Infosec bits for week 27/22

Kgwadi Matenche

2022-07-08 15:36

Security News:
- Researchers discover rogue Node.js packages stealing data [Rual de Vries, MyBroadband]
- Ukrainian police takes down phishing gang behind payments scam [Charlie Osborne, ZDNet]
- AstraLocker ransomware shuts down and releases decryptors [Sergiu Gatlan, Bleeping Computer]
Malware:
- OrBit, a new sophisticated Linux malware still undetected [Pierluigi Paganini, Security Affairs]
Breaches & Leaks:
- Marriott confirms another data breach after hotel got hacked [Sergiu Gatlan, Bleeping Computer]
- Cyberattack knocks out California community college email, website, landlines [Jonathan Greig, The Record]
- Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: ‘Lives at Stake’ [Nathan Eddy, Dark Reading]
- Hacker Selling Shanghai Police Database with Billions of Chinese Citizen Data [Waqas, HackRead]
Vulnerabilities & Patches:
- Django Software Foundation Patches High-Severity Bug [Mihir Bagwe, Bank Info Security]
- Chromium’s WebRTC zero-day fix arrives in Microsoft Edge [Richard Speed, The Register]
  - Google updates Chrome to squash actively exploited WebRTC Zero Day [Simon Sharwood, The Register]
- Cisco and Fortinet Release Security Patches for Multiple Products [Ravie Lakshmanan, The Hacker News]
Others:
- TikTok, WCape education dept promote online safety [ITWeb]

Infosec bits for week 26/22

Renier van Heerden

2022-07-04 13:39

Hacks
- June 2022 Incident Report Hackerone [Hackerone Editor, Hackerone]
- Microsoft Exchange servers worldwide hit by stealthy new backdoor [Dan Goodin, ArsTechnica]
- YouTube content creator credentials are under siege by YTStealer malware [Dan Goodin, ArsTechnica]
- This new malware is at the heart of the ransomware ecosystem [Danny Palmer, ZDNet]
Cell
- Billing fraud apps can disable Android Wi-Fi and intercept text messages [Dan Goodin, ArsTechnica]
- Free smartphone stalkerware detection tool gets dedicated hub [Bill Toulas, Bleeping Computer]
- Microsoft Defender adds network protection for Android, iOS devices [Sergiu Gatlan, Bleeping Computer]
Hardware
- A wide range of routers are under attack by new, unusually sophisticated malware [Dan Goodin, ArsTechnica]
- Toll fraud malware disables your WiFi to force premium subscriptions [Ionut Ilascu, Bleeping Computer]
- A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys [Dan Goodin, ArsTechnica]
Odds
- Crooks are using deepfakes to apply for remote tech jobs [Liam Tung, ZDNet]
- These are the 25 most dangerous software bugs you need to worry about [Liam Tung, ZDNet]
- Tsunami of junk traffic that broke DDoS records delivered by tiniest of botnets [Dan Goodin, ArsTechnica]

Infosec bits for week 25/22

Renier van Heerden

2022-06-23 12:12

Randsomware
- How Microsoft’s AI spots ransomware attacks before they even get started [Charlie Osborne, ZDNet]
- Microsoft Russia stepped up cyberattacks against Ukraine’s allies [Bleeping Computer, Bleeping Computer]
- New Linux-based ransomware targets VMware servers [Johan Mello Jr, CSO]
Info
- MEGA fixes critical flaws that allowed the decryption of user data [Bill Toulas, Bleeping Computer]
- Cryptocurrency tech is vulnerable to tampering, a DARPA analysis finds [Martin Kaste, NPR]
- NSA Says No Backdoor for Spies in New US Encryption Scheme [Katrina Manson, Bloomberg]
- Microsoft: This botnet is growing fast and hunting for servers with weak passwords [Liam Tung, ZDNet]
- There are 24.6 billion pairs of credentials for sale on dark web [Brandon Vigliarolo, TheRegister]
- Panchan’s Mining Rig New Golang Peer-to-Peer Botnet Says Hi [Stiv Kupchik, Akamia]
- Leaked Audio From 80 Internal TikTok Meetings Shows That US User Data Has Been Repeatedly Accessed From China [Emily Baker-White, BuzzFeedNews]

Infosec bits for week 24/22

Kgwadi Matenche

2022-06-17 13:29

Security News:
- Shoprite suffers suspected data compromise [ITWeb]
- Facebook Messenger Scam Duped Millions [Nate Nelson, Threatpost]
Malware:
- MaliBot’ Android Malware Steals Financial, Personal Information [Ionut Arghire, SecurityWeek]
- Panchan Golang P2P botnet targeting Linux servers in cryptomining campaign [Pierluigi Paganini, Security Affairs]
- Linux Malware Deemed ‘Nearly Impossible’ to Detect [Elizabeth Montalbano, Threatpost]
Breaches & Leaks:
- Elasticsearch Database Mess Up Exposed Login, PII Data of 30,000 Students [Deeba Ahmed, HackRead]
- BlackCat Attacks University of Pisa, Demands $4.5M Ransom [Mihir Bagwe, Bank Info Security]
- Kaiser Permanente data breach exposes health data of 69K people [Sergiu Gatlan, Bleeping Computer]
Vulnerabilities & Patches:
- 730K WordPress sites force-updated to patch critical plugin bug [Sergiu Gatlan, Bleeping Computer]
- Microsoft fixes Follina and 55 other CVEs [Zeljka Zorz, Help Net Security]
- Cisco Secure Email bug can let attackers bypass authentication [Sergiu Gatlan, Bleeping Computer]
- Google Chrome update fixes four severe security flaws [Myles Illidge, MyBroadband]
- Critical Code Execution Vulnerability Patched in Splunk Enterprise [Ionut Arghire, SecurityWeek]
Others:
- Cybercriminals Capitalizing on Resurgence in Travel [Nathan Eddy, Dark Reading]
- Ransomware Group Debuts Searchable Victim Data [Brian Krebs, Krebs on Security]

Infosec bits for week 23/22

Renier van Heerden

2022-06-10 11:46

Zero-Day
- An Actively Exploited Microsoft Zero-Day Flaw Still Has No Patch [Lily Hay Newman, Wired]
- NSA Ransomware Gangs Are Getting Rich Enough to Buy Zero-Day Exploits [Michael Kan, PCMag]
- 8 zero-day vulnerabilities discovered in popular industrial control system from Carrier [Jonathan Greig, TheRecord]
Compromise
- FBI seizes notorious marketplace for selling millions of stolen SSNs [Carly Page, TechCruch]
- Italian city of Palermo shuts down all systems to fend off cyberattack [Bill Toulas, BleepingComputer]
- US Chinese govt hackers breached telcos to snoop on network traffic [Sergiu Gatlan, BleepingComputer]
- New Linux-based ransomware targets VMware servers [John P. Mello Jr., CSO]
BitCoin
- How one paper just blew up Bitcoin’s claim to anonymity [Tiernan Ray, ZDNet]
- Brazilian Judge Dismisses Bitcoin Scam Mastermind’s Attempt to Block His Extradition to South Africa [Terence Zimwara, Bitcoin.com]

Infosec bits for week 22/22

Sicelo Ncekana

2022-06-03 14:27

Malware and Breaches
- International Authorities Take Down Flubot Malware Network [Elizabeth Montalbano, Threatpost]
- Conti spotted working on exploits for Intel Management Engine flaws [Jessica Lyons Hardcastle, The Register]
- 12K Misconfigured Elasticsearch Buckets Ravaged by Extortionists [Tara Seals, Dark Reading]
- EnemyBot Malware Targets Web Servers, CMS Tools and Android OS [Sagar Tiwari, Threatpost]
- New ChromeLoader malware surge threatens browsers worldwide [Bill Toulas, Bleeping Computer]
- Airline in Turkey Exposes Flight and Crew Info in 6.5TB Leak [Phil Muncaster, Infosecurity]
- Zero-Day ‘Follina’ Bug Lays Microsoft Office Open to Attack [Sagar Tiwari, Threatpost]
- NDIS case management system provider breached [Justin Hendry, iTnews]
Vulnerabilities and Patches
- Microsoft Publishes Workaround for One-Click 0 Day Under Active Attack [ITsec Bureau, ITSecurityWire]
- Industrial IoT ransomware attacks control systems directly [Joe Uchill, SC Magazine]
- Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones [Ravie Lakshmanan, The Hacker News]
- Scammers Target NFT Discord Channel [Sagar Tiwari, Threatpost]
- Critical Atlassian Confluence zero-day actively used in attacks [Lawrence Abrams, Bleeping Computer]
Other
- Phishers Having a Field Day on WhatsApp, Telegraph [Dark Reading Staff, Dark Reading]

Infosec bits for week 21/22

Kgwadi Matenche

2022-05-27 15:11

Security News:
- Researchers to release exploit for new VMware auth bypass, patch now [Ionut Ilascu, Bleeping Computer]
- Multiple Governments Buying Android Zero-Days for Spying: Google [Dark Reading]
- Threat actors target the infoSec community with fake PoC exploits [Pierluigi Paganini, Security Affairs]
- Justice dept channels funds to hack-proof IT systems [Sibahle Malinga, ITWeb]
Breaches & Leaks:
- Ransomware attack on nonprofit causes data breach of 500,000 students, teachers in Chicago [Jonathan Greig, The Record]
Vulnerabilities & Patches:
- Patch now: Zoom chat messages can infect PCs, Macs, phones with malware [Jessica Lyons Hardcastle, The Register]
- Chrome 102 Patches 32 Vulnerabilities [Eduard Kovacs, SecurityWeek]
- Mozilla Foundation Security Advisory 2022-19 [Mozilla]
Others:
- Attempted Ransomware Attack Grounds SpiceJet Flights [Mihir Bagwe, BankInfoSecurity]
- Vishing cases reach all time high [Help Net Security]
- Google shut down caching servers at two Russian ISPs [Bill Toulas, Bleeping Computer]
- Broadcom Snaps Up VMware in $61B Deal [Dark Reading]

Infosec bits for week 20/22

Renier van Heerden

2022-05-20 10:45

VMWare
- 2 vulnerabilities with 9.8 severity ratings are under exploit. A 3rd looms [Dan Goodin, Arstechnia]
- Hackers are actively exploiting a critical VMware vulnerability [Rual de Vries, MyBoadband]
Mobile
- Critical security flaws put millions of Android users’ privacy at risk [Rual de Vries, MyBoadband]
- Researchers devise iPhone malware that runs even when device is turned off [Dan Goodin, Arstechnia]
Web Hacks
- Massive WordPress JavaScript Injection Campaign Redirects to Ads [Krasimir Konov, SecurityBlog]
- Ad-tech firms grab email addresses from forms before they’re even submitted [Thomas Claburn, TheRegister]
Other News
- DOJ Announces It Won’t Prosecute White Hat Security Researchers [Joseph Cox, MotherBoard]
- Ransomware Attackers Get Short Shrift From Zambian Central Bank [Matthew Hill and Taonga Clifford Mitimingi, Bloomberg]
- Angry IT admin wipes employer’s databases, gets 7 years in priso [Bill Toulas, BleepingComputer]
- Dis-Chem data breach — 3.7 million client records exposed [Myles Illidge, MyBoadband]

Infosec bits for week 19/22

Sicelo Ncekana

2022-05-13 15:57

Malware and Breaches
- Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks [Elizabeth Montalbano, Threatpost]
- This sneaky new Go malware is causing havoc everywhere it goes [Sead Fadilpašić, TechRadar]
- Misconfigured ElasticSearch Servers Exposed 579 GB of Users’ Website Activity [Waqas, HackRead]
- Massive hacking campaign compromised thousands of WordPress websites [Pierluigi Paganini, Security Affairs]
Vulnerabilities and Patches
- Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates [Ravie Lakshmanan, The Hacker News]
- Researchers Develop RCE Exploit for the Latest F5 BIG-IP Vulnerability [Ravie Lakshmanan, The Hacker News]
- HP fixes bug letting attackers overwrite firmware in over 200 models [Bill Toulas, BleepingComputer]
- Microsoft: May Windows updates cause AD authentication failures [Sergiu Gatlan, BleepingComputer]
- Zyxel silently patches command injection vulnerability with 9.8 severity rating [Dan Goodin, Ars Technica]
Other
- Password stealer now spreading from a GitHub link that uses NFT content as bait [Jonathan Greig, The Record]
- Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service [Pierluigi Paganini, Security Affairs]
- Anatomy of a campaign to inject JavaScript into compromised WordPress sites [Jeff Burt, The Register]
- Backdoor in public repository used new form of attack to target big firms [Dan Goodin, Ars Technica]

Infosec bits for week 18/22

Kgwadi Matenche

2022-05-06 18:08

Security News:
- Cybercriminals love South Africa — Study [Myles Illidge, MyBroadband]
- Hackers stole data undetected from US, European orgs since 2019 [Bill Toulas, Bleeping Computer]
- CMS-based sites under attack: The latest threats and trends [Zeljka Zorz, Help Net Security]
- FBI: Business Email Compromise attacks led to more than $43 billion in losses since 2016 [Jonathan Greig, The Record]
Breaches & Leaks:
- Thousands of Borrowers’ Data Exposed from ENCollect Debt Collection Service [Ravie Lakshmanan, The Hacker News]
- Update: KCC Resumes Operations Post-Ransomware Attack [Mihir Bagwe, BankInfoSecurity]
Vulnerabilities & Patches:
- Decade-old bugs discovered in Avast, AVG antivirus software [Charlie Osborne, ZDNet]
- F5 Warns BIG-IP Customers About 18 Serious Vulnerabilities [Eduard Kovacs, SecurityWeek]
- Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches [Ravie Lakshmanan, The Hacker News]
Others:
- Russia to Rent Tech-Savvy Prisoners to Corporate IT? [Brian Krebs, Krebs On Security]
- GitHub will require all code contributors to use two-factor authentication [Corin Faife, The Verge]
- U.S. DoD tricked into paying $23.5 million to phishing actor [Bill Toulas, Bleeping Computer]
- Anonymous Leak 82GB of Police Emails Against Australia’s Offshore Detention [Waqas, HackRead]
- Group-IB CEO remains in prison – the Russian-led company has been ‘blacklisted’ in Italy [Pierluigi Paganini, Security Affairs]