Infosec bits for week 15/21

Renier van Heerden

2021-04-16 09:25

Facebook News
- 14.3 million South Africa Facebook users hit by data leak – check if you are affected [Hanno Labuschagne, MyBroadband]
- Singapore’s most expensive Facebook link [Kirsten Han, Rest of the World]
Patch News
- Microsoft Patch Tuesday, April 2021 Edition [Brian Krebs, Krebs on Security]
- April Microsoft Security Patches Released, Bringing More Critical Exchange Server Fixes [Kurt Mackie, Redmondmag]
- Git.PHP.net Not Compromised in Supply Chain Attack, but User Database Leak Possible [Nikita Popov, Inside Dev]
- Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers [Danny Palmer, ZDNet]
- SAP fixes critical bugs in Business Client, Commerce, and NetWeaver [Ionut Ilascu, Bleeping Computer]
- Exploit for Second Unpatched Chromium Flaw Made Public Just After First Is Patched [Eduard Kovacs, Security Week]
Hacks
- Iran calls Natanz atomic site blackout nuclear terrorism [Jon Gambrell, AP News]
- Microsoft Teams And Zoom Hacked In $1 Million Competition [Thomas Brewster, Forbes]
- Personal data of 1.3m Clubhouse users leaked online after LinkedIn and Facebook also suffered data breaches [Katie Canales, Business Insider]
- Isreal may have destroyed Iranian centrifuges simply by cutting power [Kim Zetter, The Intercept]
- NAME:WRECK vulnerabilities impact millions of smart and industrial devices [Catalin Cimpanu, The Record]
- US government confirms Russian SVR behind the SolarWinds hack [Ionut Ilascu, Bleeping Computer]
Other
- Sudden New Warning Will Surprise Millions Of WhatsApp Users [Zak Doffman, Forbes]
- NSA: Top 5 vulnerabilities actively abused by Russian govt hackers [Lawrence Abrams, Bleeping Computer]
- University of Hertfordshire pulls the plug on, well, everything after cyber attack [Richard Speed, The Register]
- Ransomware Attack Creates Cheese Shortages in Netherlands [Becky Bracken, Threat Post]

Infosec bits for week 14/21

Roderick Mooi

2021-04-09 09:54

Education Sector
- Ransomware group targets universities in Maryland, California in new data leaks [Charlie Osborne, Zero Day]
- Harris Federation hit by ransomware attack affecting 50 schools [Sergiu Gatlan, Bleeping Computer]
- Conti ransomware gang hits Broward County Schools with $40M demand [Steve Zurier, SC Media / CyberRisk Alliance]
- Attackers Conducting Cryptojacking Operation Against U.S. Education Organizations [Ken Hsu, Vaibhav Singhal and Zhibin Zhang, Palo Alto Unit 42]
Vulnerabilities / hacking news
- Vulnerability: Est. Millions of Users of Popular Educational Platform Exposed to Account Takeover Threats And More [Chase William, WizCase]
- Windows 10 hacked again at Pwn2Own, Chrome and Zoom also fall [Sergiu Gatlan, Bleeping Computer]
Breaches
- Does data stolen in a data breach expire? [Tony Anscombe, WeLiveSecurity / ESET]
- Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof [CyberNews Team, CyberNews]
Other
- Gamifying machine learning for stronger security and AI models [Microsoft 365 Defender Research Team, Microsoft]
- Library Dependencies and the Open Source Supply Chain Nightmare [Kevin Townsend, SecurityWeek / Wired Business Media]
- Nation States, Cyberconflict and the Web of Profit [Alex Holland, HP]

Infosec bits for week 12/21

Kgwadi Matenche

2021-03-26 13:33

Vulnerabilities & Patches:
- OpenSSL 1.1.1k Patches Two High-Severity Vulnerabilities [Eduard Kovacs, SecurityWeek]
- RCE flaw in Apache OFBiz could allow to take over the ERP system [Pierluigi Paganini, Security Affairs]
- New Zoom Screen-Sharing Bug Lets Other Users Access Restricted Apps [Ravie Lakshmanan, The Hacker News]
- Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online [Ravie Lakshmanan, The Hacker News]
- Cisco addresses critical bug in Windows, macOS Jabber clients [Sergiu Gatlan, Bleeping Computer]
Breaches:
- Ransomware gang leaks data stolen from Colorado, Miami universities [Lawrence Abrams, Bleeping Computer]
- Ministry of Defence academy hit by state-sponsored hackers [Pierluigi Paganini, Security Affairs]
- Computer giant Acer hit by $50 million ransomware attack [Lawrence Abrams, Bleeping Computer]
News:
- Standard Bank blocks spoofed Web sites, millions of e-mails [Sibahle Malinga, ITWeb]
- Microsoft: Ongoing, Expanding Campaign Bypassing Phishing Protections [Ionut Arghire, SecurityWeek]
- PPS works to restore full functionality after cyber attack [Simnikiwe Mzekandaba, ITWeb]
- Russian Pleads Guilty in Tesla Hacking Scheme [Scott Ferguson, BankInfoSecurity]
Others:
- New Windows 10 emergency updates fix remaining printing issues [Lawrence Abrams, Bleeping Computer]
- Can We Stop Pretending SMS Is Secure Now? [Brian Krebs, Krebs on Security]
- Microsoft Defender adds automatic Exchange ProxyLogon mitigation [Sergiu Gatlan, Bleeping Computer]
- Purple Fox Rootkit Now Propagates as a Worm [Amit Serper, Guardicore]

Infosec bits for week 11/21

Schalk Peach

2021-03-19 11:10

Data Leaks (NOT Breaches)
- Utah Company Stored Passport Scans on Unsecured Server [Sarah Coble, InfoSecurity Magazine]
Microsoft Exchange
- Updates on Microsoft Exchange Server Vulnerabilities [US CERT]
- Microsoft releases one-click mitigation tool for Exchange Server hacks [Charlie Osborne, ZDNet]
Education
- FBI warns of escalating Pysa ransomware attacks on education orgs [Sergiu Gatlan, Bleeping Computer]
The SPECTRE Returns
- A Spectre proof-of-concept for a Spectre-proof web [Google Security Blog]
More Solarwinds Fallout
- Mimecast Update: SolarWinds Hackers Stole Source Code [Akshaya Asokan, BankInfoSecurity]
Business Security Featurette – Business Email Compromise
- BEC Attacks: What They Are and How to Protect Yourself [WestStar Bank]
- Business Email Compromise [TrendMicro]
- How to Recognize a Business Email Compromise Attack [Joan Goodchild, SecurityIntelligence]
International Regulation News
- California Passes New Regulation Banning “Dark Patterns” Under Landmark Privacy Law [Brianna Provenzano, Gizmodo]
- Spanish Data Protection Agency Issues Highest Ever Fine [Sarah Coble, Infosecurity Magazine]
Other Things
- Fintech Giant Fiserv Used Unclaimed Domain [Krebs on Security]
- OVH Data Center Fire Impacts Cyber-criminals [Sarah Coble, Infosecurity Magazine]
- Critical RCE Flaw Reported in MyBB Forum Software—Patch Your Sites [Ravie Lakshmanan, The Hackers News]

Infosec bits for week 10-21

Roderick Mooi

2021-03-12 09:54

University of the Highlands and Islands shuts down campuses as it deals with ‘ongoing cyber incident’ [Gareth Corfield, The Register]
- See also: University ‘hacks’ as a justification to include the sector in Critical Infrastructure Bill
Microsoft Patch Tuesday, March 2021 Edition [Brain Krebs, Krebs on Security]
Realistic Patch Management Tips, Post-SolarWinds [Sara Peters, Dark Reading / Informa]
Security baseline (FINAL) for Windows 10 and Windows Server, version 20H2 [Rick Munck, Microsoft]
- See also: Windows security baselines
Combating Risk Negligence Using Cybersecurity Culture [Hunter Sekara, Tripwire / SiloSmashers]
Google is done with cookies, but that doesn’t mean it’s done tracking you [Sara Morrison, Vox Media]
Microsoft’s MSERT tool now finds web shells from Exchange Server attacks [Lawrence Abrams, Bleeping Computer]
5 Lessons Learned from the Largest Third-Party Breaches in 2020 [Black Kite]
Linux Foundation unveils Sigstore — a Let’s Encrypt for code signing [Lawrence Abrams, Bleeping Computer]
Whitelist Me, Maybe? “Netbounce” Threat Actor Tries A Bold Approach To Evade Detection [Rotem Kerner, Fortinet]

Infosec bits for week 09/21

Renier van Heerden

2021-03-04 19:22

The Human Factor
- Offboarding: A Checklist for Safely Closing an Employee’s Digital Doors [Sue Poremba, SecurityIntelligence]
- Hackers exploit websites to give them excellent SEO before deploying malware [Charlie Osborne, ZDNet]
Vulnerabilities and Leaks
- Working Windows and Linux Spectre exploits found on VirusTotal [Sergiu Gatlan, BleepingComputer]
- Far-Right Platform Gab Has Been Hacked—Including Private Data [Andy Greenberg, Wired]
- First Fully Weaponized Spectre Exploit Discovered Online [Catalin Cimpanu, The Record]
- Unprotected Private Key Allows Remote Hacking of Rockwell Controllers [Eduard Kovacs, Security Week]
- Exclusive: Flaws in Zoom’s Keybase App Kept Chat Images From Being Deleted [Paul Roberts, The Security Ledger]
Ransomware (But it used to be a great plugin)
- Attackers Turn Struggling Software Projects Into Trojan Horses [Robert Lemos, DARKReading]
- Is Your Browser Extension a Botnet Backdoor? [Krebs on Security]
SolarWinds
- Microsoft Releases Free Tool for Hunting SolarWinds Malware [Kelly Jackson Higgins, DARKReading]
- Intern caused solarwinds123 password leak, former SolarWinds CEO says [Pierluigi Paganini, SecurityAffairs]
Eduction and Research
- FBI Investigating Michigan School District Hack [Sarah Coble, Infosecurity Magazine]
- Oxford University lab with COVID-19 research links targeted by hackers [Charlie Osborne, ZDNet]
Other
- Security, Privacy Issues Found in Tens of COVID-19 Contact Tracing Apps [Ionut Arghire, Security Week]
- Social network Gab hacked, hit with $500,000 ransom demand [Carrie Mihalcik, CNet]
- NSA Releases Guidance on Zero Trust Security Model [US CERT]

Infosec bits for week 08/21

Kgwadi Matenche

2021-02-26 13:57

Vulnerabilities & Patches
- Google Discloses Details of Remote Code Execution Vulnerability in Windows [Eduard Kovacs, Security Week]
- Hackers Scanning for VMware vCenter Servers Affected by Critical Vulnerability [Eduard Kovacs, Security Week]
- VMware ESXi and vCenter Server updates address multiple security vulnerabilities [VMware]
- Cisco Patches Severe Flaws in Network Management Products, Switches [Ionut Arghire, Security Week]
- Python programming language hurries out update to tackle remote code vulnerability [Liam Tung, ZDNet]
- Bitter APT Enhances Its Capabilities With Windows Kernel Zero-day Exploit [Cybleinc, Cyble]
Breaches
- Rain hit by security breach [MyBroadband]
- Kia Motors America suffers ransomware attack, $20 million ransom [Lawrence Abrams, Bleeping Computer]
- Dutch Research Council (NWO) confirms ransomware attack, data leak [Ionut Ilascu, Bleeping Computer]
- Lakehead University Shuts Down Campuses and Computers After Cyberattack [Alina Bizga, Bitdefender]
News
- Protecting Against Vaccine-Themed Attacks and Misinformation [Laurence Pitt, Security Week]
- Microsoft open sources CodeQL queries used to hunt for Solorigate activity [Microsoft]
- NASA and the FAA were also breached by the SolarWinds hackers [Sergiu Gatlan, Bleeping Computer]
- North Korean hackers target defense industry with custom malware [Sergiu Gatlan, Bleeping Computer]
Fraud & Leaks
- How $100M in Jobless Claims Went to Inmates [Brian Krebs, Krebs on Security]
- Medical Data of 500,000 French Residents Leaked Online [Sarah Coble, Info Security Group]
Others
- Intel wireless driver updates fix Windows 10 blue screen issues [Sergiu Gatlan, Bleeping Computer]
- Ransomware Attacks Double Against Global Universities [Phil Muncaster, Info Security Group]
- Truecaller violates South Africa’s new privacy laws – Legal experts [Hanno Labuschagne, MyBroadband]

Infosec bits for week 07/21

Renier van Heerden

2021-02-19 09:54

More Solarwinds News
- SolarWinds hack was ‘largest and most sophisticated attack’ ever: Microsoft president [Brad Heath, Reuters]
- Microsoft says SolarWinds hackers stole source code for 3 products [Dan Goodin, Ars Tech]
- Microsoft admits some Azure, Exchange, Intune source code snaffled in SolarWinds schemozzle [Simon Sharwood, The Register]
- Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack [Simon Sharwood, The Register]
Exploits/ Patches
- Half of Apps Contain at Least One Serious Exploitable Vulnerability [James Coker, Info Security Group]
- Exploit Details Emerge for Unpatched Microsoft Bug [Tara Seals, Threat Post]
- Mac Malware Targets Apple’s In-House M1 Processor [Lindsey O’Donnell, Threat Post]
- Three New Vulnerabilities Patched in OpenSSL [Eduard Kovacs, Security Week]
- Agent Tesla hidden in a historical anti-malware tool [Jan Kopriva, ISC InfoSec Handlers Diary Blog]
- Microsoft starts removing Flash from Windows devices via new KB4577586 update [Catalin Cimpanu, ]
Compromises
- Yandex said it caught an employee selling access to users’ inboxes [Catalin Cimpanu, ZDNet]
- New type of supply-chain attack hit Apple, Microsoft and 33 other companies [Dan Goodin, Ars Tech]
- Fake Amazon reviews still sold in bulk—it costs $10,900 for 1,000 reviews. [Jon Brodkin, Ars Tech]
- Owner of app that hijacked millions of devices with one update exposes buy-to-infect scam [Charlie Osborne, ZDNet]
- Windows and Linux servers targeted by new WatchDog botnet for almost two years [Catalin Cimpanu, ZDNet]
- WebKit Zero-Day Vulnerability Exploited in Malvertising Operation [Eduard Kovacs, Security Week]

Infosec bits for week 06/21

Roderick Mooi

2021-02-12 13:51

Higher Education
- SU data breach exposes nearly 10,000 names, Social Security numbers [Michael Sessa, The Daily Orange]
  - See also: Personal information of CU students, employees may have been compromised in cyberattack
Critical Infrastructure
- What’s most interesting about the Florida water system hack? That we heard about it at all. [Krebs on Security]
  - See also: Breached water plant employees used the same TeamViewer password and no firewall
- Eletrobras, Copel energy companies hit by ransomware attacks [Ionut Ilascu, Bleeping Computer]
Suppy Chain
- Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies [Alex Birsan, Medium]
Cloud
- Secure Service Configuration in AWS, Azure, & GCP [Brandon Evans & Eric Johnson, SANS Institute]
  - See also: Multiple Clouds Require Multiple Solutions: AWS, Azure, & GCP – SANS @Mic
Patch Tuesday
- Microsoft February 2021 Patch Tuesday fixes 56 flaws, 1 zero-day [Lawrence Abrams, Bleeping Computer]
- Swarm of Palo Alto PAN-OS vulnerabilities [Mikhail Klyuchnikov and Nikita Abramov, PT SWARM / Positive Technologies Offensive Team]
Other
- CD Projekt Red refuses to negotiate with hackers who stole Witcher 3 and Cyberpunk 2077 source code [Darryn Bonthuys, Critical Hits]
- Police seize $60 million of bitcoin! Now, where’s the password? [John O’Donnell, Reuters]
- Web shell attacks continue to rise [Microsoft]
- That Slack email you just got asking to reset your password is legit, not a scam [Ryne Hager, Android Police]
- Ransomware Attackers Set Their Sights on SaaS [Kelly Sheridan, Dark Reading / Informa Tech]
- Instagram Unmasks High Profile ‘OG’ Account Stealers, Threatens to Sue [Joseph Cox, Motherboard by Vice]

Infosec bits for week 05/21

Schalk Peach

2021-02-05 11:45

Ransomware Evolution
- FonixCrypter ransomware gang releases master decryption key [Catalin Cimpanu, ZDNet]
Supply Chain Concerns
- A New Software Supply‑Chain Attack Targeted Millions With Spyware [Ravie Lakshmanan, The Hacker News]
- Hacker group inserted malware in NoxPlayer Android emulator [Catalin Cimpanu, ZDNet]
- Security firm Stormshield discloses data breach, theft of source code [Catalin Cimpanu, ZDNet]
SolarWinds Saga
- CISA Says Many Victims of SolarWinds Hackers Had No Direct Link to SolarWinds [ROOTDAEMON]
- 30% of “SolarWinds hack” victims didn’t actually use SolarWinds [Jim Salter, Ars Technica]
- Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities [Martin Rakhmanov, TrustWave]
- 3 New Severe Security Vulnerabilities Found In SolarWinds Software [Ravie Lakshmanan, The Hacker News]
Bugs and Exploits
- Severe bug in Libgcrypt – used by GPG and others – is a whole heap of trouble, prompts patch scramble [Thomas Claburn, The Register]
- SonicWall zero-day exploited in the wild [Catalin Cimpanu, ZDNet]
- Industrial Gear at Risk from Fuji Code-Execution Bugs [Tara Seals, ThreatPost]
- Google patches an actively exploited Chrome zero-day [Catalin Cimpanu, ZDNet]
- Malicious Chrome and Edge add-ons had a novel way to hide on 3 million devices [Dan Goodin, Ars Technica]
Further Reading
- Flash is dead—but South Africa didn’t get the memo [Jim Salter, Ars Technica]
- Top 10 most exploited vulnerabilities from 2020 [Zeljka Zorz, HelpNetSecurity]