Infosec bits for week 48/22

Sicelo Ncekana

2022-12-02 17:51

Security News
- Postbank loses over R18-million to cybercrime attacks in three months [Marecia Damons, Algoa FM]
- Samsung, LG, Mediatek certificates compromised to sign Android malware [Nitzan Yaakov, Aqua Blog]
- Web browsers drop mysterious company with ties to U.S. military contractor [Joseph Menn, The Washington Post]
- LastPass Suffers Another Security Breach; Exposed Some Customers Information [Ravie Lakshmanan, The Hacker News]
Phishing and Malware
- Vanuatu officials turn to phone books and typewriters, one month after cyber attack [Christopher Cottrell, Tech Guardian]
- Ransomware group may have stolen customer bank details from British water company [Alexander Martin, The Record]
- Samsung, LG, Mediatek certificates compromised to sign Android malware [Sergiu Gatlan, Bleeping Computer]
- Android malware infected 300,000 devices to steal Facebook accounts [Gandalf_The_Grey, Malware Tips]
- New DuckLogs malware service claims having thousands of ‘customers’ [Bill Toulas, Bleeping Computer]
Vulnerabilities & Patches
- CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs [Ravie Lakshmanan, The Hacker News]
- Tailscale VPN nodes vulnerable to DNS rebinding, RCE [Ben Dickson, The Daily Swing]
- Secret Network resolves network vulnerability following white hat disclosure [ZHIYUAN SUN, Cointelegraph]
- Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services [Ravie Lakshmanan, The Hacker News]
- Remote Code Execution Vulnerability Found in Windows Internet Key Exchange [Alessandro Mascellino, Info Security]

Infosec bits for week 47/22

Kgwadi Matenche

2022-11-25 15:06

Cybersecurity News:
- Interpol Seized $130 Million from Cybercriminals in Global “HAECHI-III” Crackdown Operation [Ravie Lakshmanan, The Hacker News]
Phishing:
- Phishing Attack Targets Microsoft Users Via HTML Attachment [Amy Griffiths, Cofense Phishing Defense Center]
Vulnerabilities & Patches:
- Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products [Ravie Lakshmanan, The Hacker News]
- Microsoft releases out-of-band update to fix Kerberos auth issues caused by a patch for CVE-2022-37966 [Pierluigi Paganini, Security Affairs]
- Google pushes emergency Chrome update to fix 8th zero-day in 2022 [Bill Toulas, Bleeping Computer]
Breaches & Leaks:
- Tata Power Attack Linked to Bug in Nearly 20-Year-Old Server [Mihir Bagwe, DataBreachToday]
- Daixin Ransomware Gang Steals 5 Million AirAsia Passengers’ and Employees’ Data [Ravie Lakshmanan, The Hacker News]
Malware:
- Backdoored Chrome extension installed by 200,000 Roblox players [Ax Sharma, Bleeping Computer]
Others:
- WhatsApp data leak: 500 million user records for sale [Jurgita Lapienytė, Cybernews]
- TikTok scrambling to avoid possible ban in the US [Bloomberg, MyBroadband]

Infosec bits for week 46/22

Heloise Meyer

2022-11-18 16:33

Cybersecurity News:
- DuckDuckGo launching anti-tracking tool for Android [Hanno Labuschagne, MyBroadband]
- Twitter source code indicates end-to-end encrypted DMs are coming [Bill Toulas, BleepingComputer]
Cyber Attacks:
- Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign [Ravie Lakshmanan, The Hacker News]
- Cyberattacks On U.S. Airport Websites Signal Growing Threat To Critical Infrastructure [Emil Sayegh, Forbes]
- Whoosh confirms data breach after hackers sell 7.2M user records [Bill Toulas, BleepingComputer]
- Iran-linked threat actors exploiting Log4Shell via unpatched VMware, feds warn [David Jones, Cybersecurity Dive]
Malware:
- Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide [Ravie Lakshmanan, The Hacker News]
- Researchers Sound Alarm on Dangerous BatLoader Malware Dropper [Jai Vijayan, Dark Reading]
- WASP malware stings Python developers [Jeff Burt, The Register]
- Android malware: A million people downloaded these malicious apps before they were finally removed from Google Play [Danny Palmer, ZDNet]
- Hackers are hiding malware in PNG files – Here’s what to watch for [Charlie Fripp, Komando]
Vulnerabilities:
- Remote Code Execution Vulnerabilities Found in F5 Products [Eduard Kovacs, Security Week]
Other:
- New Ransomware Data Is In: What’s Happening and How to Fight Back [Srinivas Mukkamala, Dark Reading]

Infosec bits for week 45/22

Renier van Heerden

2022-11-11 11:34

Attaks
- Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland [Ravie Lakshmanan, The Hacker News]
- AstraZeneca password lapse exposed patient data [Zack Whittaker, TechCrunch]
- Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File [Ravie Lakshmanan, The Hacker News]
- Several Cyber Attacks Observed Leveraging IPFS Decentralized Network [Ravie Lakshmanan, The Hacker News]
International
- Ukraine war, geopolitics fuelling cybersecurity attacks -EU agency [Foo Yun Chee, Reuters]
- Spymax RAT Targets Indian Defense Personnel [Cyfirma Team, Cyware]
- Twitter Security Chief Resigns as Musk Sparks Deep Concern [AFP, Security week]
- APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network [Ravie Lakshmanan, The Hacker News]
Security Guides
- NSA Releases Guidance on How to Protect Against Software Memory Safety Issues [Press Release, National Security Agency]
- Balancing Security Automation and the Human Element [Marc Solomon, Security week]
- Offense Gets the Glory, but Defense Wins the Game [Derek Manky, Security week]
Notewothy Patches
- Google Patches High-Severity Privilege Escalation Vulnerabilities in Android [Ionut Arghire, Security week]
- Microsoft Patches MotW Zero-Day Exploited for Malware Delivery [Eduard Kovacs, Security week]
- Intel, AMD Address Many Vulnerabilities With Patch Tuesday Advisories [Eduard Kovacs, Security week]

Infosec bits for week 44/22

Sicelo Ncekana

2022-11-04 13:55

Security News
- ALMA Suffers Cyberattack in Chile, Suspends Astronomical Observations [Swissinfo, Swissinfo]
- Cyber attacks on small firms The US economy’s Achilles heel BBC News [Nathalie Jimenez, Nathalie Jimenez]
- WhatsApp user? Change your settings now to stop cyber attacks [HT TECH, HT TECH]
- Analysts track gift cards to see how scammers use them in BEC attacks [Stephen Weigand, SC Media]
Phishing and Malware
- Black Basta Ransomware Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor [Antonio Cocomazzi and Antonio Pirozzi, Sentinel Labs]
- 130 Dropbox Code Repositories Compromised in a Sophisticated Phishing Campaign [Sumeet Wadhwani, Spiceworks]
- Bed, Bath & Beyond confirms data breach following employee phishing attack [Carly Page, TechCrunch]
- New Crimson Kingsnake gang impersonates law firms in BEC attacks [Bill Toulas, Bleeping Computer]
- Phishers Abuse Microsoft Voicemail Service to Trick Users [Phil Muncaster, Info Security]
- Emotet botnet starts blasting malware again after 4 month break [Lawrence Abrams, Bleeping Computer]
- These Four Android Apps On Google Play Exposed 1M Devices To Malware, Delete ASAP [Paul Lilly, HotHardware]
Vulnerabilities & Patches
- Urlscan.io API unwittingly leaks sensitive URLs, data [Charlie Osborne, The Daily Swing]
- SandStrike Strikes Andoid Users With Malicious VPN App [Cyware, Cyware]
- Vulnerability Patched in the Gatsby Cloud Image CDN [Mike Gualtieri, Gatsby]
- SQLite patches 22-year-old code execution, denial of service vulnerability [Charlie Osborne, The Daily Swing]
- Multi-factor auth fatigue is real – and it’s why you may be in the headlines next [Jeff Burt, The Register]

Infosec bits for week 43/22

Sicelo Ncekana

2022-10-28 15:05

Security News:
- Australian Health Insurer Medibank Suffers Breach Exposing 3.9 Million Customers’ Data [Ravie Lakshmanan, The Hacker News]
- Threat Actors Target AWS EC2 Workloads to Steal Credentials [Nitesh Surana, Thrend Micro]
Phishing and Malware
- CZ warns traders about phishing sites in CMC search [Cloud Wallet, Cloud Wallet]
- Phishing scammer Monkey Drainer has pilfered as much as $1M in ETH – Aitrades [Russell Martiniperez, Aitrades Blog]
- Twilio Reveals Further Security Breach [Phil Muncaster, Infosecurity]
- Hive claims ransomware attack on Tata Power, begins leaking data [Ax Sharma, Bleeping Computer]
- Vice Society Ransomware Campaigns Continue to Impact US Education Sector [OODA loop, OODA loop]
- Drinik Android malware now targets users of 18 Indian banks – Bleeping Computer [JN-66 Data Analytics, JN-66 Data Analytics]
- Microsoft SQL servers hacked in TargetCompany ransomware attacks [Bill Toulas, Bleeping Computer]
Vulnerabilities & Patches:
- Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability [Ravie Lakshmanan, The Hacker News]
- Hackers Actively Exploiting Cisco AnyConnect and GIGABYTE Drivers Vulnerabilities [Vulners, Vulners]
- Your Siri conversations may have been recorded without your permission [Fionna Agomuoh, Digital Trends]
- Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit [Jai Vijayan, Dark Reading]
- High-severity vulnerability in GitHub was susceptible to Repo Jacking [Steve Zurier, SC Media]

Infosec bits for week 42/22

Kgwadi Matenche

2022-10-21 14:55

Security News:
- Playing with fire: millions of .git folders exposed to public [Jurgita Lapienytė, Cybernews]
- Over 17000 Fortinet devices exposed online are very likely vulnerable to CVE-2022-40684 [Pierluigi Paganini, Security Affairs]
- Almost 900 servers hacked using Zimbra zero-day flaw [Bill Toulas, Bleeping Computer]
Breaches & Leaks:
- Microsoft Customer Data Exposed by Misconfigured Server [Dark Reading]
- New Data Leaks Add to Australia’s Data Security Reckoning [Jeremy Kirk, DataBreachToday]
Vulnerabilities & Patches:
- Oracle Releases 370 New Security Patches With October 2022 CPU [Ionut Arghire, Security Week]
- Researchers Keep a Wary Eye on Critical New Vulnerability in Apache Commons Text [Jai Vijayan, Dark Reading]
- Zoom for macOS Contains High-Risk Security Flaw [Ryan Naraine, Security Week]
Others:
- Car theft ring used software to steal hundreds of vehicles without the physical key fob, say police [Liam Tung, ZDNet]
- Hackney Council Ransomware Attack Cost £12m+ [Phil Muncaster, Infosecurity Magazine]
- Mango Markets Set to Pay $47M Bug Bounty to Hacker [Prajeet Nair, DataBreachToday]

Infosec bits for week 41/22

Heloise Meyer

2022-10-14 14:49

Cybersecurity News:
- Goodbye passwords — Google rolling out passkey support to Android and Chrome [Hanno Labuschagne, MyBroadband]
- Windows 11 Now Offers Automatic Phishing Protection [David Nield, Wired]
- Toyota Data Breach – Over 300,000 Customer Details Exposed [Guru, Cyber Security News]
Hacks:
- Hackers have stolen record $3 billion in cryptocurrency this year [Khristopher J Brooks, CBS News]
- Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization [Ravie Lakshmanan, The Hacker News]
Malware:
- Magniber ransomware now infects Windows users via JavaScript files [Bill Toulas, Bleeping Computer]
- QBot Malware Infects Over 800 Corporate Users in New, Ongoing Campaign [Ionut Arghire, Security Week]
Vulnerabilities & Patches:
- PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under Active Attacks [Ravie Lakshmanan, The Hacker News]
- WordPress Vulnerability In Shortcodes Ultimate Impacts 700,000 Sites [Roger Montti, Search Engine Journal]
- Aruba fixes critical RCE and auth bypass flaws in EdgeConnect [Bill Toulas, Bleeping Computer]
- Critical Remote Code Execution Vulnerability Found in vm2 Sandbox Library [Ionut Arghire, Security Week]
Other:
- Unofficial WhatsApp Android app caught stealing users’ accounts [Bill Toulas, Bleeping Computer]
- Hackers Using Vishing to Trick Victims into Installing Android Banking Malware [Ravie Lakshmanan, The Hacker News]

Infosec bits for week 40/22

Kgwadi Matenche

2022-10-10 08:07

Security News:
- LofyGang hackers built a credential-stealing enterprise on Discord, NPM [Bill Toulas, Bleeping Computer]
- CISA: Multiple APT Groups Infiltrate Defense Organization [Robert Lemos, Dark Reading]
Malware:
- Eternity Group Hackers Offering New LilithBot Malware-as-a-Service to Cybercriminals [Ravie Lakshmanan, The Hacker News]
Breaches & Leaks:
- Telstra Telecom discloses data breach impacting former and current employees [Pierluigi Paganini, Security Affairs]
- LA officials confirm ransomware group leaked students’ personal data [Jonathan Creig, The Record]
Vulnerabilities & Patches:
- Fortinet warns admins to patch critical auth bypass bug immediately [Sergiu Gatlan, Bleeping Computer]
- Microsoft updates guidance for ‘ProxyNotShell’ bugs after researchers get around mitigations [Jonathan Creig, The Record]
Others:
- Hackers Have It Out for Microsoft Email Defenses [Tara Seals, Dark Reading]
- Facebook users warned: You may have downloaded these password-stealing Android and iOS apps [Danny Palmer, ZDNet]
- Server with financial data “stolen” after R150 million looting controversy [Bradley Prior, MyBroadband]

Infosec bits for week 39/22

Maajied Moos

2022-09-30 09:19

Vulnerabilities and Malware:
- Adware on Google Play and Apple Store installed 13 million times [Bill Toulas, Bleeping Computer]
- Mass email campaign with a pinch of targeted spam [Roman Dedenok, Artem Ushkov, Secure List]
- New Erbium password-stealing malware spreads as game cracks, cheats [Bill Toulas, Bleeping Computer]
- Hackers use PowerPoint files for ‘mouseover’ malware delivery [Bill Toulas, Bleeping Computer]
- WhatsApp “zero-day exploit” news scare – what you need to know [Paul Ducklin, Naked Security]
- How Underground Groups Use Stolen Identities and Deepfakes [Vladimir Kropotov, Fyodor Yarochkin, Craig Gibson, Stephen Hilt, Trend Micro]
- Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems [Ravie Lakshmanan, The Hacker News]
Hacks:
- Hackers Leak French Hospital Patient Data in Ransom Fight [AFP, Security Week]
- Hacker Breaches Fast Company Apple News Account, Sends Racist Messages [Alessandro Mascellino, Info Security]
Other:
- Major Database Security Threats & How You Can Prevent Them [Isla Sibanda, Tripwire]
- The various ways ransomware impacts your organization [Help Net Security, Help Net Security]