The SPECTRE Returns
- A Spectre proof-of-concept for a Spectre-proof web [Google Security Blog]
More Solarwinds Fallout
- Mimecast Update: SolarWinds Hackers Stole Source Code [Akshaya Asokan, BankInfoSecurity]
Business Security Featurette – Business Email Compromise
- BEC Attacks: What They Are and How to Protect Yourself [WestStar Bank]
- Business Email Compromise [TrendMicro]
- How to Recognize a Business Email Compromise Attack [Joan Goodchild, SecurityIntelligence]
International Regulation News
- California Passes New Regulation Banning “Dark Patterns” Under Landmark Privacy Law [Brianna Provenzano, Gizmodo]
- Spanish Data Protection Agency Issues Highest Ever Fine [Sarah Coble, Infosecurity Magazine]
Other Things
- Fintech Giant Fiserv Used Unclaimed Domain [Krebs on Security]
- OVH Data Center Fire Impacts Cyber-criminals [Sarah Coble, Infosecurity Magazine]
- Critical RCE Flaw Reported in MyBB Forum Software—Patch Your Sites [Ravie Lakshmanan, The Hackers News]

Infosec bits for week 10-21

Roderick Mooi

2021-03-12 09:54

University of the Highlands and Islands shuts down campuses as it deals with ‘ongoing cyber incident’ [Gareth Corfield, The Register]
- See also: University ‘hacks’ as a justification to include the sector in Critical Infrastructure Bill
Microsoft Patch Tuesday, March 2021 Edition [Brain Krebs, Krebs on Security]
Realistic Patch Management Tips, Post-SolarWinds [Sara Peters, Dark Reading / Informa]
Security baseline (FINAL) for Windows 10 and Windows Server, version 20H2 [Rick Munck, Microsoft]
- See also: Windows security baselines
Combating Risk Negligence Using Cybersecurity Culture [Hunter Sekara, Tripwire / SiloSmashers]
Google is done with cookies, but that doesn’t mean it’s done tracking you [Sara Morrison, Vox Media]
Microsoft’s MSERT tool now finds web shells from Exchange Server attacks [Lawrence Abrams, Bleeping Computer]
5 Lessons Learned from the Largest Third-Party Breaches in 2020 [Black Kite]
Linux Foundation unveils Sigstore — a Let’s Encrypt for code signing [Lawrence Abrams, Bleeping Computer]
Whitelist Me, Maybe? “Netbounce” Threat Actor Tries A Bold Approach To Evade Detection [Rotem Kerner, Fortinet]

Infosec bits for week 09/21

Renier van Heerden

2021-03-04 19:22

The Human Factor
- Offboarding: A Checklist for Safely Closing an Employee’s Digital Doors [Sue Poremba, SecurityIntelligence]
- Hackers exploit websites to give them excellent SEO before deploying malware [Charlie Osborne, ZDNet]
Vulnerabilities and Leaks
- Working Windows and Linux Spectre exploits found on VirusTotal [Sergiu Gatlan, BleepingComputer]
- Far-Right Platform Gab Has Been Hacked—Including Private Data [Andy Greenberg, Wired]
- First Fully Weaponized Spectre Exploit Discovered Online [Catalin Cimpanu, The Record]
- Unprotected Private Key Allows Remote Hacking of Rockwell Controllers [Eduard Kovacs, Security Week]
- Exclusive: Flaws in Zoom’s Keybase App Kept Chat Images From Being Deleted [Paul Roberts, The Security Ledger]
Ransomware (But it used to be a great plugin)
- Attackers Turn Struggling Software Projects Into Trojan Horses [Robert Lemos, DARKReading]
- Is Your Browser Extension a Botnet Backdoor? [Krebs on Security]
SolarWinds
- Microsoft Releases Free Tool for Hunting SolarWinds Malware [Kelly Jackson Higgins, DARKReading]
- Intern caused solarwinds123 password leak, former SolarWinds CEO says [Pierluigi Paganini, SecurityAffairs]
Eduction and Research
- FBI Investigating Michigan School District Hack [Sarah Coble, Infosecurity Magazine]
- Oxford University lab with COVID-19 research links targeted by hackers [Charlie Osborne, ZDNet]
Other
- Security, Privacy Issues Found in Tens of COVID-19 Contact Tracing Apps [Ionut Arghire, Security Week]
- Social network Gab hacked, hit with $500,000 ransom demand [Carrie Mihalcik, CNet]
- NSA Releases Guidance on Zero Trust Security Model [US CERT]

Infosec bits for week 08/21

Kgwadi Matenche

2021-02-26 13:57

Vulnerabilities & Patches
- Google Discloses Details of Remote Code Execution Vulnerability in Windows [Eduard Kovacs, Security Week]
- Hackers Scanning for VMware vCenter Servers Affected by Critical Vulnerability [Eduard Kovacs, Security Week]
- VMware ESXi and vCenter Server updates address multiple security vulnerabilities [VMware]
- Cisco Patches Severe Flaws in Network Management Products, Switches [Ionut Arghire, Security Week]
- Python programming language hurries out update to tackle remote code vulnerability [Liam Tung, ZDNet]
- Bitter APT Enhances Its Capabilities With Windows Kernel Zero-day Exploit [Cybleinc, Cyble]
Breaches
- Rain hit by security breach [MyBroadband]
- Kia Motors America suffers ransomware attack, $20 million ransom [Lawrence Abrams, Bleeping Computer]
- Dutch Research Council (NWO) confirms ransomware attack, data leak [Ionut Ilascu, Bleeping Computer]
- Lakehead University Shuts Down Campuses and Computers After Cyberattack [Alina Bizga, Bitdefender]
News
- Protecting Against Vaccine-Themed Attacks and Misinformation [Laurence Pitt, Security Week]
- Microsoft open sources CodeQL queries used to hunt for Solorigate activity [Microsoft]
- NASA and the FAA were also breached by the SolarWinds hackers [Sergiu Gatlan, Bleeping Computer]
- North Korean hackers target defense industry with custom malware [Sergiu Gatlan, Bleeping Computer]
Fraud & Leaks
- How $100M in Jobless Claims Went to Inmates [Brian Krebs, Krebs on Security]
- Medical Data of 500,000 French Residents Leaked Online [Sarah Coble, Info Security Group]
Others
- Intel wireless driver updates fix Windows 10 blue screen issues [Sergiu Gatlan, Bleeping Computer]
- Ransomware Attacks Double Against Global Universities [Phil Muncaster, Info Security Group]
- Truecaller violates South Africa’s new privacy laws – Legal experts [Hanno Labuschagne, MyBroadband]

Infosec bits for week 07/21

Renier van Heerden

2021-02-19 09:54

More Solarwinds News
- SolarWinds hack was ‘largest and most sophisticated attack’ ever: Microsoft president [Brad Heath, Reuters]
- Microsoft says SolarWinds hackers stole source code for 3 products [Dan Goodin, Ars Tech]
- Microsoft admits some Azure, Exchange, Intune source code snaffled in SolarWinds schemozzle [Simon Sharwood, The Register]
- Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack [Simon Sharwood, The Register]
Exploits/ Patches
- Half of Apps Contain at Least One Serious Exploitable Vulnerability [James Coker, Info Security Group]
- Exploit Details Emerge for Unpatched Microsoft Bug [Tara Seals, Threat Post]
- Mac Malware Targets Apple’s In-House M1 Processor [Lindsey O’Donnell, Threat Post]
- Three New Vulnerabilities Patched in OpenSSL [Eduard Kovacs, Security Week]
- Agent Tesla hidden in a historical anti-malware tool [Jan Kopriva, ISC InfoSec Handlers Diary Blog]
- Microsoft starts removing Flash from Windows devices via new KB4577586 update [Catalin Cimpanu, ]
Compromises
- Yandex said it caught an employee selling access to users’ inboxes [Catalin Cimpanu, ZDNet]
- New type of supply-chain attack hit Apple, Microsoft and 33 other companies [Dan Goodin, Ars Tech]
- Fake Amazon reviews still sold in bulk—it costs $10,900 for 1,000 reviews. [Jon Brodkin, Ars Tech]
- Owner of app that hijacked millions of devices with one update exposes buy-to-infect scam [Charlie Osborne, ZDNet]
- Windows and Linux servers targeted by new WatchDog botnet for almost two years [Catalin Cimpanu, ZDNet]
- WebKit Zero-Day Vulnerability Exploited in Malvertising Operation [Eduard Kovacs, Security Week]

Infosec bits for week 06/21

Roderick Mooi

2021-02-12 13:51

Higher Education
- SU data breach exposes nearly 10,000 names, Social Security numbers [Michael Sessa, The Daily Orange]
  - See also: Personal information of CU students, employees may have been compromised in cyberattack
Critical Infrastructure
- What’s most interesting about the Florida water system hack? That we heard about it at all. [Krebs on Security]
  - See also: Breached water plant employees used the same TeamViewer password and no firewall
- Eletrobras, Copel energy companies hit by ransomware attacks [Ionut Ilascu, Bleeping Computer]
Suppy Chain
- Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies [Alex Birsan, Medium]
Cloud
- Secure Service Configuration in AWS, Azure, & GCP [Brandon Evans & Eric Johnson, SANS Institute]
  - See also: Multiple Clouds Require Multiple Solutions: AWS, Azure, & GCP – SANS @Mic
Patch Tuesday
- Microsoft February 2021 Patch Tuesday fixes 56 flaws, 1 zero-day [Lawrence Abrams, Bleeping Computer]
- Swarm of Palo Alto PAN-OS vulnerabilities [Mikhail Klyuchnikov and Nikita Abramov, PT SWARM / Positive Technologies Offensive Team]
Other
- CD Projekt Red refuses to negotiate with hackers who stole Witcher 3 and Cyberpunk 2077 source code [Darryn Bonthuys, Critical Hits]
- Police seize $60 million of bitcoin! Now, where’s the password? [John O’Donnell, Reuters]
- Web shell attacks continue to rise [Microsoft]
- That Slack email you just got asking to reset your password is legit, not a scam [Ryne Hager, Android Police]
- Ransomware Attackers Set Their Sights on SaaS [Kelly Sheridan, Dark Reading / Informa Tech]
- Instagram Unmasks High Profile ‘OG’ Account Stealers, Threatens to Sue [Joseph Cox, Motherboard by Vice]

Infosec bits for week 05/21

Schalk Peach

2021-02-05 11:45

Ransomware Evolution
- FonixCrypter ransomware gang releases master decryption key [Catalin Cimpanu, ZDNet]
Supply Chain Concerns
- A New Software Supply‑Chain Attack Targeted Millions With Spyware [Ravie Lakshmanan, The Hacker News]
- Hacker group inserted malware in NoxPlayer Android emulator [Catalin Cimpanu, ZDNet]
- Security firm Stormshield discloses data breach, theft of source code [Catalin Cimpanu, ZDNet]
SolarWinds Saga
- CISA Says Many Victims of SolarWinds Hackers Had No Direct Link to SolarWinds [ROOTDAEMON]
- 30% of “SolarWinds hack” victims didn’t actually use SolarWinds [Jim Salter, Ars Technica]
- Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities [Martin Rakhmanov, TrustWave]
- 3 New Severe Security Vulnerabilities Found In SolarWinds Software [Ravie Lakshmanan, The Hacker News]
Bugs and Exploits
- Severe bug in Libgcrypt – used by GPG and others – is a whole heap of trouble, prompts patch scramble [Thomas Claburn, The Register]
- SonicWall zero-day exploited in the wild [Catalin Cimpanu, ZDNet]
- Industrial Gear at Risk from Fuji Code-Execution Bugs [Tara Seals, ThreatPost]
- Google patches an actively exploited Chrome zero-day [Catalin Cimpanu, ZDNet]
- Malicious Chrome and Edge add-ons had a novel way to hide on 3 million devices [Dan Goodin, Ars Technica]
Further Reading
- Flash is dead—but South Africa didn’t get the memo [Jim Salter, Ars Technica]
- Top 10 most exploited vulnerabilities from 2020 [Zeljka Zorz, HelpNetSecurity]

Infosec bits for week 04/21

Kgwadi Matenche

2021-01-29 15:41

News
- International Action Targets Emotet Crimeware [Brian Krebs, Krebs on Security]
- Apple Adds ‘BlastDoor’ to Secure iPhones From Zero-Click Attacks [Ryan Naraine, Security Week]
- Critical Vulnerability Patched in ‘sudo’ Utility for Unix-Like OSes [Jai Vijayan, Information Week]
- DDoS-Guard To Forfeit Internet Space Occupied by Parler [Brian Krebs, Krebs on Security]
- The Great African IP Address Heist – South African Internet resources worth R558 million usurped with shady domains [Jan Vermeulen, MyBroadband]
Breaches
- BYKEA data breach: Pakistani ride-hailing app exposed 400m records [Waqas, Hack Read]
- USCellular hit by a data breach after hackers access CRM software [Lawrence Abrams, Bleeping Computer]
Vulnerabilities
- Windows Installer zero-day vulnerability gets free micropatch [Ionut Ilascu, Bleeping Computer]
- CVE-2021-3156: Heap-Based Buffer Overflow in Sudo [Animesh Jain, Qualys]
Leaks and Privacy
- GRINDR faces $10mn fine in Norway for illigal data Sharing [AFP, EWN]
- Privacy predictions for 2021 [Anna Larkina, Vladislav Tushkanov, Dmitry Momotov, SECURELIST]
- Giant leak exposes data from almost all Brazilians [Leonard Manson, Somag News]
Other News
- Microsoft rolls out Application Guard for Office to all customers [Sergiu Gatlan, Bleeping Computer]

Infosec bits for week 03/21

Renier van Heerden

2021-01-22 12:14

News
- SA can expect cyber threats during Covid vaccination roll out [Rudolph Nkgadima, IOL]
- Massive blackouts have hit Iran. The government is blaming bitcoin mining [Miriam Berger, The Washington Post]
- Global Cybersecurity Spending to Soar 10 percent in 2021 [Phil Muncaster, Infosecurity Magazine]
Breaches
- OpenWRT Forum user data stolen in weekend data breach [Ionut Ilascu, Bleeping Computer]
- Hackers alter stolen regulatory data to sow mistrust in COVID-19 vaccin [Dan Goodin, Ars Technica]
- Malwarebytes said it was hacked by the same group who breached SolarWinds [Catalin Cimpanu, ZDNet]
- Hacker leaks full database of 77 million Nitro PDF user records [Sergiu Gatlan, Bleeping Computer]
- MyFreeCams site hacked to steal info of 2 million paying users [Ionut Ilascu, Bleeping Computer]
Advice
- What you should know before leaking a zoom Meeting [Nikita Mazurov, The Intercept]
- FireEye releases tool for auditing networks for techniques used by SolarWinds hackers [GitHub]
- NSA urges system administrators to replace obsolete TLS protocols [Catalin Cimpanu, ZDNet]
- Microsoft Edge gets a password generator, leaked credentials monitor [Bleeping Computer]
- Microsoft shares how SolarWinds hackers evaded detection [Sergiu Gatlan, Bleeping Computer]
Privacy
- I looked at all the ways Microsoft Teams tracks users and my head is spinning [ Chris Matyszczyk, ZDNet]
- Parler seems to be sliding back onto the Internet, but not onto mobile [Kate Cox, Ars Technica]
- Hacker blunder leaves stolen passwords exposed via Google search [Ionut Ilascu, Bleeping Computer]
Patch
- Cisco fixes critical pre-auth bugs in SD-WAN, cloud license manager [Sergiu Gatlan, Bleeping Computer]
- DNSpooq Flaws Expose Millions of Devices to DNS Cache Poisoning, Other Attacks [Eduard Kovacs, Security Week]
- Linux users should patch now to block new FreakOut malware which exploits new vulnerabilities [Check Point Software Technologies]
- Exploit Allows Root Access to SAP [Sarah Coble, Info Security]