Infosec bits for week 02/22

Kgwadi Matenche

2022-01-14 12:23

Security News:
- Log4j: How hackers are using the flaw to deliver this new ‘modular’ backdoor [Liam Tung, ZDNet]
- Dev corrupts NPM libs ‘colors’ and ‘faker’ breaking thousands of apps [Ax Sharma, Bleeping Computer]
- Ransomware Group That Targeted Over 50 Companies Dismantled in Ukraine [Eduard Kovacs, SecurityWeek]
- New Vulnerabilities Highlight Risks of Trust in Public Cloud [Robert Lemos, Dark Reading]
- Microsoft Defender weakness lets hackers bypass malware detection [Ionut Ilascu, Bleeping Computer]
Vulnerabilities & Patches:
- ‘Wormable’ Flaw Leads January 2022 Patch Tuesday [Brian Krebs, Krebs on Security]
- Cisco fixes a critical flaw in Unified CCMP and Unified CCDM [Pierluigi Paganini, Security Affairs]
- CVE-2021-20038..42: SonicWall SMA 100 Multiple Vulnerabilities [Jake Baines, Rapid7]
- KCodes NetUSB kernel remote code execution flaw impacts millions of devices [Charlie Osborne, ZDNet]
Breaches & Leaks:
- TransCredit exposed financial data of half a million Americans and Canadians [Waqas, HackRead]
- Cyberattack shuts down Albuquerque schools; county copes with ransomware incident [Jonathan Greig, ZDNet]
- Hot wallet hack: Hackers steal $18.7m from Animoca’s Lympo NTF platform [Waqas, HackRead]
Others:
- Admins report Hyper-V and domain controller issues after first Patch Tuesday of 2022 [Richard Speed, The Register]
- Kaspersky warns of ‘highly unusual’ spyware campaign [ITWeb]
- Teen hacker finds bug that lets him control 25+ Teslas remotely [Jonathan M. Gitlin, Ars Technica]

Infosec bits for week1/2022

Renier van Heerden

2022-01-07 19:35

Log4j
- Security warning New zero-day in the Log4j Java library is already being exploited [Danny Palmer, ZDNet]
- CVE-2021-44228 [Mitre.org]
- Log4Shell RCE 0-day exploit found in log4j 2, a popular Java logging package [Free Wortley et al, Lunasec]
- Open Source Foundations Must Work Together to Prevent the Next Log4Shell Scramble [Brian Behlendorf, Openssf]
Ransomware
- Shutterfly services disrupted by Conti ransomware attack [Lawrence Abrams, BleepingComputer]
- Iranian hackers behind Cox Media Group ransomware attack [Catalin Cimpanu, TheRecord]
- Second ransomware family exploiting Log4j spotted in U.S., Europe [Kyle Alspach, VentureBeat]
Other
- FlexBooker discloses data breach, over 3.7 million accounts impacted [Ionut Ilascu, BleepingComputer]
- Microsoft Exchange year 2022 bug in FIP-FS breaks email delivery [Lawrence Abrams, BleepingComputer]
- Japanese university loses 77TB of research data following a buggy software update [Humza Aamir, Techspot]

Infosec bits for week 50/21

Sicelo Ncekana

2021-12-17 12:17

Write your post here.

Cyber attacks
- Variant of Phorpiex botnet used for cryptocurrency attacks in Ethopia, Nigeria, India and more [Jonathan Greig, ZDNet]
- Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials [Ravie Lakshmanan, The hacker news]
- Pen Test Partners: Anyone could view Gumtree users’ GPS location by pressing F12 [Gareth Corfield, The register]
Vulnerabilities
- Latest Apple iOS Update Patches Remote Jailbreak Exploit for iPhones [Ravie Lakshmanan, The hacker news]
- Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges [Ravie Lakshmanan, The hacker news]
- Microsoft December 2021 Patch Tuesday: Zero-day exploited to spread Emotet malware [Charlie Osborne, ZDNet]
- Adobe addresses over 60 vulnerabilities in multiple products [Pierluigi Paganini, Security Affairs]
- Flaws in Lenovo laptops allow escalating to admin privileges [Pierluigi Paganini, Security Affairs]
Malware
- New Fileless Malware Uses Windows Registry as Storage to Evade Detection [Ravie Lakshmanan, The hacker news]
- Anubis Banking Trojan Resurfaces to Cripple Over 400 Financial Firms [Cyware, Cyware]
- PseudoManuscrypt, a mysterious massive cyber espionage campaign [Pierluigi Paganini, Security Affairs]

Infosec bits for week 49/21

Schalk Peach

2021-12-10 13:28

Ransomware
- Threat Actors Give Victim School District A Free Decryptor [DataBreaches.net]
- Emotet’s Back And It Isn’t Wasting Any Time [Pieter Arntz, MalwareBytes]
- The Worst And Most Notable Ransomware – A Quick Guide For Security Pros [CSO Online]
- US Military Hacking Unit Publicly Acknowledges Taking Offensive Action To Disrupt Ransomware Operations [Sean Lyngaas, CNN]
Exploits
- Windows 10 RCE – The exploit is in the link [Fabian Bräunlein, Lukas Euler, Positive Security]
Phishing
- Convincing Microsoft phishing uses fake Office 365 spam alerts [Sergui Gatlan, BleepingComputer]
- University Targeted Credential Phishing Campaigns Use COVID-19 Omicron Themes [Selena Larson And Jake G, Proofpoint]
Governance
- New Federal Government Cybersecurity Incident and Vulnerability Response Playbooks [CISA]
- CIS Control 01 – Inventory and Control of Enterprise Assets [Matthew Jerzewski, Tripwire]
Technical
- What are buffer overflow attacks and how are they thwarted? [Rene Holt, ESET WeLiveSecurity]
Education
- Adapting Higher Education To Address The Cybersecurity Skills Shortage [Helga Labus, HelpnetSecurity]

Infosec bits for week 48/21

Kgwadi Matenche

2021-12-03 11:44

Security News:
- Unpatched Microsoft Exchange Servers abused in new phishing campaign [Waqas, HackRead]
- FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangs [Lawrence Abrams, Bleeping Computer]
- Former Employee Accused of Being Behind Ubiquiti Hack [Eduard Kovacs, SecurityWeek]
Exploited Vulnerabilities:
- Microsoft Exchange servers hacked to deploy BlackByte ransomware [Bill Toulas, Bleeping Computer]
Email-Borne Threats:
- This stealthy malware delivers a ‘silent threat’ that wants to steal your passwords [Danny Palmer, ZDNet]
Malware:
- Researchers Flag 300K Banking Trojan Infections from Google Play in 4 Months [Becky Bracken, Threatpost]
- Emotet now spreads via fake Adobe Windows App Installer packages [Lawrence Abrams, Bleeping Computer]
- NginRAT – A stealth malware targets e-store hiding on Nginx servers [Pierluigi Paganini, Security Affairs]
Vulnerabilities & Patches:
- Unpatched Windows Zero-Day Allows Privileged File Access [Tara Seals, Threatpost]
- Critical Wormable Security Flaw Found in Several HP Printer Models [Ravie Lakshmanan, The Hacker News]
Breaches & Leaks:
- Panasonic discloses four-months-long data breach [Catalin Cimpanu, The Record]
- Ransomware attack shuts down Lewis & Clark Community College [Russell Kinsaul, KMOV4]
- DNA testing service data breach impacting 2.1 million users [Waqas, HackRead]
- Cyber-attack on Planned Parenthood [Sarah Coble, Infosecurity Magazine]]
Others:
- Behind the Man-in-the-Middle Attacks For Connected Cars: Real-Life Interception of Network Traffic Between Connected Car and Back-End Platforms [Medium]
- Microsoft Edge will now warn users about the dangers of downloading Google Chrome [Andrew Cunningham, Ars Technica]
- Microsoft Defender scares admins with Emotet false positives [Sergiu Gatlan,, Bleeping Computer]
- Russian Man Sentenced to 60 Months in Prison for Running ‘Bulletproof’ Hosting for Cybercrime [Dark Reading]

Infosec bits for week 47/21

Renier van Heerden

2021-11-26 12:04

Information
- A Third of All Dark Web Domains Are Now V3 Onion Sites [BeauHD, Slashdot]
- Attackers don’t bother brute-forcing long passwords, Microsoft engineer says [Catalin Cimpanu, TheRecord]
- New JavaScript malware works as a RAT dispenser [Catalin Cimpanu, TheRecord]
- Microsoft silently enables ‘Super Duper Secure Mode’ for Edge [Catalin Cimpanu, TheRecord]
Hacks
- New Windows zero-day with public exploit lets you become an admin [Lawrence Abrams, Bleepingcomputer]
- Is Microsoft Stealing People’s Bookmarks [Bruce Schneier, Schneier on Security]
- Rowhammer bit flips on all DRAM devices today despite deployed mitigations [Blacksmith, COMSEC is the computer security group]
- Linux has a serious security problem that once again enables DNS cache poisoning [Dan Goodin, Arstechnica]
- GoDaddy security breach exposes WordPress users’ data [Tiyashi Datta, Reuters]
Ransomware
- Russian Ransomware Gangs Might be Collaborating with Chinese Hackers [Heimdal Security., Dora Tudor]
- Industry’s first USD5m ransomware recovery warranty [VNQ Systems, ITWeb]
- Ransomware trends, statistics and facts in 2021 [Sean Michael Kerner, TechTarget]

Infosec bits for week 46/21

Sicelo Ncekana

2021-11-19 09:32

Infrastructure and Security architecture
- How to Improve Red Team Effectiveness using Obfuscation [Gordon Lawson, Security Week]
- How to Build a Security Awareness Training Program that Yields Measurable Results [The Hacker News, The Hacker News]
- Multi-cloud adoption will be strong in 2022 but key security gaps and challenges remain [Security Magazine, Security Magazine]
- Why mobile credentials should be part of your access control program [Charles Migabo, Security Magazine]
Bugs, Vulnerabilities and Patches
- Windows 11 issue with Intel audio drivers triggers blue screens [Sergiu Gatlan, Bleeping Computer]
- Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models [Ravie Lakshmanan, The hacker news]
- FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months [Lisa Vaas, Threat Post]
- Microsoft Patch Tuesday, November 2021 Edition [Krebs on Security, Krebs on Security]
- How Attackers Exploit the Remote Desktop Protocol [Koen Van Impe, Security Intelligence]
Others
- Over 10M Android Users Infected by GriftHorse Trojan [David Bisson, Security Intelligence]
- Phishers Leverage Bait Attacks to Harvest Personal Data [CISOMAG, CISOMAG]
- Ransomware Phishing Emails Sneak Through SEGs [The Cyber Post, The Cyber Post]
- Netflix and phish? Scammers target movie streamers [Vilius Petkauskas, Cyber News]

Infosec bits for week 45/21

Schalk Peach

2021-11-15 10:57

Good News
- INTERPOL-led operation takes down prolific cybercrime ring [Interpol]
- Criminal group dismantled after forcing victims to be money mules [Bill Toulas, Bleeping Computer]
Breaches
- Hoax Email Blast Abused Poor Coding in FBI Website [Krebs on Security]
- 40,000 U of T student emails targeted by phishing attempt [Lexey Burns, The Varsity]
Vulnerabilities and Patches
- Samba Releases Security Updates [US CERT]
- Zero-day bug in all Windows versions gets free unofficial patch [Sergiu Gatlan, Bleeping Computer]
- Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access [Ravie Lakshmanan, The Hacker News]

Infosec bits for week 44/21

Kgwadi Matenche

2021-11-05 12:03

Security News:
- Cybercrime News Technology GitLab servers are being exploited in DDoS attacks in excess of 1 Tbps [Catalin Cimpan, The Record]
- BlackMatter ransomware gang says it’s disbanding – again – after Ukraine arrests [Gareth Corfield, The Register]
- Police arrest hackers behind over 1,800 ransomware attacks [Bill Toulas, Bleeping Computer]
- Cybercriminals sell access to international shipping, logistics giants [Charlie Osborne, ZDNet]
Vulnerabilities & Patches:
- Linux Foundation Fixes ‘Dangerous’ Code Execution Kernel Bug [Ryan Naraine, SecurityWeek]
- Google Patches Android Zero-Day Exploited in Targeted Attacks [Eduard Kovacs, SecurityWeek]
- Cisco fixes hard-coded credentials and default SSH key issues [Sergiu Gatlan, Bleeping Computer]
Email-Borne Threats:
- Spooky Ransomware Steals Past SEGs in Under 15 Minutes [Harsh Patel & Zachary Bailey,Cofense]
- Phishing: Attackers Use DocuSign to Send Malicious Links [David Bisson, Security Intelligence]
Breaches & Leaks:
- N.L. health-care cyberattack is worst in Canadian history, says cybersecurity expert [CBC News]
- Hackers gained access to mySA Gov accounts, including licence and rego details [Campbell Kwan, ZDNet]
Others:
- US sanctions four companies selling hacking tools, including NSO Group & Candiru [Catalin Cimpanu, The Record]
- Widespread Security Risk Identified in Phones and Bluetooth Devices Approximately 40 percent of mobile phones may be compromised [Michelle Hampson, IEEE]
- Cybercriminals Take Aim at Connected Car Infrastructure [Robert Lemos, Dark Reading]
- Cyber criminals use Black Friday as bait to scam shoppers [Sibahle Malinga, ITWeb]
- Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware [Bill Toulas, Bleeping Computer]

Infosec bits for week 43/21

Renier van Heerden

2021-10-29 12:00

Ransomware:It’s a ‘golden era’ for cyber criminals – and it could get worse before it gets better [Danny Palmer |, ZDNet]
Industry group warns of coordinated DDoS extortion campaign against VoIP providers [Catalin Cimpanu, TheRecord]
Workers sent home after ransomware attack on major automotive parts manufacturer [Catalin Cimpanu, TheRecord]
FBI held back ransomware decryption key from businesses to run operation targeting hackers [Ellen Nakashima, Rachel Lerman, The WashingtonPost]
Grief Ransomware Targets NRA [Elizabeth Montalbano, Threadpost]
Suspected REvil Gang Insider Identified [Lisa Vaas, Threadpost]

Hacks
- Microsoft says Russia hacked at least 14 IT service providers this year [Catalin Cimpanu, TheRecord]
- Android smartphones infected with rare rooting malware [Catalin Cimpanu, TheRecord]
- Google unmasks two-year-old phishing and malware campaign targeting YouTube users [Catalin Cimpanu, TheRecord]
- A cyberattack paralyzed every gas station in Iran [Vahid Salemi, NPR]
- War-Driving Technique Allows Wi-Fi Password-Cracking at Scale [Tara Seals, Threadpost]
- All Windows versions impacted by new LPE zero-day vulnerabilit [Lawrence Abrams, BleepingComputer]
- Emergency Google Chrome update fixes zero-days used in attacks [Lawrence Abrams, BleepingComputer]Write your post here.