Infosec bits for week 44/21

Kgwadi Matenche

2021-11-05 12:03

Security News:
- Cybercrime News Technology GitLab servers are being exploited in DDoS attacks in excess of 1 Tbps [Catalin Cimpan, The Record]
- BlackMatter ransomware gang says it’s disbanding – again – after Ukraine arrests [Gareth Corfield, The Register]
- Police arrest hackers behind over 1,800 ransomware attacks [Bill Toulas, Bleeping Computer]
- Cybercriminals sell access to international shipping, logistics giants [Charlie Osborne, ZDNet]
Vulnerabilities & Patches:
- Linux Foundation Fixes ‘Dangerous’ Code Execution Kernel Bug [Ryan Naraine, SecurityWeek]
- Google Patches Android Zero-Day Exploited in Targeted Attacks [Eduard Kovacs, SecurityWeek]
- Cisco fixes hard-coded credentials and default SSH key issues [Sergiu Gatlan, Bleeping Computer]
Email-Borne Threats:
- Spooky Ransomware Steals Past SEGs in Under 15 Minutes [Harsh Patel & Zachary Bailey,Cofense]
- Phishing: Attackers Use DocuSign to Send Malicious Links [David Bisson, Security Intelligence]
Breaches & Leaks:
- N.L. health-care cyberattack is worst in Canadian history, says cybersecurity expert [CBC News]
- Hackers gained access to mySA Gov accounts, including licence and rego details [Campbell Kwan, ZDNet]
Others:
- US sanctions four companies selling hacking tools, including NSO Group & Candiru [Catalin Cimpanu, The Record]
- Widespread Security Risk Identified in Phones and Bluetooth Devices Approximately 40 percent of mobile phones may be compromised [Michelle Hampson, IEEE]
- Cybercriminals Take Aim at Connected Car Infrastructure [Robert Lemos, Dark Reading]
- Cyber criminals use Black Friday as bait to scam shoppers [Sibahle Malinga, ITWeb]
- Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware [Bill Toulas, Bleeping Computer]

Infosec bits for week 43/21

Renier van Heerden

2021-10-29 12:00

Ransomware:It’s a ‘golden era’ for cyber criminals – and it could get worse before it gets better [Danny Palmer |, ZDNet]
Industry group warns of coordinated DDoS extortion campaign against VoIP providers [Catalin Cimpanu, TheRecord]
Workers sent home after ransomware attack on major automotive parts manufacturer [Catalin Cimpanu, TheRecord]
FBI held back ransomware decryption key from businesses to run operation targeting hackers [Ellen Nakashima, Rachel Lerman, The WashingtonPost]
Grief Ransomware Targets NRA [Elizabeth Montalbano, Threadpost]
Suspected REvil Gang Insider Identified [Lisa Vaas, Threadpost]

Hacks
- Microsoft says Russia hacked at least 14 IT service providers this year [Catalin Cimpanu, TheRecord]
- Android smartphones infected with rare rooting malware [Catalin Cimpanu, TheRecord]
- Google unmasks two-year-old phishing and malware campaign targeting YouTube users [Catalin Cimpanu, TheRecord]
- A cyberattack paralyzed every gas station in Iran [Vahid Salemi, NPR]
- War-Driving Technique Allows Wi-Fi Password-Cracking at Scale [Tara Seals, Threadpost]
- All Windows versions impacted by new LPE zero-day vulnerabilit [Lawrence Abrams, BleepingComputer]
- Emergency Google Chrome update fixes zero-days used in attacks [Lawrence Abrams, BleepingComputer]Write your post here.

Infosec bits for week 42/21

Sicelo Ncekana

2021-10-25 08:48

Vulnerabilities
- Cisco SD-WAN Security Bug Allows Root Code Execution [Tara Seals, Threat post]
- Slack contains an XSLeak vulnerability that de-anonymizes users [Ben Dickson, The Daily Swig]
- Oracle’s October 2021 CPU Includes 419 Security Patches [Ionut Arghire, Security week]
General
- The Simmering Cybersecurity Risk of Employee Burnout [Dr. Margaret Cunningham, Dark Reading]
- Penetration Testing in the Cloud Demands a Different Approach [Ievgen Soloviov, Dark Reading]
- How to Build an Incident-Response Plan, Before Security Disaster Strikes [Joseph Carson, Threat Post]
- Feds Warn BlackMatter Ransomware Gang is Poised to Strike [Elizabeth Montalbano, Threat Post]
- Why is Cybersecurity Failing Against Ransomware? [Nate Warfield, Threat Post]
- Protecting Phones From Pegasus-Like Spyware Attacks [Lisa Vaas, Threat Post]
Malware
- GriftHorse Money-Stealing Trojan Takes 10M Android Users for a Ride [Tara Seals, Threat post]
- Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild [Ravie Lakshmanan, the hacker news]

Infosec bits for week 41/21

Schalk Peach

2021-10-18 14:30

Academia
- Student finds zero-days in Exterity devices while rick-rolling school district [Catalin Cimpanu, The Record]
- University of Sunderland Hit by Suspected Cyber-Attack [James Coker, Infosecurity Magazine]
- University still recovering from major cyberattack that disrupted IT systems [Liam Tung, ZDNet]
Legislation
- EU legislation introduced to ban anonymous domain registration [Bill Toulas, Bleeping Computer]
- New Bill to Require Cyber Attack Reporting in the US [Ericka Pingol, Trend Micro]
Other
- Microsoft said it mitigated a 2.4 Tbps DDoS attack [Catalin Cimpanu, The Record]
- Study reveals Android phones constantly snoop on their users [Bill Toulas, Bleeping Computer]
- What Is the True Cost of a Health Care Data Breach? [Michelle Greenlee, Security Intelligence]
- BlackByte ransomware decryptor released [Charlie Osborne, ZDNet]

Infosec bits for week 40/21

Schalk Peach

2021-10-08 13:59

Vulnerabilities and Exploits
- Apache Releases HTTP Server version 2.4.51 to Address Vulnerabilities Under Exploitation [CISA]
- This new Android malware gets full control of your phone to steal passwords and info [Danny Palmer, ZDNet]
General
- Windows 11 is out. Is it any good for security? [Mark Stockley, MalwareBytes]
- Who scams the scammers? Meet the scambaiters [Amelia Tait, The Guardian]
Ransomware
- Think You Are Prepared for Ransomware? You’re Probably Not. [David Finger, CSO Online]
- Conti gang threatens to dump victim data if ransom negotiations leak to reporters [Catalin Cimpanu, The Record]
- Ransomware groups angry at other criminals for hijacking their ransoms [Rob Thubron, Ars Technica]
- Two ransomware operators arrested in Ukraine [Catalin Cimpanu, The Record]

Infosec bits for week 39/21

Kgwadi Matenche

2021-10-01 13:44

Vulnerabilities & Patches:
- SonicWall Patches Critical Vulnerability in SMA Appliances [Eduard Kovacs, SecurityWeek]
- Google pushes emergency Chrome update to fix two zero-days [Lawrence Abrams, Bleeping Computer]
- Trend Micro fixes a critical flaw in ServerProtec Solution, patch it now! [Pierluigi Paganini, Security Affairs]
- Jira Data Center user? Here’s a critical Ehcache vulnerability to spoil your day [Gareth Halfacree, The Register]
Security News:
- Thousands of University Wi-Fi Networks Expose Log-In Credentials [Elizabeth Montalbano, Threatpost]
- Salt Security Finds Widespread Elastic Stack API Security Vulnerability that Exposes Customer and System Data [Dark Reading]
- This dangerous mobile Trojan has stolen a fortune from over 10 million victims [Charlie Osborne, ZDNet]
- New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught [Ravie Lakshmanan, The Hacker News]
Malware:
- A wolf in sheep’s clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus [Vitor Ventura and Arnaud Zobec, Cisco Talos]
- FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor [Ramin Nafisi, Microsoft Threat Intelligence Center]
Breaches & Leaks:
- JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data [Lawrence Abrams, Bleeping Computer]
- Storybooks for children app FarFaria exposed data of 3M users [Waqas, HackRead]
Others:
- Xero, Slack suffer outages just as Let’s Encrypt root cert expiry downs other websites, services [Chris Williams, The Register]
- Endpoint Still a Prime Target for Attack [Dark Reading]
- Facebook open-sources internal tool used to detect security bugs in Android apps [Catalin Cimpanu, The Record]

Infosec bits for week 38/21

Kgwadi Matenche

2021-09-23 15:47

Security News:
- New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures [Ravie Lakshmanan, The Hacker News]
- Hundreds of Thousands of Credentials Leaked Due to Microsoft Exchange Protocol Flaw [Eduard Kovacs, SecurityWeek]
- Department of Justice hack — all backups gone and R33 million ransom demanded [Myles Illidge, MyBroadband]
Breaches & Leaks:
- Data of 106 Million Visitors to Thailand Breached [Sarah Coble, Infosecurity Magazine]
- African Bank debt collector hit by ransomware — client data exposed [MyBroadband]
Email-Borne Threats:
- Microsoft uncovers giant Phishing-as-a-Service operation [Catalin Cimpanu, The Record]
Vulnerabilities & Patches:
- VMware Warns of Ransomware-Friendly Bug in vCenter Server [Lisa Vaas, Threatpost]
- Mirai Botnet Actively Exploiting OMIGOD Flaw [Mihir Bagwe, Bank Info Security]
- New macOS zero-day bug lets attackers run commands remotely [Sergiu Gatlan, Bleeping Computer]
Others:
- Hackers leak LinkedIn 700 million data scrape [Catalin Cimpanu, The Record]
- Plugging the holes: How to prevent corporate data leaks in the cloud [Phil Muncaster, WeLiveSecurity]
- LG acquires Israeli automotive cybersecurity startup Cybellum [Cho Mu-Hyun, ]

Infosec bits for week 37/21

Renier van Heerden

2021-09-17 13:32

Ransomware
- Ransomware encrypts South Africa’s entire Dept of Justice network [Ionut Ilascu, Bleeping Computer]
- Free REvil ransomware master decrypter released for past victims [Lawrence Abrams, Bleeping Computer]
- Ransomware accounted for a quarter of all cyber insurance claims in Europe between 2016 and 2020 [Catalin Cimpanu, TheRecord]
- South Africa’s legal system on its knees after cyberattack [Jan Vermeulen, MyBroadband]
Hack
- New malware uses Windows Subsystem for Linux for stealthy attacks [Ionut Ilascu, Bleeping Computer]
- US fines former NSA employees who provided hacker-for-hire services to UAE [Catalin Cimpanu, TheRecord]
- New Go malware Capoae targets WordPress installs, Linux systems [Charlie Osborne, ZDNet]
- OWASP updates top 10 vulnerability ranking for first time since 2017 [Jonathan Greig, ZDNet]
Patch
- Update Chrome – major security flaws fixed [Myles Illidge, MyBroadband]
- Microsoft patches Office zero-day in today’s Patch Tuesday [Catalin Cimpanu, TheRecord]

Infosec bits for week 35/21

Schalk Peach

2021-09-03 11:48

Vulnerabilities
- Worst cloud vulnerability you can imagine’ discovered in Microsoft Azure [Jim Salter, Ars Technica]
- New BrakTooth Bluetooth vulnerabilities [Catalin Cimpanu, The Record]
- WhatsApp patches vulnerability related to image filter functionality [Jonathan Grieg, ZDNet]
Ransomware and Botnets
- Ransomware attacks on US schools and colleges cost $6.62bn in 2020 [Paul Bischoff, CompariTech]
- Mozi botnet authors arrested in China [Catalin Cimpanu, The Record]
- Phorpiex botnet shuts down, source code goes up for sale [Catalin Cimpanu, The Record]
General Tech
- Windows 11 will roll out from October 5 as Microsoft hypes new hardware [Tim Anderson, The Register]
Zero Trust
- Challenges organizations face when implementing zero trust architecture [Help Net Security]

Infosec bits for week 34/21

Kgwadi Matenche

2021-08-27 13:18

Security News:
- Microsoft Breaks Silence on Barrage of ProxyShell Attacks [Elizabeth Montalbano, Threatpost]
- Hackers Could Increase Medication Doses Through Infusion Pump Flaws [Lily Hay Newman, WIRED]
- Ragnarok ransomware releases master decryptor after shutdown [Ionut Ilascu, Bleeping Computer]
- Poly Network Recoups $610M Stolen from DeFi Platform [Becky Bracken, Threatpost]
- Biggest Linux security exploits revealed [Hanno Labuschagne, MyBroadband]
Email-Borne Threats:
- False Payment Promises Lead To Microsoft Credential Phish [Nathaniel Sagibanda, Cofense]
- Phishing campaign uses UPS.com XSS vuln to distribute malware [Lawrence Abrams, Bleeping Computer]
Vulnerabilities & Patches:
- F5 Releases Critical Security Patches for BIG-IP and BIG-IQ Devices [Ravie Lakshmanan, The Hacker News]
- VMware Patches High-Severity Vulnerabilities in vRealize Operations [Ionut Arghire, SecurityWeek]
- Cisco Security Advisories [Cisco]
- Atlassian warns of critical Confluence flaw [Simon Sharwood, The Register]
Others:
- Threat Modeling: Making the Right Moves [Doug Olenick, Bank Info Security]
- Ransomware gang’s script shows exactly the files they’re after [Lawrence Abrams, Bleeping Computer]
- Data breaches now cost SA firms 15% more per incident [ITWeb]
  - Cybercrime Losses Triple to £1.3bn in 1H 2021 [Phil Muncaster, Infosecurity Magazine]
- Nigerian Gang Asks for Insider Help to Plant Ransomware [Doug Olenick, Bank Info Security]