Infosec bits for week 40/21

Schalk Peach

2021-10-08 13:59

Vulnerabilities and Exploits
- Apache Releases HTTP Server version 2.4.51 to Address Vulnerabilities Under Exploitation [CISA]
- This new Android malware gets full control of your phone to steal passwords and info [Danny Palmer, ZDNet]
General
- Windows 11 is out. Is it any good for security? [Mark Stockley, MalwareBytes]
- Who scams the scammers? Meet the scambaiters [Amelia Tait, The Guardian]
Ransomware
- Think You Are Prepared for Ransomware? You’re Probably Not. [David Finger, CSO Online]
- Conti gang threatens to dump victim data if ransom negotiations leak to reporters [Catalin Cimpanu, The Record]
- Ransomware groups angry at other criminals for hijacking their ransoms [Rob Thubron, Ars Technica]
- Two ransomware operators arrested in Ukraine [Catalin Cimpanu, The Record]

Infosec bits for week 39/21

Kgwadi Matenche

2021-10-01 13:44

Vulnerabilities & Patches:
- SonicWall Patches Critical Vulnerability in SMA Appliances [Eduard Kovacs, SecurityWeek]
- Google pushes emergency Chrome update to fix two zero-days [Lawrence Abrams, Bleeping Computer]
- Trend Micro fixes a critical flaw in ServerProtec Solution, patch it now! [Pierluigi Paganini, Security Affairs]
- Jira Data Center user? Here’s a critical Ehcache vulnerability to spoil your day [Gareth Halfacree, The Register]
Security News:
- Thousands of University Wi-Fi Networks Expose Log-In Credentials [Elizabeth Montalbano, Threatpost]
- Salt Security Finds Widespread Elastic Stack API Security Vulnerability that Exposes Customer and System Data [Dark Reading]
- This dangerous mobile Trojan has stolen a fortune from over 10 million victims [Charlie Osborne, ZDNet]
- New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught [Ravie Lakshmanan, The Hacker News]
Malware:
- A wolf in sheep’s clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus [Vitor Ventura and Arnaud Zobec, Cisco Talos]
- FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor [Ramin Nafisi, Microsoft Threat Intelligence Center]
Breaches & Leaks:
- JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data [Lawrence Abrams, Bleeping Computer]
- Storybooks for children app FarFaria exposed data of 3M users [Waqas, HackRead]
Others:
- Xero, Slack suffer outages just as Let’s Encrypt root cert expiry downs other websites, services [Chris Williams, The Register]
- Endpoint Still a Prime Target for Attack [Dark Reading]
- Facebook open-sources internal tool used to detect security bugs in Android apps [Catalin Cimpanu, The Record]

Infosec bits for week 38/21

Kgwadi Matenche

2021-09-23 15:47

Security News:
- New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures [Ravie Lakshmanan, The Hacker News]
- Hundreds of Thousands of Credentials Leaked Due to Microsoft Exchange Protocol Flaw [Eduard Kovacs, SecurityWeek]
- Department of Justice hack — all backups gone and R33 million ransom demanded [Myles Illidge, MyBroadband]
Breaches & Leaks:
- Data of 106 Million Visitors to Thailand Breached [Sarah Coble, Infosecurity Magazine]
- African Bank debt collector hit by ransomware — client data exposed [MyBroadband]
Email-Borne Threats:
- Microsoft uncovers giant Phishing-as-a-Service operation [Catalin Cimpanu, The Record]
Vulnerabilities & Patches:
- VMware Warns of Ransomware-Friendly Bug in vCenter Server [Lisa Vaas, Threatpost]
- Mirai Botnet Actively Exploiting OMIGOD Flaw [Mihir Bagwe, Bank Info Security]
- New macOS zero-day bug lets attackers run commands remotely [Sergiu Gatlan, Bleeping Computer]
Others:
- Hackers leak LinkedIn 700 million data scrape [Catalin Cimpanu, The Record]
- Plugging the holes: How to prevent corporate data leaks in the cloud [Phil Muncaster, WeLiveSecurity]
- LG acquires Israeli automotive cybersecurity startup Cybellum [Cho Mu-Hyun, ]

Infosec bits for week 37/21

Renier van Heerden

2021-09-17 13:32

Ransomware
- Ransomware encrypts South Africa’s entire Dept of Justice network [Ionut Ilascu, Bleeping Computer]
- Free REvil ransomware master decrypter released for past victims [Lawrence Abrams, Bleeping Computer]
- Ransomware accounted for a quarter of all cyber insurance claims in Europe between 2016 and 2020 [Catalin Cimpanu, TheRecord]
- South Africa’s legal system on its knees after cyberattack [Jan Vermeulen, MyBroadband]
Hack
- New malware uses Windows Subsystem for Linux for stealthy attacks [Ionut Ilascu, Bleeping Computer]
- US fines former NSA employees who provided hacker-for-hire services to UAE [Catalin Cimpanu, TheRecord]
- New Go malware Capoae targets WordPress installs, Linux systems [Charlie Osborne, ZDNet]
- OWASP updates top 10 vulnerability ranking for first time since 2017 [Jonathan Greig, ZDNet]
Patch
- Update Chrome – major security flaws fixed [Myles Illidge, MyBroadband]
- Microsoft patches Office zero-day in today’s Patch Tuesday [Catalin Cimpanu, TheRecord]

Infosec bits for week 35/21

Schalk Peach

2021-09-03 11:48

Vulnerabilities
- Worst cloud vulnerability you can imagine’ discovered in Microsoft Azure [Jim Salter, Ars Technica]
- New BrakTooth Bluetooth vulnerabilities [Catalin Cimpanu, The Record]
- WhatsApp patches vulnerability related to image filter functionality [Jonathan Grieg, ZDNet]
Ransomware and Botnets
- Ransomware attacks on US schools and colleges cost $6.62bn in 2020 [Paul Bischoff, CompariTech]
- Mozi botnet authors arrested in China [Catalin Cimpanu, The Record]
- Phorpiex botnet shuts down, source code goes up for sale [Catalin Cimpanu, The Record]
General Tech
- Windows 11 will roll out from October 5 as Microsoft hypes new hardware [Tim Anderson, The Register]
Zero Trust
- Challenges organizations face when implementing zero trust architecture [Help Net Security]

Infosec bits for week 34/21

Kgwadi Matenche

2021-08-27 13:18

Security News:
- Microsoft Breaks Silence on Barrage of ProxyShell Attacks [Elizabeth Montalbano, Threatpost]
- Hackers Could Increase Medication Doses Through Infusion Pump Flaws [Lily Hay Newman, WIRED]
- Ragnarok ransomware releases master decryptor after shutdown [Ionut Ilascu, Bleeping Computer]
- Poly Network Recoups $610M Stolen from DeFi Platform [Becky Bracken, Threatpost]
- Biggest Linux security exploits revealed [Hanno Labuschagne, MyBroadband]
Email-Borne Threats:
- False Payment Promises Lead To Microsoft Credential Phish [Nathaniel Sagibanda, Cofense]
- Phishing campaign uses UPS.com XSS vuln to distribute malware [Lawrence Abrams, Bleeping Computer]
Vulnerabilities & Patches:
- F5 Releases Critical Security Patches for BIG-IP and BIG-IQ Devices [Ravie Lakshmanan, The Hacker News]
- VMware Patches High-Severity Vulnerabilities in vRealize Operations [Ionut Arghire, SecurityWeek]
- Cisco Security Advisories [Cisco]
- Atlassian warns of critical Confluence flaw [Simon Sharwood, The Register]
Others:
- Threat Modeling: Making the Right Moves [Doug Olenick, Bank Info Security]
- Ransomware gang’s script shows exactly the files they’re after [Lawrence Abrams, Bleeping Computer]
- Data breaches now cost SA firms 15% more per incident [ITWeb]
  - Cybercrime Losses Triple to £1.3bn in 1H 2021 [Phil Muncaster, Infosecurity Magazine]
- Nigerian Gang Asks for Insider Help to Plant Ransomware [Doug Olenick, Bank Info Security]

Infosec bits for week 33/21

Renier van Heerden

2021-08-20 09:51

Write your post here.

Ransomeware
- Ransomware gangs are working with Russian intelligence services, report says [Dan Patterson, CBS News]
- Transnet ransomware hackers did not get a single cent [Hanno Labuschagne, MyBroadband]
- Malware dev infects own PC and data ends up on intel platform [Ionut Ilascu, BleepingComputer]
- Healthcare provider expected to lose $106.8 million following ransomware attack [Catalin Cimpanu, The Record]
- How Ready Are You for a Ransomware Attack [Oliver Tavakoli, Threat Post]
Patch
- Linux glibc security fix created a nastier Linux bug [Steven J. Vaughan-Nichols, ZDNet]
- Firewalls and middleboxes can be weaponized for gigantic DDoS attacks [Catalin Cimpanu, The Record]
- HolesWarm Malware Exploits Unpatched Windows, Linux Servers [Becky Bracken, Threat Post]
- New unofficial Windows patch fixes more PetitPotam attack vectors [Lawrence Abrams, Bleeping Computer]
Private Issues
- Secret terrorist watchlist with 2 million records exposed online [Ax Sharma, BleepingComputer]
- Apple’s device surveillance plan is a threat to user privacy — and press freedom [Parker Higgins, Freedom of the Press]
- HolesWarm Malware Exploits Unpatched Windows, Linux Servers [Becky Bracken, Threat Post]

Infosec bits for week 32/21

Schalk Peach

2021-08-13 09:49

Breaches
- Data Breach at University of Kentucky [Sarah Coble, Infosecurity Magazine]
- Data Breach at Georgia Health System [Sarah Coble, Infosecurity Magazine]
Vulnerabilities
- Freshly Disclosed Vulnerability CVE-2021-20090 Exploited in the Wild [Mounir Hahad , Alex Burt, Juniper]
- Microsoft Patch Tuesday bug drought [Thomas Claburn, The Register]
Conference Season
- Security tools showcased at Black Hat USA 2021 [Catalin Cimpanu, The Record]
- Top Hacks from Black Hat and DEF CON 2021 [John Leyden, Port Swigger]
Ransomware
- Kaseya’s universal REvil decryption key leaked on a hacking forum [Lawrence Abrams, Bleeping Computer]
- LockBit Ransomware Wants to Hire Your Employees [Lior Div, Cybereason]
- Another big company hit by a ransomware attack [Brian Fung, CNN]
Other
- The logic behind three random words [Kate R, National Cyber Security Centre]
- Thief hands back at least a third of $600m in crypto-coins stolen from Poly Network [Katyanna Quach, The Register]

Infosec bits for week 31/21

Roderick Mooi

2021-08-06 15:12

General Security News
- Amazon and Google patch major bug in their DNS-as-a-Service platforms [Catalin Cimpanu, The Record]
- New Cobalt Strike bugs allow takedown of attackers’ servers [Sergiu Gatlan, Bleeping Computer]
  - See also: Hotcobalt – New Cobalt Strike DoS Vulnerability That Lets You Halt Operations
Awareness
- Supply chain attacks expected to multiply by 4 in 2021 [Help Net Security]
- Linux version of BlackMatter ransomware targets VMware ESXi servers [Lawrence Abrams, Bleeping Computer]
- Secrets and Lies: The Games Ransomware Attackers Play [Mathew J. Schwartz, Information Security Media Group]
Advice and Analysis
- Top Routinely Exploited Vulnerabilities [CISA et al., DHS]
- Securing Wireless Devices in Public Settings [NSA]
- Kubernetes Hardening Guidance, CISA release Kubernetes Hardening Guidance [CISA, NSA]
- Forensic Methodology Report: How to catch NSO Group’s Pegasus [Amnesty International]
Privacy
- Amazon Hit With $885 Million GDPR Fine [Doug Olenick, Information Security Media Group]
- ‘I’m Calling About Your Car Warranty’, aka PII Hijinx [Threatpost]
Professional Development
- Certification Program in IT Security [Trend Micro]
Interesting Stories
- Black Hat: This is how a naive NSA staffer helped build an offensive UAE security branch [Charlie Osborne, Zero Day]
- Bob had a bad night: IoT mischief in a capsule hotel takes neighborly revenge to the next level [Charlie Osborne, Zero Day]
- Charting the real-world application of CTFs [Black Lotus Labs, Lumen Technologies]

Infosec bits for week 30/21

Renier van Heerden

2021-07-30 09:30

Hack
- NPM Package Steals Passwords via Chrome’s Account-Recovery Tool [Lisa Vaas, Threatpost]
- Transnet declares force majeure at SA ports over cyber attack [Felix Njini and John Viljoen, News24]
Randsomeware
- Kaseya Obtains Universal Decryptor for REvil Ransomware [Tara Seals, Threatpost]
- Ransomware: Here’s how much victims have saved in ransom payments by using these free decryption tools [Danny Palmer, ZDNet]
- Transnet hit with Death Kitty ransomware [Bloomberg, MyBoadband]
Other
- When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure [Microsoft 365 Defender Threat Intelligence Team, Microsoft]
- A New Approach to Finding Cybersecurity Talent. A Conversation with Alan Paller [Kelvene Requiroso, eSecurityPlanet]
- Twitter handle swatter jailed after victim dies following home raid [Charlie Osborne, ZDNet]
- Here’s what that Google Drive security update message means [Ron Amadeo, Arstechnica]
Pegasus
- WhatsApp chief says government officials, US allies targeted by Pegasus spyware [Charlie Osborne, ZDNet]
- Check If Your Phone Is Infected With Pegasus Using MVT [Priye Rai, FossBytes]
- Israel begins investigation into NSO Group spyware abuse [Patrick Howell O’Neill, Technology Review]