How Ransomware Threats Are Evolving & How to Spot Them
(Tuesday August 04, 2020)
NetWalker Ransomware Rakes in $29M Since March
(Tuesday August 04, 2020)
New Spin on a Longtime DNS Intel Tool
(Tuesday August 04, 2020)
6 Dangerous Defaults Attackers Love (and You Should Know)
(Tuesday August 04, 2020)
Default configurations can be massive vulnerabilities. Here are a half
dozen to check on for your network.
Newsletter WordPress Plugin Opens Door to Site Takeover
(Tuesday August 04, 2020)
Retooling the SOC for a Post-COVID World
(Tuesday August 04, 2020)
Residual work-from-home policies will require changes to security
policies, procedures, and technologies.
Link Lock: Password Protect URLs Using AES in the Browser
(Tuesday August 04, 2020)
MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle
(Tuesday August 04, 2020)
CISO Stressbusters: Post #4: 4 tips for running a highly effective security operation
(Tuesday August 04, 2020)
Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards
(Tuesday August 04, 2020)
Unauthenticated SSRF in Openfire Admin Console
(Tuesday August 04, 2020)
Written by Alexandr Shvetsov
2020
AUTHOR
Alexandr Shvetsov
Penetration Testing Expert
Openfire is a Jabber server supported by Ignite Realtime. It’s a
cross-platform Java application, which positions itself as a platform
for medium-sized enterprises to control internal communications and
make instant messaging easier.
I regularly see Openfire on penetration testing engagements, and most
of the time all interfaces of this system are exposed to an external
attacker, including the...
Writeup of an iCloud OAuth2 vulnerability that allowed account takeover
(Tuesday August 04, 2020)
Dangerous flaws found in Cisco, Microsoft, Citrix and IBM Among Many Others
(Tuesday August 04, 2020)
Google & Amazon Replace Apple as Phishers' Favorite Brands
(Tuesday August 04, 2020)
SQLMAP - Automatic SQL Injection Tool 1.4.8
(Tuesday August 04, 2020)
Documalis Free PDF Editor 5.7.2.26 / Documalis Free PDF Scanner 5.7.2.122 Buffer Overflow
(Tuesday August 04, 2020)
Gantt-Chart For Jira 5.5.4 Cross Site Scripting
(Tuesday August 04, 2020)
Gantt-Chart for Jira versions 5.5.4 and below suffer from a cross site
scripting vulnerability.
Twitter Could Face $250M FTC Fine Over Improper Data Use
(Tuesday August 04, 2020)
The potential FTC fine comes after Twitter last year acknowledged that
user emails and phone numbers were being used for targeted
advertising.
Gantt-Chart For Jira 5.5.3 Missing Privilege Check
(Tuesday August 04, 2020)
Gantt-Chart for Jira versions 5.5.3 and below misses a privilege check
which allows an attacker to read and write the module configuration
for other users.
These 10 IoT devices pose the biggest risk to your organisation
(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3247-01
(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3247-01 - The ovirt-engine package
provides the Red Hat Virtualization Manager, a centralized management
platform that allows system administrators to view and manage virtual
machines. Issues addressed include code execution and cross site
scripting vulnerabilities.
Red Hat Security Advisory 2020-3308-01
(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3306-01
(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3305-01
(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3303-01
(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3302-01
(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3302-01 - The python-pillow packages
contain a Python image processing library that provides extensive file
format support, an efficient internal representation, and powerful
image-processing capabilities. Issues addressed include an out of
bounds read vulnerability.
Red Hat Security Advisory 2020-3298-01
(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3298-01 - D-Bus is a system for sending
messages between applications. It is used both for the system-wide
message bus service, and as a per-user-login-session messaging
facility. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2020-3299-01
(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3299-01 - The python-pillow packages
contain a Python image processing library that provides extensive file
format support, an efficient internal representation, and powerful
image-processing capabilities. Issues addressed include an out of
bounds read vulnerability.
Red Hat Security Advisory 2020-3297-01
(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3297-01 - This is a kernel live patch
module which is automatically loaded by the RPM post-install script to
modify the code of a running kernel.
Ubuntu Security Notice USN-4298-2
(Tuesday August 04, 2020)
c-ares 1.16.0 Use-After-Free
(Tuesday August 04, 2020)
c-ares version 1.16.0 has an issue where ares_destroy() with pending
ares_getaddrinfo() leads to a use-after-free condition.
Mocha Telnet Lite For iOS 4.2 Denial Of Service
(Tuesday August 04, 2020)
Daily Expenses Management System 1.0 SQL Injection
(Tuesday August 04, 2020)
RTSP For iOS 1.0 Denial Of Service
(Tuesday August 04, 2020)
Pi-hole 4.3.2 Remote Code Execution
(Tuesday August 04, 2020)
70% of large businesses consider remote working a security hazards: The experts have their say
(Tuesday August 04, 2020)
A survey conducted by AT&T found that 70% of large businesses think
that their security posture is being damaged by remote working,
leaving them more vulnerable to cyberattack- This is what the experts
think. Remote working has made us all ask difficult questions of
ourselves. While the initial kneejerk decisions to deploy a remote
workforce […]
The post 70% of large businesses consider remote working a security
hazards: The experts have their say
[https://www.itsecurityguru.org/2020/08/04/70-of-large-businesses-consider-remote-working-a-security-hazards-the-experts-have-their-say/]
appea
Securing IoT as a Remote Workforce Strategy
(Tuesday August 04, 2020)
Users Advised to Reset Passwords After Zello Data Breach
(Tuesday August 04, 2020)
Zello, a popular push-to-talk app, has disclosed a data breach that
could have potentially allowed malicious actors to gain access to
users’ email addresses and hashed passwords. Zello boasts 140
million users worldwide, and facilitates real-time communications for
frontline workers, transportation services and friends. The app allows
people to use their phone as a walkie-talkie […]It’s Official: COVID-19 Creates a Larger Surface Area for Cyberattacks
(Tuesday August 04, 2020)
Ever since it was declared a global pandemic, experts have warned that
COVID-19 will put increased strain on security teams by creating more
variables and attack surfaces. Now, according to VMware Carbon Black,
it is official. Their most recent Global Incident Response Report,
revealed that COVID-19 continues to create a larger surface area for
cyberattacks. […]
The post It’s Official: COVID-19 Creates a Larger Surface Area for
Cyberattacks
[https://www.itsecurityguru.org/2020/08/04/its-official-covid-19-creates-a-larger-surface-area-for-cyberattacks/]
appeared first on IT Security Guru...
Apple Knocked Off Perch as Most Imitated Brand for Phishing Attacks
(Tuesday August 04, 2020)
Podcast: Learning to ‘Speak the Language’ of OT Security Teams
(Tuesday August 04, 2020)
Andrew Ginter, VP Industrial Security at Waterfall Security
Solutions, talks about the differing priorities between IT and OT
security teams as industrial control systems become connected.
GandCrab ransomware hacker arrested in Belarus
(Tuesday August 04, 2020)
FBI Warns of Rise in Online Shopping Scams
(Tuesday August 04, 2020)
The FBI’s latest Public Service Announcement warns Internet users
about a surge in online shopping scams. According to complaints
received by the bureau, more and more online shoppers are being
directed to fraudulent websites via social media and online search
engines. These bogus vendors are actually making the most of the
health crisis, social distancing […]Sifter 9.2
(Tuesday August 04, 2020)
Car Rental Management System 1.0 Remote Code Execution
(Tuesday August 04, 2020)
Interior Design Platform Confirms Data Breach after Data of 1.3 Million Users is Posted Online
(Tuesday August 04, 2020)
Havenly, the online interior design and home decorating platform has
disclosed a data breach after a data breach broker leaked 1.3 million
user records for free on a popular hacking forum. ShinyHunters, a
well-known seller of stolen data breach records, last month started
listing various company databases on the dark web. The trove of
combined […]Car Rental Management System 1.0 Cross Site Scripting
(Tuesday August 04, 2020)
Car Rental Management System version 1.0 suffers from a persistent
cross site scripting vulnerability.
Bracing for the security data explosion
(Tuesday August 04, 2020)
Intelligence is our first line of defense, and we must improve the
collection capabilities and analysis of intelligence to protect the
security of the United States and its allies. — (Insider Story)
9 container security tools, and why you need them
(Tuesday August 04, 2020)
The advent of containers has changed not only how applications are
deployed, but how IT shops do their daily business. Containers offer
many well-documented benefits that span the full breadth of a modern
IT department and the full lifecycle of applications. Securing
containers, however, requires a mix of specialized and traditional
security tools. We describe some of the most popular container
security tools below, but first let’s look at the security
challenges containers present.(Insider Story)
Deep Fake: Deep Trouble
(Tuesday August 04, 2020)
According to a new report from University College London (UCL), fake
audio or video content has been ranked as the most worrying use of
artificial intelligence in terms of its potential applications for
crime or terrorism. Deep fakes will most likely come to fruition on
social media as memes, however their future can be much […]
The post Deep Fake: Deep Trouble
[https://www.itsecurityguru.org/2020/08/04/deep-fake-deep-trouble/]
appeared first on IT Security Guru [https://www.itsecurityguru.org].
A Gentle Introduction to Hypervisor Memory Introspection - what it is and how you can use it to secure/monitor your VMs
(Tuesday August 04, 2020)
Hypervisor memory introspection (HVMI) has been around for quite some time now, and there are several open-source projects utilizing virtual-machine introspection (VMI), one way or another…
1 in 5 Businesses Would Consider Sabotaging a Competitor’s Online Business
(Tuesday August 04, 2020)
The digital era has brought a multitude of opportunities, and unique
challenges for businesses. Industrial espionage and sabotage has
always been a threat to corporations, but the digital age presents new
tools and weapons. Acts of online sabotage may involve discrediting a
business’s products/service with negative (and often fake) reviews,
as well as running a […]
The post 1 in 5 Businesses Would Consider Sabotaging a Competitor’s
Online Business
[https://www.itsecurityguru.org/2020/08/04/1-in-5-businesses-would-consider-sabotaging-a-competitors-online-business/]
appeared first on IT...
US Government Warns of a New Strain of Chinese 'Taidoor' Virus
(Tuesday August 04, 2020)
CTF WriteUp - Binary Exploitation [pwnable.tw] - Tcache Tear
(Tuesday August 04, 2020)
Technical analysis of Firefox "Browser Lock" bug CVE-2020-15654 and its predecessors
(Tuesday August 04, 2020)
11 Hot Startups to Watch at Black Hat USA
(Monday August 03, 2020)
A sneak peek at the up-and-coming organizations to check out on the
Black Hat USA virtual show floor.
Robocall Legal Advocate Leaks Customer Data
(Monday August 03, 2020)
FBI Warns on New E-Commerce Fraud
(Monday August 03, 2020)
DHS Urges 'Highest Priority' Attention on Old Chinese Malware Threat
(Monday August 03, 2020)
"Taidoor" is a remote access tool that has been used in numerous cyber
espionage campaigns since at least 2008.
TikTok: Logs, Logs , Logs
(Monday August 03, 2020)
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
(Monday August 03, 2020)
Certificate Transparency: a bird’s-eye view
(Monday August 03, 2020)
Certificate Transparency (CT) is a still-evolving technology for detecting incorrectly issued certificates on the web. It’s cool and interesting, but complicated. I’ve given talks about CT, I’ve worked on Chrome’s CT implementation, and I’m actively involved in tackling ongoing deployment challenges – even so, I still sometimes lose track of how the pieces fit together. I find it easy to forget how the system defends against particular attacks, or what the purpose of some particular mechanism is.
Google Updates Ad Policies to Counter Influence Campaigns, Extortion
(Monday August 03, 2020)
Starting Sept. 1, Google will crack down on misinformation, a lack of
transparency and the ability to amplify or circulate politically
influential content.
Why Data Ethics Is a Growing CISO Priority
(Monday August 03, 2020)
Netgear Won’t Patch 45 Router Models Vulnerable to Serious Flaw
(Monday August 03, 2020)
Almost two months after a high-severity flaw was disclosed - and seven
months after it was first reported - Netgear has yet to issue fixes
for 45 of its router models.
Omdia Cybersecurity Accelerator Analysts to Take Part in Black Hat USA 2020
(Monday August 03, 2020)
Analysts will participate in the Black Hat Briefings, taking place
Aug. 4-6, discussing cybersecurity research, offering exclusive video
presentations, and meeting with vendors and attendees.
Red Hat Security Advisory 2020-3285-01
(Monday August 03, 2020)
Red Hat Security Advisory 2020-3284-01
(Monday August 03, 2020)
Red Hat Security Advisory 2020-3286-01
(Monday August 03, 2020)
Garmin Pays Up to Evil Corp After Ransomware Attack — Reports
(Monday August 03, 2020)
Travel Management Firm CWT Pays $4.5M to Ransomware Attackers
(Monday August 03, 2020)
Microsoft Joins Open Source Security Foundation
(Monday August 03, 2020)
Russian Hackers Allegedly Behind Document Leak Preceding Britain’s 2019 Elections
(Monday August 03, 2020)
Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes
(Monday August 03, 2020)
With Black Hat USA 2020 kicking off this week, Erez Yalon with
Checkmarx talks about newly disclosed, critical vulnerabilities in
Meetup.com - and why they are the "holy grail" for attackers.
Dridex – From Word to Domain Dominance
(Monday August 03, 2020)
August 3, 2020
Are you familiar with the pyramid of pain
The idea is that to make life harder for attackers we need to push up
the pyramid in our defenses. If they have a playbook, then they will
keep using it until we break it.
We see a good example of this in our Dridex sample. We executed a
malicious Word doc in our honeypot which later elevated to multiple
Empire shells across the domain as well as additional Dridex
installations. The threat actors used well known tools, moved...
A Patriotic Solution to the Cybersecurity Skills Shortage
(Monday August 03, 2020)
Implementing Secure Biometric Authentication on Mobile Applications
(Monday August 03, 2020)
UK Finance Reveals Top 10 Covid-19 Scams to be on the Lookout For
(Monday August 03, 2020)
The last seven months have been a scary rollercoaster ride. On top of
COVID-19 becoming a global health crisis, and the ensuing economic and
political impact, cyber criminals are having a field day taking
advantage of the pandemic. From petty scams to full-on cyber-attacks,
the threat landscape has evolved to accommodate a wave of
coronavirus-related […]Meetup Critical Flaws Allow ‘Group’ Takeover, Payment Theft
(Monday August 03, 2020)
Researchers disclosed critical flaws in the popular Meetup service at
Black Hat USA 2020 this week, which could allow takeover of Meetup
"Groups."
A Pentesters Guide - Part 5 (Unmasking WAFs and Finding the Source) - NaviSec Delta
(Monday August 03, 2020)
In this article I am going to detail a non-exhaustive overview of bypassing WAFs by identifying a misconfigured underlying server.
COVID-19: Latest Security News & Commentary
(Monday August 03, 2020)
How Should I Securely Destroy/Discard My Devices?
(Monday August 03, 2020)
While it is possible to do data destruction in-house, doing it
correctly and at scale can be tedious.
Aged Care Operators in Australia Under Threat of Ransomware Attacks
(Monday August 03, 2020)
1.3 Million Havenly Accounts Leaked on Online
(Monday August 03, 2020)
Data Leak Reveals Higher Death Toll in Iran Than Initially Reported
(Monday August 03, 2020)
An anonymous source has recently revealed to the BBC that the number
of deaths in Iran from COVID-19 is actually triple that of Iran’s
government claims. While the health ministry had reported 14,405
deaths, the records appear to show up to 42,000 deaths. The data
leaked included details of daily admissions to hospitals across the
[…]
The post Data Leak Reveals Higher Death Toll in Iran Than Initially
Reported
[https://www.itsecurityguru.org/2020/08/03/data-leaks-reveal-higher-death-toll-in-iran-than-initially-reported/]
appeared first on IT Security Guru...
US DOJ Charges Three Young Men for Alleged Roles in July Twitter Hack
(Monday August 03, 2020)
Last week, the US Department of Justice (DOJ) charged three men for
their alleged roles in one of the largest Twitter breaches in history,
which led to the hijacking of 130 high-profile accounts of
politicians, celebrities and musicians. According to a Florida
affidavit, two Florida residents and one UK national were responsible
for the hack, […]PCI compliance: 4 steps to properly scope a PCI assessment
(Monday August 03, 2020)
Any organization that accepts, processes, stores or transmits payment
cards must show they’re compliant with the Payment Card Industry
Data Security Standard (), and to do that, the organization must
undergo an annual PCI assessment.(Insider Story)
