Infosec bits for week 17/22

Kgwadi Matenche

2022-04-29 13:40

Security News:
- ExtraReplica: Microsoft patches cross-tenant bug in Azure PostgreSQL [Charlie Osborne, ZDNet]
- Log4j Attack Surface Remains Massive [Jai Vijayan, Dark Reading]
- Google banning call recording apps from Play Store [Hanno Labuschagne, MyBroadband]
Malware:
- New Bumblebee malware replaces Conti’s BazarLoader in cyberattacks [Ionut Ilascu, Bleeping Computer]
- Emotet is Back From ‘Spring Break’ With New Nasty Tricks [Sagar Tiwari, Threatpost]
Breaches & Leaks:
- Austin Peay State University becomes latest US school hit with ransomware [Jonathan Greig, The Record]
- Stormous ransomware gang claims to have hacked Coca-Cola [Pierluigi Paganini, Security Affairs]
Vulnerabilities & Patches:
- Cisco Patches 11 High-Severity Vulnerabilities in Security Products [Ionut Arghire, SecurityWeek]
- Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System [Ravie Lakshmanan, The Hacker News]
- Critical security flaws put millions of Android users’ privacy at risk [Rual de Vries, MyBroadband]
- Chrome 101 Patches 30 Vulnerabilities [Ionut Arghire, SecurityWeek]
Others:
- The Package Analysis Project: Scalable detection of malicious open source packages [Caleb Brown, Google Security Blog]
- Docker servers hacked in ongoing cryptomining malware campaign [Bill Toulas, Bleeping Computer]

Infosec bits for week 14/22

Renier van Heerden

2022-04-08 10:38

Information
- Adversarial Threat Report [Ben Nimmo, Facebook]
- Microsoft takes down APT28 domains used in attacks against Ukraine [Sergiu Gatlan, BleepingComputer]
- Best travel VPN 2022 [David Gewirtz, ZDNet]
Hacking
- Chinese hackers abuse VLC Media Player to launch malware loader [Ionut Ilascu, BleepingComputer]
- SpringShell attacks target about one in six vulnerable orgs [Bill Toulas, BleepingComputer]
- FIN7 hackers evolve operations with ransomware, novel backdoor [Charlie Osborne, ZDNet]
Patch
- VMware warns of critical vulnerabilities in multiple products [Sergiu Gatlan, BleepingComputer]
- Zoom awarded $1.8 million in bug bounty rewards over 2021 [Charlie Osborne, ZDNet]Write your post here.

Infosec bits for week 13/22

Sicelo Ncekana

2022-04-01 13:19

Hacking
- Hackers use modified MFA tool against Indian govt employees [Bill Toulas, BleepingComputer]
- $620 million in crypto stolen from Axie Infinity’s Ronin bridge [Lawrence Abrams, BleepingComputer]
- New Report on Okta Hack Reveals the Entire Episode LAPSUS$ Attack [Ravie Lakshmanan, The hacker news]
- Globant confirms hack after Lapsus$ leaks 70GB of stolen data [Ionut Ilascu, BleepingComputer]

Vulnerabilities
- Critical SonicOS Vulnerability Affects SonicWall Firewall Appliances [Ravie Lakshmanan, The hacker news]
- Apple releases emergency patch fixing zero-days across iOS and macOS [Ravie Lakshmanan, The hacker news]
- Apple releases emergency patch fixing zero-days across iOS and macOS [Connor Jones, ITPro]
- Spring patches leaked Spring4Shell zero-day RCE vulnerability [Lawrence Abrams, BleepingComputer]
- Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices [Ravie Lakshmanan, The hacker news]
- Linux Privilege Escalation: DirtyPipe [Raj Chandel, Hacking articles]
Other
- New Python-based Ransomware Targeting JupyterLab Web Notebooks [Ravie Lakshmanan, The hacker news]
- New Malware Loader ‘Verblecon’ Infects Hacked PCs with Cryptocurrency Miners [Ravie Lakshmanan, The hacker news]
- Google Chrome Bug Actively Exploited as Zero-Day [Tara Seals, threatpost]
- Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments [Tara Seals, threatpost]

Infosec bits for week 12/22

Schalk Peach

2022-03-25 11:23

Home Routers
- Cyclops Blink Sets Sights on Asus Routers [Feike Hacquebord, Stephen Hilt, Fernando Merces, TrendMicro]
- Botnet of Thousands of MikroTik Routers Abused in Glupteba TrickBot Campaigns [Ravie Lakshmanan, The Hacker News]
Academia
- IT outage at Scotlands Heriot-Watt University enters second week [Richard Speed, The Register]
Local News
- Update: South Africa Cyber Incident [TransUnion]
- TransUnion Confirms Data Breach at South Africa Business [Eduard Kovacs, Security Week]
Ransomware
- New Conti ransomware source code leaked [Charlie Osborne, ZDNet]
- Free decryptor released for TrickBot gangs Diavol ransomware [Sergiu Gatlan, Bleeping Computer]
- Lockbit wins ransomware speed test [Jessica Lyons Hardcastle, The Register]
The Lapsus$ Saga
- Lapsus$ Oxford teen accused of being multi-millionaire cyber-criminal [Joe Tiddy, BBC]
- Its official – Lapsus$ gang compromised a Microsoft employees account [Perluigi Paganini, Security Affairs]
- A Closer Look at the LAPSUS$ Data Extortion Group [Krebs on Security]
- British cops arrest seven in Lapsus$ crime gang probe [Jessica Lyons Hardcastle, The Register]

Infosec bits for week 11/22

Renier van Heerden

2022-03-18 12:08

Hacks
- Trickbot is using MikroTik routers to ply its trade. Now we know why [Dan Goodin, Arstechnica]
- Increase In Malware Sightings on GoDaddy Managed Hosting [Mark Maunder, Workfense]
- Nasty Linux netfilter firewall security hole found [Steven Vaughan-Nichols, ZDNet]
- New Unix rootkit used to steal ATM banking data [Bill Toulas, BleepingComputer]
Mobile
- Scammers have 2 clever new ways to install malicious apps on iOS devices [Dan Goodin, Arstechnica]
- Best Bluetooth tracker 2022 AirTag and other alternatives [June Wan, ZDNet]
- Europe warns of aircraft GPS outages tied to Russian invasion [Sergiu Gatlan, BleepingComputer]
Ransomware
- Feds extradite ransomware suspects from 2 prolific gangs in a single week [Dan Goodin, Arstechnica]
- All in a day’s work Google details Exotic Lily access broker for ransomware gangs [Chris Duckett, ZDNet]
- These four types of ransomware make up nearly three-quarters of reported incidents [Danny Palmer, ZDNet]
- Microsoft Defender tags Office updates as ransomware activity [Sergiu Gatlan, BleepingComputer]
DDoS and Other
- New method that amplifies DDoSes by 4 billion-fold What could go wrong [Dan Goodin, Arstechnica]
- In-the-wild DDoS attack can be launched from a single packet to create terabytes of traffic [Chris Duckett, ZDNet]
- Russia creates its own TLS certificate authority to bypass sanctions [Bill Toulas, BleepingComputer]

Infosec bits for week 10/22

Kgwadi Matenche

2022-03-14 10:30

Ukraine:
- Russia mulls legalizing software piracy as it’s cut off from Western tech [Tim de Chant, Ars Technica]
- Putin blocks Russians’ access to Facebook, Twitter, app stores [Tim de Chant, Ars Technica]
- Internet Backbone Giant Lumen Shuns dot RU [Brian Krebs, Krebs on Security]
- Meme war Russian invasion of Ukraine has triggered misinformation warfare [WION Web Team, Wio News]
- Bridgestone Americas confirms ransomware attack, LockBit leaks data [Ionut Ilascu, Bleeping Computer]
Security News:
- Vodafone investigates claims of a data breach made by Lapsus$ gang [Pierluigi Paganini, Security Affairs]
- Over 40% of Log4j Downloads Are Vulnerable Versions of the Software [Jai Vijayan, Dark Reading]
- Alleged REvil suspect extradited on ransomware spree charges [Gareth Corfield, The Register]
- Russia creates its own TLS certificate authority to bypass sanctions [Bill Toulas, Bleeping Computer]
Data Leaks & Breaches:
- Samsung confirms Galaxy source code breach but says no customer information was stolen [Cho Mu-Hyun, ZDNet]
- UPS flaws allow for remote code execution and remote fire-based interruptions [Chris Duckett, ZDNet]
- In-the-wild DDoS attack can be launched from a single packet to create terabytes of traffic [Chris Duckett, ZDNet]
- How a simple security bug became a university campus master key [Zack Whittaker, TechCrunch]
- Nespresso data leak in South Africa [Jan Vermeulen, MyBroadband]
Vulnerabilities:
- Siemens Addresses Over 90 Vulnerabilities Affecting Third-Party Components [Eduard Kovacs, SecurityWeek]
- Critical “Access:7” Supply Chain Vulnerabilities Impact ATMs, Medical and IoT Devices [Ravie Lakshmanan, The Hacker News]
- Microsoft March 2022 Patch Tuesday updates fix 89 vulnerabilities [Pierluigi Paganini, Security Affairs]
Other
- Network Infrastructure Security Guidance [National Security Agency Cybersecurity Directorate, National Security Agency]
- Cybersecurity firm says Chinese hackers breached six US state agencies [Sean Lyngaas, CNN]
- Conti Ransomware Group Diaries, Part III Weaponry [Brian Krebs, Krebs on Security]

Infosec bits for week 08/22

Sicelo Ncekana

2022-02-25 12:45

Write your post here.

Malware
- Microsoft App Store Sizzling with New ‘Electron Bot’ Malware [Lisa Vaas, Threat Post]
- Dridex Malware Deploying Entropy Ransomware on Hacked Computers [Ravie Lakshmanan, The hacker news]
- Zenly Social-Media App Bugs Allow Account Takeover [Tara Seals, Threat Post]

Phishing
- Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins [Nate Nelson, Threat Post]
- Citibank phishing baits customers with fake suspension alerts [Kyle Alspach, Venture beat]
- Citibank phishing baits customers with fake suspension alerts [Bill Toulas, Bleeping-computer]
- New Phishing Technique Uses Remote Access Software [Cyware, Cyware]

Vulnerabilities
- New Flaws Discovered in Cisco’s Network Operating System for Switches [Ravie Lakshmanan, The hacker news]
- Critical Flaw Uncovered in WordPress Backup Plugin Used by Over 3 Million Sites [Ravie Lakshmanan, The hacker news]
- Vulnerability Spotlight: Buffer overflow vulnerabilities in Accusoft ImageGear could lead to code execution [Jon Munshaw, Talos intelligence]
- Attackers Combing Internet to Target Exposed MS SQL Servers [Cyware, Cyware]
- CISA Warns of Attacks Exploiting Recent Vulnerabilities in Zabbix Monitoring Tool [Ionut Arghire, security week]
- New Variant of CryptBot Targets All Chrome Versions [Cyware, Cyware]
- Android Users Beware! New Banking Trojan Xenomorph Spread Malware via Google Play Store [Teejay Boris, Tech Times]

Infosec bits for week 07/22

Kgwadi Matenche

2022-02-18 10:09

Security News:
- Businessman admits to working as spyware broker in US and Mexico [Charlie Osborne, ZDNet]
- Microsoft Defender will soon block Windows password theft [Lawrence Abrams, Bleeping Computer]
- Microsoft Teams Targeted With Takeover Trojans [Elizabeth Montalbano, Threatpost]
Breaches & Leaks:
- Red Cross Hack Linked to Iranian Influence Operation? [Brian Krebs, Krebs on Security]
- Fertility Clinic Hit with Ransomware [Sarah Coble, Infosecurity Magazine]
- Hacking group is on a tear, hitting US critical infrastructure and SF 49ers [Dan Goodin, Ars Technica]
Vulnerabilities & Patches:
- High-Severity Vulnerability Found in Apache Database System Used by Major Firms [Ionut Arghire, SecurityWeek]
- VMware Issues Security Patches for High-Severity Flaws Affecting Multiple Products [Ravie Lakshmanan, The Hacker News]
- Chrome Zero-Day Under Active Attack: Patch ASAP [Lisa Vaas, Threatpost]
- Cisco bug can let hackers crash Cisco Secure Email gateways [Sergiu Gatlan, Bleeping Computer]
Malware:
- Trickbot targets customers of 60 High-Profile companies [Pierluigi Paganini, Security Affairs]
- Emotet Now Spreading Through Malicious Excel Files [Elizabeth Montalbano, Threatpost]
Others:
- GitHub code scanning now finds more security vulnerabilities [Sergiu Gatlan, Bleeping Computer]
- Gauteng govt partners with UJ to tackle e-waste [ITWeb]
- DDoS attacks cripple government and banking websites in Ukraine [Waqas, HackRead]
- Google awarded $8.7 million to security researchers in 2021 [Catalin Cimpanu, The Record]

Infosec bits for week 06/22

Schalk Peach

2022-02-11 09:02

Lessons Learned from a Ransomware Attack
- Conti cyber attack on the HSE [PDF Report] [Health Service Executive]
- Lessons Learned from the HSE Cyber Attack [PDF Report] [U.S. Department of Health Human Services]
Education Sector
- Students exam data sold on web [Suchit Leesa-Nguansuk, Bangkok Post]
- FritzFrog botnet grows 10x hits healthcare edu and govt systems [Bill Toulas, Bleeping Computer]
  - See also: FritzFrog: P2P Botnet Hops Back on the Scene
Ransomware
- Avast released a free decryptor for TargetCompany ransomware [Pierluigi Paganini, Security Affairs]
- Ransomware dev releases Egregor and Maze master decryption keys [Lawrence Abrams, Bleeping Computer]
2021 in Review
- ESET Threat Report T3 2021 [Roman Kovac, ESET]
- Top 10 web hacking techniques of 2021 [James Kettle, PortSwigger]
Other interesting news
- Google finds a 50 percent reduction in user account breaches after auto-enabling 2FA [Humza Aamir, Techspot]
- Linux Malware on the Rise [Robert Lemos, Dark Reading]

Infosec bits for week 05/22

Renier van Heerden

2022-02-04 12:57

Spyware
- FBI confirms it obtained NSO’s Pegasus spyware [Stephanie Kirchgaessner, The Guardian]
- iPhone flaw exploited by second Israeli spy firm-sources [Christopher Bing and Raphael Satter, Reuters]
- NSO offered US mobile security firm bags of cash whistleblower claims [Stephanie Kirchgaessner, The Guardian]
- Welcome to the Burner Phone Olympics [Matt Burgress, Wired]
- Android malware BRATA wipes your device after stealing data [Bill Toulas, Bleepingcomputer]
Hack and Ransomware
- That’s a signature move How $320m in Ether was stolen from crypto biz Wormhole [Thomas Claburn, The Register]
- Why the Belarus Railways Hack Marks a First for Ransomware [Andy Greenberg, Wired]
- BlackCat ransomware implicated in attack on German oil companies [Jonathan Greig, ZDNet]
- Trio of RCE CVSS 10 vulnerabilities among 15 CVEs in Cisco small business routers [Chris Duckett, ZDNet]
- Zimbra zero-day vulnerability actively exploited to steal emails [Sergiu Gatlan, Bleepingcomputer]
- UEFI firmware vulnerabilities affect at least 25 computer vendors [Bill Toulas, Bleepingcomputer]
Other
- Intel fails to get Spectre, Meltdown chip flaw class-action super-suit tossed out [Thomas Claburn, The Register]
- North Korea Hacked Him. So He Took Down Its Internet [Andy Greenberg, Wired]
- Microsoft blocked billions of brute-force and phishing attacks last year [Sergiu Gatlan, Bleepingcomputer]
- Microsoft fends off record-breaking 3.47Tbps DDoS attack [Dan Goodin, Arstechnic]