C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

Infosec bits for week 37/22

Kgwadi Matenche

2022-09-16 10:39

Security News:
- New malware bundle self-spreads through YouTube gaming videos [Bill Toulas, Bleeping Computer]
- Malware on Pirated Content Sites a Major WFH Risk for Enterprises [Jai Vijayan, Dark Reading]
Phishing:
- Death of Queen Elizabeth II exploited to steal Microsoft credentials [Sergiu Gatlan, Bleeping Computer]
Breaches & Leaks:
- Uber investigating possible hack of internal databases [Bloomberg, MyBroadband]
- Ransomware Group Leaks Files Stolen From Cisco [Eduard Kovacs, SecurityWeek]
- Breach of software maker used to backdoor ecommerce servers [Don Goodin, Ars Technica]
Malware:
- Linux variant of the SideWalk backdoor discovered [Help Net Security]
Vulnerabilities & Patches:
- Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws [Lawrence Abrams, Bleeping Computer]
- Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw [Ravie Lakshmanan, The Hacker News]
- Adobe Patches 63 Security Flaws in Patch Tuesday Bundle [Ryan Naraine, SecurityWeek]
- WordPress Sites Hacked via Zero-Day Vulnerability in WPGateway Plugin [Ionut Arghire, SecurityWeek]
  - Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned [Pierluigi Paganini, Security Affairs]
Others:
- A Response Guide for New NSA and CISA Vulnerabilities [Mark Stone, Security Intelligence]
- China says NSA used multiple cybersecurity tools in attacks against Chinese university [Eileen Yu, ZDNet]

Infosec bits for week 36/22

Heloise Meyer

2022-09-09 13:23

Cybersecurity News:
- WhatsApp change could cause legal problems for group admins in South Africa — How to protect yourself [Hanno Labuschagne, MyBroadband]
- You should know that most websites share your in-site search queries with third parties [Zeljka Zorz, Help Net Security]
- Claim of TikTok Breach Spotlights Viral App’s Lure as Target [Jamie Tarabay, Bloomberg]
Malware:
- North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns [Ravie Lakshmanan, The Hacker News]
- Bumblebee malware adds post-exploitation tool for stealthy infections [Bill Toulas, BleepingComputer]
- Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group [Ravie Lakshmanan, The Hacker News]
- New Linux malware evades detection using multi-stage deployment [Bill Toulas, BleepingComputer]
- Ransomware attacks on Linux up 75% [Myles Illidge, MyBroadband]
- Moobot Botnet is Coming for Your Unpatched D-Link Router [Garrett Thompson, Binary Defense]
Phishing Attacks:
- A Webb Telescope image is being used to push malware [Mariella Moon, Engadget]
- Hackers Repeatedly Targeting Financial Services in French-Speaking African Countries [Ravie Lakshmanan, The Hacker News]
- New EvilProxy service lets all hackers use advanced phishing tactics [Bill Toulas, BleepingComputer]
Hacks:
- Anonymous reportedly behind hack of Russia’s biggest taxi service [Hanno Labuschagne, MyBroadband]
- China accuses US of hacking government-linked research university [Bloomberg, MyBroadband]
Vulnerabilities & Patches:
- Cisco Releases Security Patches for New Vulnerabilities Impacting Multiple Products [Ravie Lakshmanan, The Hacker News]

Infosec bits for week 35/22

Renier van Heerden

2022-09-02 16:26

Hacks
- Hackers created large traffic jam in Moscow [Editor, South Front]
- A huge Chinese database of faces and vehicle license plates spilled online [Zack Whittaker, TechCrunch]
- Plex breach exposes usernames, emails, and encrypted passwords [Jess Weatherbed, The Verge]
- Experts warn of widespread exploitation involving Hikvision cameras [Jonathan Greig, The Record]
Securing
- Googles open-source bug bounty aims to clamp down on supply chain attacks [Mitchell Clark, The Verge]
- Apple releases rare iOS 12 update to address security flaw on older iPhones and iPads [I Bonifacic, Engadget]
- Caught up in another password breach Follow these 3 rules to protect yourself online [Ed Bott, ZDNet]
Other
- Who Pays for an Act of Cyberwar [Josephine Wolff, Wired]
- Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies [Donie O’Sullivan, Clare Duffy and Brian Fung, CNN]
- Linux devices increasingly under attack from hackers, warn security researchers [Danny Palmer, ZDNet]

Infosec bits for week 34/22

Sicelo Ncekana

2022-08-26 16:29

Security News
- 0ktapus phishing campaign: Twilio hackers targeted other 136 organizations [Pierluigi Paganini, Security Affairs]
- Phishing attacks abusing SaaS platforms see a massive 1,100% growth [Bill Toulas, Bleeping Computer]
- Hybrid Vishing Attacks Soar 625% in Q2 [Phil Muncaster, Infosecurity Magazine]
- PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks [Ravie Lakshmanan, The Hacker News]
- DoorDash Confirms Data Breach that Exposed Customers’ Information [Princess Scott, iTECKPOST]
- CEOs beware: senior executives targeted in complex Office 365 attack [Ryan Morrison, Tech Monito]
Malware
- A malware that hijacks ADFS to log in as anyone in Windows has been discovered [Angad Singh, Inside]
- BlackByte is Back and Acting a Lot Like LockBit [Teri Robinson, Security Boulevard]
- New Golang Ransomware Agenda Customizes Attacks [Mohamed Fahmy, Thrend Micro]
- Fake Chrome extension ‘Internet Download Manager’ has 200,000 installs [Ax Sharma, Bleeping Computer]
Vulnerabilities and Patches
- Google Patches Chrome’s Fifth Zero-Day of the Year [Elizabeth Montalbano, Threat Post]
- Windows 11 KB5016691 preview update released with 22 changes [Lawrence Abrams, Bleeping Computer]
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras [Nate Nelson, Threat Post]
- LastPass breach: Source code, proprietary tech info stolen [Zeljka Zorz, Help Net Security]
- Critical RCE bug in GitLab patched, update ASAP! [Zeljka Zorz, Help Net Security]
- Palo Alto warns of firewall vulnerability used in DDoS attack on service provider [Jonathan Greig, The Record]
- Privilege Escalation Flaw Haunts VMware Tools [SecurityWeek News, SecurityWeek News]

Infosec bits for week 33/22

Kgwadi Matenche

2022-08-19 15:55

Security News:
- China’s APT41 Embraces Baffling Approach for Dropping Cobalt Strike Payload [Jai Vijayan, Dark Reading]
- Security Firms Find Over 20 Malicious PyPI Packages Designed for Data Theft [Ionut Arghire, SecurityWeek]
- The Zoom installer let a researcher hack his way to root access on macOS [The Verge, Corin Faife]
- Over 9,000 VNC servers exposed online without a password [Bill Toulas, Bleeping Computer]
Phishing:
- PayPal Phishing Scam Uses Invoices Sent Via PayPal [Brian Krebs, KrebsOnSecurity]
Breaches & Leaks:
- New MailChimp breach exposed DigitalOcean customer email addresses [Lawrence Abrams, Bleeping Computer]
- UK water company confirms cyberattack after confusion over ransomware group threats [Jonathan Greig, The Record]
- 1,900 Signal users’ phone numbers exposed by Twilio phishing [Kevin Purdy, Ars Technica]
- The Zoom installer let a researcher hack his way to root access on macOS [Hanno Labuschagne, MyBroadband]
Vulnerabilities & Patches:
- Safari 15.6.1 addresses a zero-day flaw actively exploited in the wild [Pierluigi Paganini, Security Affairs]
- New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild [Ravie Lakshmanan, The Hacker News]
Others:
- Playing Janet Jackson music video crashed hard drives in nearby computers [Rual de Vries, MyBroadband]

Infosec bits for week 32/22

Heloise Meyer

2022-08-12 13:23

Cybersecurity News:
- Cisco hacked through employee’s compromised Google account [Bloomberg, MyBroadband]
- More than a dozen companies developing single standard to detect cyberattacks faster [Brian Fung, CNN]
- The Business of Hackers-for-Hire Threat Actors [The Hacker News, The Hacker News]
Malware:
- Researchers Look Inside Russian Malware Targeting Ukrainian Power Grid [Max Eddy, PCMag]
- Hackers install Dracarys Android malware using modified Signal app [Bill Toulas, BleepingComputer]
- Great, Now the Apple App Store Has Malware Too [Brendan Hesse, Life Hacker]
Vulnerabilities & Patches:
- Microsoft calls on IT admins to take extra steps to shield against Exchange vulnerabilities [Sead Fadilpasic, TechRadar]
- Serious Windows and Linux UnRAR vulnerabilities exploited in the wild [Rual de Vries, MyBroadband]
- Security vulnerabilities found in Intel and AMD processors [Martin Brinkmann, Ghacks]
- Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws [Threatpost, Threatpost]
- Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability [Ravie Lakshmanan, The Hacker News]
- IBM Patches High-Severity Vulnerabilities in Cloud, Voice, Security Products [Ionut Arghire, Security Week]
- Deepfakes expose vulnerabilities in certain facial recognition technology [Jessica Hallman, PennState]
Other:
- Google’s massive 144 Tbps undersea cable lands in South Africa [Jan Vermeulen, MyBroadband]

Infosec bits for week 31/22

Sicelo Ncekana

2022-08-05 13:21

Security News
- Universities are at risk of email-based impersonation attacks [Help Net Security, Help Net Security]
- Phishers use custom phishing kit to hijack MFA-protected enterprise Microsoft accounts [Zeljka Zorz, Help Net Security]
- Users Still in the Dark Over $5m Theft From Blockchain Firm Solana [Phil Muncaster, Info security]
- US Federal Communications Commission warns of the rise of smishing attacks [Pierluigi Paganini, Security Affairs]
- Dark Web Research Suggests 87% of Ransomware Brands Exploit Malicious Macros [Alessandro Mascellino, Info security]
- Chinese Hackers Using New Manjusaka Hacking Framework Similar to Cobalt Strike [Ravie Lakshmanan, The Hacker News]
Malware
- One-third of organizations experience weekly ransomware attacks [Security Magazine, Security Magazine]
- Lockbit ransomware gang claims to have breached the Italian Revenue Agency [Pierluigi Paganini, Security Affairs]
- A Growing Number of Malware Attacks Leveraging Dark Utilities ‘C2-as-a-Service’ [Ravie Lakshmanan, The hacker news]
- A Bunch of Android Apps Spread Adware and Other Malware [Cyware, Cyware]
Vulnerabilities and Patches
- Hackers Exploit Atlassian Confluence Vulnerability to Deploy New ‘Ljl’ Backdoor [Sergiu Gatlan, BleepingComputer]
- Google Paid Out $90,000 for Vulnerabilities Patched by Chrome 104 [Eduard Kovacs, Security Week]
- Google Patches Critical Android Flaw Allowing Remote Code Execution via Bluetooth [Security Curated, Security Curated]
- 29 models of DrayTek routers impacted by critical RCE vulnerability [Blossom Hazarika, TheTechOutlook]
- Critical flaws found in four Cisco SMB router ranges for the second time this year [Simon Sharwood, The Register]
- CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog [Sacut, Sacut]
Others
- Securing Your Move to the Hybrid Cloud [Rani Osnat, Threatpost]
- New Traffic Light Protocol standard released after five years [Sergiu Gatlan, BleepingComputer]
- 6 ways your cloud data security policies are slowing innovation and how to avoid that [Rob Geurtsen, Help Net Security]
- How to minimize your exposure to supply chain attacks [Vumetric Cyber Portal, Vumetric Cyber Portal]
- Be careful where you install software, and who installs it [Richard Speed, The Register]

Infosec bits for week 30/22

Sicelo Ncekana

2022-07-29 15:36

Security News:
- Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office [Elizabeth Montalbano, Threatpost]
- Microsoft and Facebook Most Targeted Brands in The Rise of Phishing Attacks [ITsec Bureau, ITSecurity Wire]
- Messaging Apps Used As Platform For Cyber-Criminal Activity [Alan Rubins, PSBE Cyber News Group]
- Akamai blocked largest DDoS in Europe against one of its customers [Bill Toulas, BleepingComputer]
- Hackers change tactics to fight Microsoft, a new phishing service aimed at banks and more [Howard Solomon, ITWorld Canada]
- Kansas MSP shuts down cloud services to fend off cyberattack [Monday Daily, Monday Daily]
Malware:
- A New Novel Malware is Working to Hijack Facebook Business Accounts [Aleena Jawaid, Technologistan]
- Microsoft links Raspberry Robin malware to Evil Corp attacks [Yara Foster, NEWSPOSTALK]
- Ransom payments fall as fewer victims choose to pay hackers [Bill Toulas, The Office of Inadequate Security]
Vulnerabilities & Patches:
- Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office [Elizabeth Montalbano, Threatpost]
- Malicious npm packages steal Discord users’ payment card info [Sergiu Gatlan, BleepingComputer]
- Microsoft SQL servers hacked to steal bandwidth for proxy services [Bill Toulas, BleepingComputer]
- Cyberspies use Google Chrome extension to steal emails undetected [Sergiu Gatlan, BleepingComputer]

Infosec bits for week 29/22

Heloise Meyer

2022-07-22 11:12

Cybersecurity News:
- 5 Reasons to Attend the Public Sector Cybersecurity Summit 2022 [Luis Monzon, IT News Africa]
- Liquid launches Africa’s first Cyber Security Fusion Centre [Natasha Odendaal, Engineering News]
- Cyber security and its importance in business [BDO South Africa Services, ITWeb]
- The growing costs of cybercrime – a data breach can impact a business for many years to come [Simeon Tassev, Engineering News]
Malware:
- Russian hackers behind SolarWinds are now hiding malware in Google Drive [Carly Page, TechCrunch]
- Sharkbot Malware Found in Apps Posing as Antivirus Solutions [Jonathan Reed, Security Intelligence]
- New Rust-based Ransomware Family Targets Windows, Linux, and ESXi Systems [Ravie Lakshmanan, The Hacker News]
- More malware-infested apps found in the Google Play store [Graham Cluley, Tripwire]
Hacks & Data Breaches:
- Another Twitter Hack Hits the NFT Community [Eli Tan, CoinDesk]
- Neopets data breach exposes personal data of 69 million members [Lawrence Abrams, BleepingComputer]
Vulnerabilities & Patches:
- Oracle Releases 349 New Security Patches With July 2022 CPU [Ionut Arghire, Security Week]
- Chrome 103 Update Patches High-Severity Vulnerabilities [Ionut Arghire, Security Week]
- Apple Ships Urgent Security Patches for macOS, iOS [Ryan Naraine, Security Week]
- Vulnerabilities in popular GPS tracker could allow hackers to remotely stop cars [Zelika Zorz, Help Net Security]

Infosec bits for week 28/22

Sicelo Ncekana

2022-07-18 07:45

Security News:
- Journalists Emerge as Favored Attack Target for APTs [Elizabeth Montalbano, Threatpost]
- Hackers impersonate cybersecurity firms in callback phishing attacks [Bill Toulas, BleepingComputer]
- Elastix VoIP systems hacked in massive campaign to install PHP web shells [Bill Toulas, BleepingComputer]
- Hackers stole US$620 million from Axie Infinity with fake job interviews [IT World Canada Staff, IT World Canada Staff]
Malware:
- Emerging H0lyGh0st Ransomware Tied to North Korea [Elizabeth Montalbano, Threatpost]
- Crunch time for EU web authentication plan as Mozilla launches campaign to protect status quo [Adam Bannister, The Dily Swing]
- New Lilith Ransomware Family Joins the Double Extortion Threat Landscape [Cyware Alerts – Hacker News, Cyware]
Breaches & Leaks:
- Former CIA employee convicted for carrying out largest data leak in agency’s history [Mark Morales, CNN]
- More than 4,000 individuals’ medical data left exposed for 16 years [GFiuui45fg, Cyber Reports]
- 1.9m patient records exposed in healthcare debt collector ransomware attack [Jessica Lyons Hardcastle, The Register]
- Aon Hack Exposed Sensitive Information of 146,000 Customers [Benjamin David, Info Security]
Vulnerabilities & Patches:
- Microsoft Teams security vulnerability left users open to XSS via flawed stickers feature [Charlie Osborne, The Dily Swing]
- SAP Patches High-Severity Vulnerabilities in Business One Product [Ionut Arghire, Security Week]
- Netwrix Auditor Bug Could Lead to Active Directory Domain Compromise [Dark Reading, Dark Reading]
- Actively exploited zero-day and four ‘critical’ vulnerabilities fixed in Microsoft’s July Patch Tuesday [Connor Jones, ITPro]
- How Attackers Could Dupe Developers into Downloading Malicious Code From GitHub [Jai Vijayan, Dark Reading]