Infosec bits for week 04/22

Sicelo Ncekana

2022-01-28 15:07

General
- IT and DevOps Staff More Likely to Click on Phishing Links [Phil Muncaster, Info Security]
- 2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play [Becky Bracken, Threat Post]
- BotenaGo Botnet Code Leaked to GitHub, Impacting Millions of Devices [Lisa Vaas, Threat Post]

Data Breach
- Fantasy Premier League account hack surge prompts plans to introduce extra login checks for football fans [Jessica Haworth, The daily Swings]
- Data Breach at Drug Screening Lab [John Leyden, The daily Swings]
- Data Breach at Drug Screening Lab [Sarah Coble, Info Security]
- French Ministry of Justice Targeted in Ransomware Attack [Eduard Kovacs, ]

Vulnerabilities
- Solarwinds fixes code execution bug in enterprise helpdesk softwar [Emma Woollacott, The daily Swings]
- RCE bug chain patched in CentOS Web Panel [The daily Swings]
- Chain of vulnerabilities led to RCE on Cisco Prime servers [Ben Dickson, The daily Swings]
- Microsoft Mitigates ‘Largest Known DDoS Attack [Mihir Bagwe, Data Breach]
- Safari Flaws Exposed Webcams, Online Accounts, and More [Lily Hay Newman, Wired]
- Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild [Lisa Vaas, Threat Post]

Infosec bits for week 03/22

Schalk Peach

2022-01-21 09:45

Rise in school cyber crime attacks sparks NCA education drive [National Crime Agency (UK)]
Backdoor RAT for Windows, macOS, and Linux went undetected until now [Dan Goodmin, ARS Technica]
Red Cross hit with cyberattack [Jonathan Greig, ZDNet]
Thousands of enterprise servers are running vulnerable BMCs [Lucian Constantin, CSO Online]
Russia Rounds Up 14 REvil Ransomware Affiliates [Krebs on Security]
CISA Adds 13 Known Exploited Vulnerabilities to Catalog [CISA]

Infosec bits for week 02/22

Kgwadi Matenche

2022-01-14 12:23

Security News:
- Log4j: How hackers are using the flaw to deliver this new ‘modular’ backdoor [Liam Tung, ZDNet]
- Dev corrupts NPM libs ‘colors’ and ‘faker’ breaking thousands of apps [Ax Sharma, Bleeping Computer]
- Ransomware Group That Targeted Over 50 Companies Dismantled in Ukraine [Eduard Kovacs, SecurityWeek]
- New Vulnerabilities Highlight Risks of Trust in Public Cloud [Robert Lemos, Dark Reading]
- Microsoft Defender weakness lets hackers bypass malware detection [Ionut Ilascu, Bleeping Computer]
Vulnerabilities & Patches:
- ‘Wormable’ Flaw Leads January 2022 Patch Tuesday [Brian Krebs, Krebs on Security]
- Cisco fixes a critical flaw in Unified CCMP and Unified CCDM [Pierluigi Paganini, Security Affairs]
- CVE-2021-20038..42: SonicWall SMA 100 Multiple Vulnerabilities [Jake Baines, Rapid7]
- KCodes NetUSB kernel remote code execution flaw impacts millions of devices [Charlie Osborne, ZDNet]
Breaches & Leaks:
- TransCredit exposed financial data of half a million Americans and Canadians [Waqas, HackRead]
- Cyberattack shuts down Albuquerque schools; county copes with ransomware incident [Jonathan Greig, ZDNet]
- Hot wallet hack: Hackers steal $18.7m from Animoca’s Lympo NTF platform [Waqas, HackRead]
Others:
- Admins report Hyper-V and domain controller issues after first Patch Tuesday of 2022 [Richard Speed, The Register]
- Kaspersky warns of ‘highly unusual’ spyware campaign [ITWeb]
- Teen hacker finds bug that lets him control 25+ Teslas remotely [Jonathan M. Gitlin, Ars Technica]

Infosec bits for week 01/22

Renier van Heerden

2022-01-07 19:35

Log4j
- Security warning New zero-day in the Log4j Java library is already being exploited [Danny Palmer, ZDNet]
- CVE-2021-44228 [Mitre.org]
- Log4Shell RCE 0-day exploit found in log4j 2, a popular Java logging package [Free Wortley et al, Lunasec]
- Open Source Foundations Must Work Together to Prevent the Next Log4Shell Scramble [Brian Behlendorf, Openssf]
Ransomware
- Shutterfly services disrupted by Conti ransomware attack [Lawrence Abrams, BleepingComputer]
- Iranian hackers behind Cox Media Group ransomware attack [Catalin Cimpanu, TheRecord]
- Second ransomware family exploiting Log4j spotted in U.S., Europe [Kyle Alspach, VentureBeat]
Other
- FlexBooker discloses data breach, over 3.7 million accounts impacted [Ionut Ilascu, BleepingComputer]
- Microsoft Exchange year 2022 bug in FIP-FS breaks email delivery [Lawrence Abrams, BleepingComputer]
- Japanese university loses 77TB of research data following a buggy software update [Humza Aamir, Techspot]

Infosec bits for week 50/21

Sicelo Ncekana

2021-12-17 12:17

Write your post here.

Cyber attacks
- Variant of Phorpiex botnet used for cryptocurrency attacks in Ethopia, Nigeria, India and more [Jonathan Greig, ZDNet]
- Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials [Ravie Lakshmanan, The hacker news]
- Pen Test Partners: Anyone could view Gumtree users’ GPS location by pressing F12 [Gareth Corfield, The register]
Vulnerabilities
- Latest Apple iOS Update Patches Remote Jailbreak Exploit for iPhones [Ravie Lakshmanan, The hacker news]
- Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges [Ravie Lakshmanan, The hacker news]
- Microsoft December 2021 Patch Tuesday: Zero-day exploited to spread Emotet malware [Charlie Osborne, ZDNet]
- Adobe addresses over 60 vulnerabilities in multiple products [Pierluigi Paganini, Security Affairs]
- Flaws in Lenovo laptops allow escalating to admin privileges [Pierluigi Paganini, Security Affairs]
Malware
- New Fileless Malware Uses Windows Registry as Storage to Evade Detection [Ravie Lakshmanan, The hacker news]
- Anubis Banking Trojan Resurfaces to Cripple Over 400 Financial Firms [Cyware, Cyware]
- PseudoManuscrypt, a mysterious massive cyber espionage campaign [Pierluigi Paganini, Security Affairs]

Infosec bits for week 49/21

Schalk Peach

2021-12-10 13:28

Ransomware
- Threat Actors Give Victim School District A Free Decryptor [DataBreaches.net]
- Emotet’s Back And It Isn’t Wasting Any Time [Pieter Arntz, MalwareBytes]
- The Worst And Most Notable Ransomware – A Quick Guide For Security Pros [CSO Online]
- US Military Hacking Unit Publicly Acknowledges Taking Offensive Action To Disrupt Ransomware Operations [Sean Lyngaas, CNN]
Exploits
- Windows 10 RCE – The exploit is in the link [Fabian Bräunlein, Lukas Euler, Positive Security]
Phishing
- Convincing Microsoft phishing uses fake Office 365 spam alerts [Sergui Gatlan, BleepingComputer]
- University Targeted Credential Phishing Campaigns Use COVID-19 Omicron Themes [Selena Larson And Jake G, Proofpoint]
Governance
- New Federal Government Cybersecurity Incident and Vulnerability Response Playbooks [CISA]
- CIS Control 01 – Inventory and Control of Enterprise Assets [Matthew Jerzewski, Tripwire]
Technical
- What are buffer overflow attacks and how are they thwarted? [Rene Holt, ESET WeLiveSecurity]
Education
- Adapting Higher Education To Address The Cybersecurity Skills Shortage [Helga Labus, HelpnetSecurity]

Infosec bits for week 48/21

Kgwadi Matenche

2021-12-03 11:44

Security News:
- Unpatched Microsoft Exchange Servers abused in new phishing campaign [Waqas, HackRead]
- FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangs [Lawrence Abrams, Bleeping Computer]
- Former Employee Accused of Being Behind Ubiquiti Hack [Eduard Kovacs, SecurityWeek]
Exploited Vulnerabilities:
- Microsoft Exchange servers hacked to deploy BlackByte ransomware [Bill Toulas, Bleeping Computer]
Email-Borne Threats:
- This stealthy malware delivers a ‘silent threat’ that wants to steal your passwords [Danny Palmer, ZDNet]
Malware:
- Researchers Flag 300K Banking Trojan Infections from Google Play in 4 Months [Becky Bracken, Threatpost]
- Emotet now spreads via fake Adobe Windows App Installer packages [Lawrence Abrams, Bleeping Computer]
- NginRAT – A stealth malware targets e-store hiding on Nginx servers [Pierluigi Paganini, Security Affairs]
Vulnerabilities & Patches:
- Unpatched Windows Zero-Day Allows Privileged File Access [Tara Seals, Threatpost]
- Critical Wormable Security Flaw Found in Several HP Printer Models [Ravie Lakshmanan, The Hacker News]
Breaches & Leaks:
- Panasonic discloses four-months-long data breach [Catalin Cimpanu, The Record]
- Ransomware attack shuts down Lewis & Clark Community College [Russell Kinsaul, KMOV4]
- DNA testing service data breach impacting 2.1 million users [Waqas, HackRead]
- Cyber-attack on Planned Parenthood [Sarah Coble, Infosecurity Magazine]]
Others:
- Behind the Man-in-the-Middle Attacks For Connected Cars: Real-Life Interception of Network Traffic Between Connected Car and Back-End Platforms [Medium]
- Microsoft Edge will now warn users about the dangers of downloading Google Chrome [Andrew Cunningham, Ars Technica]
- Microsoft Defender scares admins with Emotet false positives [Sergiu Gatlan,, Bleeping Computer]
- Russian Man Sentenced to 60 Months in Prison for Running ‘Bulletproof’ Hosting for Cybercrime [Dark Reading]

Infosec bits for week 47/21

Renier van Heerden

2021-11-26 12:04

Information
- A Third of All Dark Web Domains Are Now V3 Onion Sites [BeauHD, Slashdot]
- Attackers don’t bother brute-forcing long passwords, Microsoft engineer says [Catalin Cimpanu, TheRecord]
- New JavaScript malware works as a RAT dispenser [Catalin Cimpanu, TheRecord]
- Microsoft silently enables ‘Super Duper Secure Mode’ for Edge [Catalin Cimpanu, TheRecord]
Hacks
- New Windows zero-day with public exploit lets you become an admin [Lawrence Abrams, Bleepingcomputer]
- Is Microsoft Stealing People’s Bookmarks [Bruce Schneier, Schneier on Security]
- Rowhammer bit flips on all DRAM devices today despite deployed mitigations [Blacksmith, COMSEC is the computer security group]
- Linux has a serious security problem that once again enables DNS cache poisoning [Dan Goodin, Arstechnica]
- GoDaddy security breach exposes WordPress users’ data [Tiyashi Datta, Reuters]
Ransomware
- Russian Ransomware Gangs Might be Collaborating with Chinese Hackers [Heimdal Security., Dora Tudor]
- Industry’s first USD5m ransomware recovery warranty [VNQ Systems, ITWeb]
- Ransomware trends, statistics and facts in 2021 [Sean Michael Kerner, TechTarget]

Infosec bits for week 46/21

Sicelo Ncekana

2021-11-19 09:32

Infrastructure and Security architecture
- How to Improve Red Team Effectiveness using Obfuscation [Gordon Lawson, Security Week]
- How to Build a Security Awareness Training Program that Yields Measurable Results [The Hacker News, The Hacker News]
- Multi-cloud adoption will be strong in 2022 but key security gaps and challenges remain [Security Magazine, Security Magazine]
- Why mobile credentials should be part of your access control program [Charles Migabo, Security Magazine]
Bugs, Vulnerabilities and Patches
- Windows 11 issue with Intel audio drivers triggers blue screens [Sergiu Gatlan, Bleeping Computer]
- Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models [Ravie Lakshmanan, The hacker news]
- FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months [Lisa Vaas, Threat Post]
- Microsoft Patch Tuesday, November 2021 Edition [Krebs on Security, Krebs on Security]
- How Attackers Exploit the Remote Desktop Protocol [Koen Van Impe, Security Intelligence]
Others
- Over 10M Android Users Infected by GriftHorse Trojan [David Bisson, Security Intelligence]
- Phishers Leverage Bait Attacks to Harvest Personal Data [CISOMAG, CISOMAG]
- Ransomware Phishing Emails Sneak Through SEGs [The Cyber Post, The Cyber Post]
- Netflix and phish? Scammers target movie streamers [Vilius Petkauskas, Cyber News]

Infosec bits for week 45/21

Schalk Peach

2021-11-15 10:57

Good News
- INTERPOL-led operation takes down prolific cybercrime ring [Interpol]
- Criminal group dismantled after forcing victims to be money mules [Bill Toulas, Bleeping Computer]
Breaches
- Hoax Email Blast Abused Poor Coding in FBI Website [Krebs on Security]
- 40,000 U of T student emails targeted by phishing attempt [Lexey Burns, The Varsity]
Vulnerabilities and Patches
- Samba Releases Security Updates [US CERT]
- Zero-day bug in all Windows versions gets free unofficial patch [Sergiu Gatlan, Bleeping Computer]
- Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access [Ravie Lakshmanan, The Hacker News]