Infosec bits for 2023 week 11

Kgwadi Matenche

2023-03-17 14:13

Security News:
- Hackers now use Microsoft OneNote attachments to spread malware [Lawrence Abrams, Bleeping Computer]
- Project Zero: Samsung Mobile Chipsets Vulnerable to Baseband Code Execution Exploits [Ryan Naraine, Security Week]
- Leveraging Behavioral Analysis to Catch Living-Off-the-Land Attacks [Dark Reading]
Breaches & Leaks:
- UK’s largest state boarding school announces ‘sophisticated cyberattack’ [Alexander Martin, The Record]
- Latitude cyberattack leads to data theft at two service providers [Bill Toulas, Bleeping Computer]
Vulnerabilities & Patches:
- Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script [Ryan Naraine, Security Week]
- Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency [Pierluigi Paganini, Security Affairs]
- Fortinet: New FortiOS bug used as zero-day to attack govt networks [Sergiu Gatlan, Bleeping Computer]
- SAP releases security updates fixing five critical vulnerabilities [Bill Toulas, Bleeping Computer]
- Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers [Pierluigi Paganini, Security Affairs]
Others:
- Kaspersky releases tool for decrypting Conti-based ransomware [Kaspersky]

Infosec bits for 2023 week 10

Heloise Meyer

2023-03-10 13:23

Cybersecurity News:
- Where are the women in cyber security? On the dark side, study suggests [Brandon Vigliarolo, The Register]
- GitHub makes 2FA mandatory next week for active developers [Sergiu Gatlan, BleepingComputer]
- Darktrace warns of rise in AI-enhanced scams since ChatGPT release [Mark Sweney, The Guardian]
- ChatGPT Integrated Into Cybersecurity Products as Industry Tests Its Capabilities [Eduard Kovacs, SecurityWeek]
- DuckDuckGo launches AI-powered search query answering tool [Bill Toulas, BleepingComputer]
- Defeating the Deepfake Danger [Derek Manky, SecurityWeek]
Malware:
- BlackMamba: Using AI to Generate Polymorphic Malware [Jeff Sims, Security Boulevard]
- Sys01 Stealer’ Malware Targeting Government Employees [Ionut Arghire, SecurityWeek]
- Sneaky malware BlackLotus can bypass important Windows boot functions [Joe Warminsky, The Record]
- Custom Chinese Malware Found on SonicWall Appliance [Eduard Kovacs, SecurityWeek]
- IceFire ransomware now encrypts both Linux and Windows systems [Sergiu Gatlan, BleepingComputer]
Vulnerabilities:
- New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access [Ravie Lakshmanan, The Hacker News]
- Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks [Ionut Arghire, SecurityWeek]
Hacks:
- LastPass Hack: Engineer’s Failure to Update Plex Software Led to Massive Data Breach [Ravie Lakshmanan, The Hacker News]
- Acer confirms breach after 160GB of data for sale on hacking forum [Bill Toulas, BleepingComputer]
- AT&T Vendor Breach Exposes Data on 9M Wireless Accounts [DarkReading, DarkReading]

Infosec bits for 2023 week 9

Maajied Moos

2023-03-03 14:59

Malware
- Fake Amazon Prime email abuses LinkedIn’s URL shortener [Christopher Boyd, Malwarebytes Labs]
- Royal Ransomware Targets Linux ESXi Servers [Geri Revay, Fortinet]
- Beware rogue 2FA apps in App Store and Google Play – don’t get hacked! [Paul Ducklin, Naked Security]
- How Cambodia-based scammers made an estimated $3 million in ‘pig butchering’ scheme [Daryna Antoniuk, The Record]
Hacks
- News Corp says hackers first breached its systems between Feb 2020 and Jan 2022 [Pierluigi Paganini, SecurityAffairs]
- Dish Network goes offline after likely cyberattack, employees cut off [Ax Sharma, BleepingComputer.com logo]
- Hacker leaks alleged Activision employee data on cybercrime forum [Bill Toulas, BleepingComputer.com logo]
- Video Marketing Software Animker Leaking Trove of User Data [WAQAS, HackRead]
Information
- Crime Blotter: Hackers Fail to Honor Promises to Delete Data [Mathew J. Schwartz, Bank Info Security]
- A year after Russia’s invasion, the scope of cyberwar in Ukraine comes into focus [AJ VICENS AND ELIAS GROLL, CyberScoop]
- Firms Who Pay Ransom Subsidise 10 New Attacks: Report [Phil Muncaster, Infosecurity Magazine]
- The mobile malware threat landscape in 2022 [TATYANA SHISHKOVA, Secure List]
- Tech manufacturers are leaving the door open for Chinese hacking, Easterly warns [Jonathan Greig, The Record]
Tools
- Bitdefender Releases Decryptor for MortalKombat Ransomware [Bitdefender, Bitdefender]

Infosec bits for 2023 week 8

Sicelo Ncekana

2023-02-24 12:52

Write your post here.

Security news
- WhatsApp, Grindr, and Facebook used to entrap and persecute LGBT citizens, says report [Damien Black, Cybernews]
- Google Paid Over $12 Million As Bug Bounty Rewards In 2022 [Guru, Cyber Security News]
- Microsoft urges Exchange admins to remove some antivirus exclusions [Sergiu Gatlan, BleepingComputer]
- GoDaddy says a multi-year breach hijacked customer websites and accounts | Ars Technica [Dan Goodin, Ars Technica]
Malware
- Beware! Fake ChatGPT Windows & Android Apps Deliver Dangerous Malware [Balaji N, Cyber Security News]
- Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware [Ravie Lakshmanan, The Hacker News]
- New RambleOn Android Malware Used Against Journalist [Cyware, Cyware]
- Ransomware Attack Forces Produce Giant Dole to Shut Down Plants [Eduard Kovacs, Security Week]
- LockBit gives up on Royal Mail ransom, leaks data and private chats [Damien Black, Cybernews]
- Washington State city allegedly hit by ransomware [Jurgita Lapienytė, Cybernews]
- MyloBot Botnet Spreading Rapidly Worldwide: Infecting Over 50,000 Devices Daily [Ravie Lakshmanan, The Hacker News]
Vulnerabilities and Patches
- A New Kind of Bug Spells Trouble for iOS and macOS Security [Matt Burgerss, Wired]
- Apple Patches Multiple Vulnerabilities In Latest Security Updates – Spiceworks [Anuj Mudaliar, Spiceworks]
- Cisco Patches High-Severity Vulnerabilities in ACI Components [Eduard Kovacs, Security Week]
- Exploit released for critical Fortinet RCE flaw, patch now [Bill Toulas, BleepingComputer]

Infosec bits for 2023 week 7

Renier van Heerden

2023-02-17 19:32

Ransomeware
- Ransomware gang uses new zero-day to steal data on 1 million patients [Carly Page, TechCrunch]
- City of Oakland declares state of emergency after ransomware attack [Sergiu Gatlan, BleepingComputer]
- Ransomware Attacks on Industrial Firms Increased by 87percent in 2022 [Jack Gillum, Bloomberg]
- Cryptocurrency users in the US hit by ransomware and Clipper malware [Cedric Pernet, TechRepublic]
Hacks
- FBI confirms it’s investigating a cyber incident on its own network [Carly Page, TechCrunch]
- Microsoft Exchange ProxyShell flaws exploited in new crypto-mining attack [Bill Toulas, BleepingComputer]
- Researchers unearth Windows backdoor that’s unusually stealthy [Dan Goodin, Arstechnica]
- A researcher tried to buy mental health data. It was surprisingly easy. [Kevin Collier, NBCnews]
Information
- How to manage third-party cybersecurity risks that are too costly to ignore [Jon Siegler, TechCrunch]
- CISA warns of Windows and iOS bugs exploited as zero-days [Sergiu Gatlan, BleepingComputer]
- Microsoft will forcibly remove Internet Explorer from most Windows 10 PCs today [Andrew Cunningham, Arstechnica]
- Hackers are selling a service that bypasses ChatGPT restrictions on malware [Dan Goodin, Arstechnica]
Patch
- Fortinet fixes critical RCE flaws in FortiNAC and FortiWeb [Bill Toulas, BleepingComputer]
- Microsoft February 2023 Patch Tuesday fixes 3 exploited zero-days, 77 flaws [Lawrence Abrams, BleepingComputer]

Infosec bits for 2023 week 6

Kgwadi Matenche

2023-02-10 12:42

Cybersecurity News:
- Google Chrome 110 arrives – but not all Windows PCs will get it [Danny Palmer, ZDNET]
- First Linux variant of Clop ransomware targeted universities, colleges but was flawed [Jonathan Greig, The Record]
Malware:
- ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware [Eduard Kovacs, SecurityWeek]
  - VMware Security Response Center (vSRC) Response to ‘ESXiArgs’ Ransomware Attacks [Edward Hawkins, VMware]
Vulnerabilities & Patches:
- Android’s February 2023 Updates Patch 40 Vulnerabilities [Ionut Arghire, SecurityWeek]
- Actively exploited GoAnywhere MFT zero-day gets emergency patch [Sergiu Gatlan, Bleeping Computer]
- Patch your Jira Service Management Server and Data Center and check for compromise! [Zeljka Zorz, Help Net Security]
Breaches & Leaks:
- Reddit Breached With Stolen Employee Credentials [Dark Reading Staff, Dark Reading]
- All classes canceled at Irish university as it announces ‘significant IT breach’ [Alexander Martin, The Record]
- Mortgage Broker 8Twelve Exposes Data of Canadian Residents [Habiba Rashid, HackRead]
- RSAWeb hit by ransomware attack [Jan Vermeulen, MyBroadband]
Others:
- PayPal and Twitter abused in Turkey relief donation scams [Ax Sharma, Bleeping Computer]
- Lessons Learned on Ransomware Prevention from the Rackspace Attack [Bleeping Computer]

Infosec bits for 2023 week 5

Heloise Meyer

2023-02-03 12:47

Cybersecurity News:
- Massive RSAWeb outage — fibre restored, cloud hosting and mobile still offline [Jan Vermeulen, MyBroadband]
- Hacker finds bug that allowed anyone to bypass Facebook 2FA [Lorenzo Franceschi-Bicchierai, TechCrunch]
- Reality check: Is ChatGPT really the next big cybersecurity threat? [Elias Groll, Cyberscoop]
Malware:
- Ransomware attack on data firm ION could take days to fix -sources [James Pearson, Reuters]
- Royal Mail cyberattack linked to LockBit ransomware operation [Lawrence Abrams, BleepingComputer]
- Titan Stealer: A New Golang-Based Information Stealer Malware Emerges [Ravie Lakshmanan, The Hacker News]
- Hackers weaponize Microsoft Visual Studio add-ins to push malware [Bill Toulas, BleepingComputer]
- Prilex POS malware evolves to block contactless transactions [Cedric Pernet, TechRepublic]
- New HeadCrab malware infects 1,200 Redis servers to mine Monero [Sergiu Gatlan, BleepingComputer]
- New Nevada Ransomware targets Windows and VMware ESXi systems [Bill Toulas, BleepingComputer]
Vulnerabilities:
- Over 29,000 QNAP devices vulnerable to code injection attacks [Sergiu Gatlan, BleepingComputer]
- New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products [Ravie Lakshmanan, The Hacker News]
- Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability [Ravie Lakshmanan, The Hacker News]

Infosec bits for 2023 week 4

Maajied Moos

2023-01-27 15:04

Security news
- Electronic health record giant NextGen dealing with cyberattack [Jonathan Greig, The Record]
- Riot Games hacked, delays game patches after security breach [Sergiu Gatlan, Bleeping Computer]
- Enterprises remain vulnerable through compromised API secrets [Help Net Security, Help Net Security]
- API Security Fundamentals: Everything You Need To Know [PJ Bradley, Tripwire]
- Ohio town working to restore municipal court systems after cyberattack [Jonathan Greig, The Record]
- Security and the Electric Vehicle Charging Infrastructure [Shachar Inbar, Dark Reading]
- Dutch hacker obtained virtually all Austrians’ personal data [Staff Writer, ITNews]
Malware
- Bots Are Now Robocalling to Phish For Your Two-Factor Authentication (2FA) Codes [Neetu Singh, Radware Blog]
- Bitwarden password vaults targeted in Google ads phishing attack [Lawrence Abrams, Bleeping Computer]
Vulnerabilities and Patches
- Around 19,500 end-of-life Cisco routers are exposed to hack [Pierluigi Paganini, Security Affairs]
- Exploits released for two Samsung Galaxy App Store vulnerabilities [Bill Toulas, Bleeping Computer]
- Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages [Ravie Lakshmanan, The Hacker News]
- Lexmark warns of RCE bug affecting 100 printer models, PoC released [Bill Toulas, Bleeping Computer]
- Apple Patches WebKit Code Execution in iPhones, MacBooks [Ryan Naraine, Security Week]

Infosec bits for 2023 week 3

Sicelo Ncekana

2023-01-20 13:51

Security news
- BackdoorDiplomacy APT Uses Turian Backdoor to Target Iranian Government [Cyware, Cyware]
- 37 million T-Mobile customers were hacked [David Goldman, CNN]
- Watch Out For This AnyDesk Phishing Campaign That Delivers Vidar Info Stealer [Abeerah Hashim, LHN]
- PayPal accounts breached in large-scale credential stuffing attack [Bill Toulas, BleepingComputer]
- A Sneaky Ad Scam Tore Through 11 Million Phones [Matt Burgess, Wired]
- LastPass users should move their crypto funds, experts warn [Pieter Arntz, Malwarebytes]
- Google sponsored ads lead to rogue imitation sites [Christopher Boyd, Malwarebytes]
Malware
- Ransomware attack hits nearly 300 fast food restaurants in UK, including KFC and Pizza Hut [Alexander Martin, The record]
- Phishers Use Blank Images to Disguise Malicious Attachments [Phil Muncaster, Info Security]
Vulnerabilities and Patches
- Researcher Finds Class Pollution – A Prototype Pollution Variant Affecting Python [Abeerah Hashim, LHN]
- Microsoft: Windows 11 apps might not start after system restore [Sergiu Gatlan, BleepingComputer]
- WAGO fixes config export flaw threatening data leak from industrial devices [Charlie Osborne, The Daily Swing]
- Drupal Patches Vulnerabilities Leading to Information Disclosure [Ionut Arghire, Scurity Week]
- Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability [Ionut Arghire, Scurity Week]

Control Web Panel

Renier van Heerden

2023-01-13 11:10

Vulnerability with 9.8 severity in Control Web Panel is under active exploit [Dan Goodin, Arstechnica]
CVE-2022-44877 Detail [NIST]
CVE-2022-44877 Tenable [Tenable]
CVE-2022-44877 Mitre [Mitre]