Infosec bits for week 29/21

Schalk Peach

2021-07-23 10:01

Vulnerabilities
- Disable Windows print spooler or you could be hacked, says Microsoft [Joe White, Techspot]
- Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer [Bharat Jogi, Qualys]
- Fortinet Releases Security Updates for FortiManager and FortiAnalyzer [CISA]
- Lenovo Working on Patches for BIOS Vulnerabilities Affecting Many Laptops [Ionut Arghire, Security Week]
- Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling [Dan Goodin, ArsTechnica]
Ransomware
- Don’t Wanna Pay Ransom Gangs? Test Your Backups. [Krebs on Security]
- Kaseya gets master decryptor to help customers still suffering from REvil attack [Dan Goodin, ArsTechnica]
NSO Group
- NSO Group Hacked [Schneier on Security]
- The Pegasus Project [The Guardian]
- Emmanuel Macron identified in leaked Pegasus project data [Angelique Chrisafis, Dan Sabbagh, Stephanie Kirchgaessner and Michael Safi, The Guardian]
- Amazon Shuts Down NSO Group Infrastructure [Joseph Cox, Vice]
Local News
- Transnet hacked — South Africa’s port systems offline [Jan Vermeulen, MyBroadband]
- Fight over Internet domains in South Africa [Jan Vermeulen, MyBroadband]
General
- Today’s massive Internet outage comes courtesy of Akamai Edge DNS [Jim Salter, ArsTechnica]

Infosec bits for week 28/21

Kgwadi Matenche

2021-07-16 10:50

Security News:
- REvil Ransomware Gang Mysteriously Disappears After High-Profile Attacks [Ravie Lakshmanan, The Hacker News]
- iOS zero-day let SolarWinds hackers compromise fully updated iPhones [Dan Goodin, Ars Technica]
- Spain arrests 16 for working with the Mekotio and Grandoreiro malware gangs [Catalin Cimpanu, The Record]
Email-Borne Threats:
- Kaseya warns of phishing campaign pushing fake security updates [Sergiu Gatlan, Bleeping Computer]
- Nested Archives Help to Evade SEGs and Deliver BazarBackdoor [Aaron Riley, Cofense]
Breaches & Leaks:
- Kaseya ransomware attack: What we know now [Charlie Osborne, ZDNet]
Malware:
- WildPressure’s multi-platform malware hits macOS in the Middle East [Kaspersky]
- Fake Zoom App Dropped by New APT ‘LuminousMoth’ [Lisa Vaas, Threatpost]
Vulnerabilities & Patches:
- Kaseya patches VSA vulnerabilities used in REvil ransomware attack [Lawrence Abrams, Bleeping Computer]
- Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability [Cisco]
- Microsoft July 2021 Patch Tuesday: 117 vulnerabilities, Pwn2Own Exchange Server bug fixed [Charlie Osborne, ZDNet]
- Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild [Ravie Lakshmanan, The Hacker News]
- Microsoft discovers critical SolarWinds zero-day under active attack [Dan Goodin, Ars Technica]
- SonicWall Warns Secure VPN Hardware Bugs Under Attack [Tom Spring, Threatpost]
- VMware ESXi updates address authentication and denial of service vulnerabilities [VMware]
Others:
- Ensuring your cyber security is built for purpose [Ralph Bernd, ITWeb]
- Adobe: Critical Flaws in Reader, Acrobat, Illustrator [Ryan Naraine, SecurityWeek]
- Operation SpoofedScholars: A Conversation with TA453 [Proofpoint]
- Microsoft to Acquire RiskIQ [Doug Olenick, Bank Info Security]

Infosec bits for week 27/21

Renier van Heerden

2021-07-09 10:06

Ransomware
- REvil ransomware hits 1,000+ companies in MSP supply-chain attack [Lawrence Abrams, Bleeping Computer]
- This major ransomware attack was foiled at the last minute. Here’s how they spotted it [Danny Palmer, ZDNet]
- South African firms hit by ransomware attack — and hackers want R1 billion [Dawid Snyders, Mybroadband]
- Up to 1,500 businesses infected in one of the worst ransomware attacks ever [Dan Goodin, Arstechnica]
- Code in huge ransomware attack written to avoid computers that use Russian, says new report [Ken Dilanian, NBC News]
- Researchers Reproduce Exploit Used in Kaseya Hack [Eduard Kovacs, Security Week]
Patch
- Microsoft shares mitigations for Windows PrintNightmare zero-day bug [Sergiu Gatlan, Bleeping Computer]
- Windows emergency patch fixes critical security flaw — Update now [Hanno Labuschagne, Mybroadband]
Hacking
- Russian hackers are trying to brute-force hundreds of networks [Andy Greenberg, Arstechnica]
- Website of Mongolian certificate authority served backdoored client installer [Charlie Osborne, ZDNet]
- Russia Cozy Bear Breached GOP as Ransomware Attack Hit [William Turton and Jennifer Jacobs, Bloomberg]
- These Play Store apps were stealing your Facebook password [Hanno Labuschagne, Mybroadband]
Other
- Why Email Providers Scan Your Emails [Yael Grauer, Consumer Reports]
- Kaspersky Password Manager caught out making easily bruteforced passwords [Chris Duckett, ZDNet]

Infosec bits for week 26/21

Roderick Mooi

2021-07-02 08:14

Local news
- Data breach hits major South African insurance player [Duncan McLeod, NewsCentral Media]
Ransomware (still)
- What’s Your Plan if Ransomware Hits? [Joan Goodchild, Sophos / IDG Communications]
- Why ransomware is such a risk to the education sector [Henry Hughes, JISC / Tes Global]
  - See also: Ransomware Readiness Assessment CSET v10.3
- REvil ransomware’s new Linux encryptor targets ESXi virtual machines [Lawrence Abrams, Bleeping Computer]
Get ‘em patches / workarounds
- Windows Admins Scrambling to Contain ‘PrintNightmare’ Flaw Exposure [Ryan Naraine, Wired Business Media]
  - See also: Microsoft Windows Print Spooler RpcAddPrinterDriverEx() function allows for RCE
- A Well-Meaning Feature Leaves Millions of Dell PCs Vulnerable [Lily Hay Newman, WIRED / Condé Nast]
  - See also: Eclypsium Discovers Multiple Vulnerabilities Affecting 129 Dell Models via Dell Remote OS Recovery and Firmware Update Capabilities
- ‘Sophisticated threat actor’ targeting Zyxel firewalls and VPNs, vendor warns [Jessica Haworth, The Daily Swig]
  - See also: Best Practices to Secure a Distributed Network Infrastructure
Malware
- A Fly on ShellBot’s Wall: The Risk of Publicly Available Cryptocurrency Miners [Golo Mühr, Limor Kessem, Security Intelligence]
- Hackers Tricked Microsoft Into Certifying Malware That Could Spy on Users [Lorenzo Franceschi-Bicchierai, Motherboard / VICE]
  - See also: Microsoft signed a malicious Netfilter rootkit
Other news
- Cyber Insurance and the Cyber Security Challenge [Jamie MacColl, Dr Jason R. C. Nurse and James Sullivan, RUSI]
- Common Facebook scams and how to avoid them [Amer Owaida, ESET]
- Yes, We Want Cryptographic Protection for Email [Neal, Sequoia PGP / pEp]

Infosec bits for week 25/21

Schalk Peach

2021-06-25 11:22

Exploits
- Attackers Take Advantage of New Google Docs Exploit [Jeremy Fuchs, Avanan]
- VMware Releases Security Updates [US CERT]
- 30M Dell Devices at Risk for Remote BIOS Attacks, RCE [Tara Seals, ThreatPost]
- Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access [Tara Seals, ThreatPost]
Techniques aka More Supply Chain Issues
- Hackers are trying to attack big companies. Small suppliers are the weakest link [Danny Palmer, ZDNet]
Ransomware News
- Most firms face second ransomware attack after paying off first [Eileen Yu, ZDNet]
- Data leak marketplace pressures victims by emailing competitors [Lawrence Abrams, Bleeping Computer]
- Most organizations would pay in the event of a ransomware attack [Helpnet Security]
Governance
- Tabletop exercises explained: Definition, examples, and objectives [Josh Fruhlinger, CSO Online]
General
- Most DDoS attacks originate from fewer than 50 hosting companies [Nokia]

Infosec bits for week 24/21

Kgwadi Matenche

2021-06-18 12:19

Phishing:
- Pending Documents Invite You to WeTransfer Phish [Tej Tulachan, Cofense]
Security News:
- Avaddon Ransomware Shuts Down And Releases Decryption Keys [Lawrence Abrams, Bleeping Computer]
- Researchers Uncover ‘Process Ghosting’ — A New Malware Evasion Technique [Ravie Lakshmanan, SecurityWeek]
- NSA Releases Guidance on Securing Unified Communications and Voice and Video over IP Systems [NSA]
- Ukrainian police arrest Clop ransomware members, seize server infrastructure [Catalin Cimpanu, The Record]
  - South Korean police arrest computer repairmen who made and distributed ransomware [Catalin Cimpanu, The Record]
Breaches:
- Audi, Volkswagen data breach affects 3.3 million customers [Lawrence Abrams, Bleeping Computer]
- Hackers steal source code and more from Electronic Arts in massive data breach [Shawn Knight, TechSpot]
  - The cost of the EA data breach: $10 and a bit of social engineering [Shawn Knight, TechSpot]
- REvil ransomware gang hit US nuclear weapons contractor Sol Oriens [Pierluigi Paganini, Cyber Defense Magazine]
- MTN hit by crime syndicate[Rudolph Muller,MyBroadband ]
Vulnerabilities & Patches:
- GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability [Eduard Kovacs, SecurityWeek]
- Google fixes seventh Chrome zero-day exploited in the wild this year [Bleeping Computer, Sergiu Gatlan]
- Apple patches two iOS zero-days in old-gen devices [The Record, Catalin Cimpanu]
- Cisco Smart Switches Riddled with Severe Security Holes [Threatpost, Tara Seals]
Other:
- Microsoft to end Windows 10 support on October 14th, 2025 [The Verge, Tom Warren]
- Microsoft Defender ATP now warns of jailbroken iPhones, iPads [Bleeping Computer, Sergiu Gatlan]
- G7 calls on Russia to dismantle operations of ransomware gangs within its borders [Security Affairs, Pierluigi Paganini]

Infosec bits for week 23/21

Roderick Mooi

2021-06-11 11:42

Ransomware
- Alert: Further ransomware attacks on the UK education sector by cyber criminals [National Cyber Security Centre, UK]
- Ransomware-skewered meat producer JBS confesses to paying $11m for its freedom [Simon Sharwood, The Register]
- Ransomware – Do You Pay It Or Not? – Experts debate the costs and ethics surrounding ransomware payments [Jake Williams et al, SANS]
- How A New Team Of Feds Hacked The Hackers And Got Colonial Pipeline’s Ransom Back [Vanessa Romo, NPR]
  - See also: Pipeline Investigation Upends Idea That Bitcoin Is Untraceable
Patch Week
- Microsoft June 2021 Patch Tuesday: 50 vulnerabilities patched, six zero-days exploited in the wild [Charlie Osborne, Zero Day]
- New Chrome 0-Day Bug Under Active Attacks – Update Your Browser ASAP! [Ravie Lakshmanan, The Hacker News]
- Joomla Content System Vulnerable to Multiple Flaws [Akshaya Asokan, Information Security Media Group]
MFA / best practices
- 6 minimum security practices to implement before working on best practices [CSO / IDG Communications]
- Required MFA Is Not Sufficient for Strong Security: Report [Robert Lemos, Dark Reading/ Informa PLC]
- Best Defense? Our Red Team Lead Reveals 4 MFA Bypass Techniques [Shay Nahari, CyberArk]
Cloud Security
- The shared responsibility model explained and what it means for cloud security [Chris Hughes, CSO / IDG Communications]
- Confidential Computing: The Future of Cloud Computing Security [David Bisson, Security Intelligence]
Fun and Games
- How to Negotiate with Ransomware Hackers [Rachel Monroe, The New Yorker]
- Building a WebAuthn Click Farm — Are CAPTCHAs Obsolete? [Luke Young, better appsec / Medium]
Other news of interest
- Apple will not launch feature to hide online identity in South Africa or China [Jan Vermeulen, MyBroadband]
- How One Fastly Customer Broke the Internet [Shoshana Wodinsky, Gizmodo]
- Hackers can exploit bugs in Samsung pre-installed apps to spy on users [Ionut Ilascu, Bleeping Computer]
- Australian Federal Police and FBI nab criminal underworld figures in worldwide sting using encrypted app [Alison Xiao, ABC NEWS]
- Ransomware Is Not the Problem [Adam Shostack, Dark Reading/ Informa PLC]

Infosec bits for week 22/21

Renier van Heerden

2021-06-04 12:22

Ransomware
- Top meat supplier is the latest victim of a cyberattack [Yacob Reyes, Axios]
- Justice Department seizes domains used in Nobelium-USAID phishing campaign [Jonathan Greig, ZDNet]
- Live streams go down across Cox radio and TV stations in apparent ransomware attack [Catalin Cimpanu, The Record]
- Fujifilm becomes the latest victim of a network-crippling ransomware attack [Carly Page, TechCrunch]
- Exclusive-U.S. to give ransomware hacks similar priority as terrorism, official says [Christopher Bing, Reuters]
- Ransomware attack disrupts Massachusetts ferries [Catalin Cimpanu, The Record]
International
- NSA spied on European politicians through Danish telecommunications hub [Catalin Cimpanu, The Record]
- SolarWinds Hackers Impersonate U.S. Government Agency in New Attacks [Eduard Kovacs, Security Week]
- US Soldiers expose nuclea -weapons secrets via flashcard apps [Foeke Postma, Bellingcat]
Hacks
- Kaspersky Exploits for MS Office Flaws Most Popular in Q1 2021 [Ionut Arghire, Security Week]
- Researchers find four new malware tools created to exploit Pulse Secure VPN appliances [Charlie Osborne, ZDNet]
- Actively Exploited Zero-Day Found in WordPress Plugin Used by Many Online Stores [Ionut Arghire, Security Week]
- Vulnerability in Lasso Library Impacts Products From Cisco, Akamai [Eduard Kovacs, Security Week]
Other
- Wanted: Millions of cybersecurity pros. Salary: Whatever you want [Clare Duffy, CNN]
- Using Fake Reviews to Find Dangerous Extensions [Brian Krebs, Krebs on Security]

Infosec bits for week 21/21

Schalk Peach

2021-05-28 09:22

Emerging Trends
- UK Police Suffered Thousands of Data Breaches in 2020 [Phil Muncaster, InfoSecurity Magazine]
- Belgium’s Interior Ministry uncovers 2-year-long compromise of its network [Zeljka Zorz, HelpNet Security]
- A malware attack hit the Alaska Health Department [Pierluigi Paganini, Security Affairs]
- An Overview of DDoS Attacks in Q1 [Radware]
- Scenarios for the Future of Cybersecurity [Dr Victoria Baines & Rik Ferguson, Trend Micro]
Cloud Hijacks
- Microsoft, Google Clouds Hijacked for Gobs of Phishing [Becky Bracken, Threat Post]
How Not to Respond
- Logistics giant exposes customer data, Lolz at researchers when alerted [Habiba Tashid, HackRead]
Governance
- Taking Time Off? What Your Out of Office Message Tells Attackers [Sue Poremba, Security Intelligence]
- The Changing Face of Cybersecurity Awareness [Lise Lapointe, DARKReading]
Interesting Tools
- Microsoft SimuLand, an open-source lab environment to simulate attack scenarios [Pierluigi Paganini, Security Affairs]

Infosec bits for week 20/21

Kgwadi Matenche

2021-05-21 13:37

Malware:
- Microsoft warns of malware campaign spreading a RAT masquerading as ransomware [Catalin Cimpanu, The Record]
  - New Java STRRAT ships with .crimson ransomware module [Karsten Hahn, GDATA]
- Scammers Impersonating Windows Defender to Push Malicious Windows Apps [Craig Schmugar, McAfee]
Breaches & Leaks:
- Student health insurance carrier Guard.me suffers a data breach [Lawrence Abrams, Bleeping Computer]
- The Full Story of the Stunning RSA Hack Can Finally Be Told [Andy Greenberg, WIRED]
News:
- Android apps exposed data of millions of users through cloud authentication failures [Charlie Osborne, ZDNet]
- Irish High Court issues injunction to prevent HSE data leak [Lawrence Abrams, Bleeping Computer]
- Royal Mail phish deploys evasion tricks to avoid analysis [Malwarebytes Labs]
Vulnerabilities & Patches:
- Exploit released for wormable Windows HTTP vulnerability [Sergiu Gatlan, Bleeping Computer]
- Researchers Find Exploitable Bugs in Mercedes-Benz Cars [Ionut Arghire, SecurityWeek]
- 4 vulnerabilities under attack give hackers full control of Android devices [Dan Goodin, Ars Technica]
Others:
- Microsoft to retire Internet Explorer on some Windows 10 versions [Sergiu Gatlan, Bleeping Computer]
- Cybersecurity Training: Raising Awareness And Securing Your Business [Tripwire]
- Insurer AXA hit by ransomware after dropping support for ransom payments[Ax Sharma, Bleeping Computer]