(Saturday March 06, 2021)
I got many requests after my last tweet on the discovery of a backdoored Electrum wallet, that was notarized by Apple ! The requests were about how I was able to extract the python sourcecode from a…
(Saturday March 06, 2021)
Microsoft initially said the hacks had been "limited and targeted
attacks" but as the malware continues to spread, US officials confirm
fears there are tens of thousands of organisations affected.
(Friday March 05, 2021)
Microsoft previously blogged our strong recommendation that customers
upgrade their on-premises Exchange environments to the latest
supported version. For customers that are not able to quickly apply
updates, we are providing the following alternative mitigation
techniques to help Microsoft Exchange customers who need more time to
patch their deployments and are willing to make risk …
Microsoft Exchange Server Vulnerabilities Mitigations – March 2021
Read More »
[https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/]
(Friday March 05, 2021)
Mandiant researchers identify a range of victims affected in attacks
targeting newly reported Microsoft Exchange Server vulnerabilities.
(Friday March 05, 2021)
At least 30,000 organizations across the United States -- including a
significant number of small businesses, towns, cities and local
governments -- have over the past few days been hacked by an unusually
aggressive Chinese cyber espionage unit that's focused on stealing
email from victim organizations, multiple sources tell
KrebsOnSecurity. The espionage group is exploiting four
newly-discovered flaws in Microsoft Exchange Server email software,
and has seeded hundreds of thousands of victim organizations worldwide
with tools that give the attackers total, remote control over...
(Friday March 05, 2021)
The lack of cybersecurity requirements in weapons contracts from the
Department of Defense opens the door for dangerous cyberattacks.
(Friday March 05, 2021)
Rob Lefferts, corporate vice president for Microsoft 365 Security in
Security and Compliance, explains the company's approach to keeping
its customers and the industry apprised and updated on its findings
from the now-infamous attack.
(Friday March 05, 2021)
Website admins should patch all plugins, WordPress itself and back-end
servers as soon as possible.
(Friday March 05, 2021)
These common human traits are the basic ingredients in the con-man's
recipe for trickery.
(Friday March 05, 2021)
The cyberattack on SITA, a nearly ubiquitous airline service provider,
has compromised frequent-flyer data across many carriers.
(Friday March 05, 2021)
Patch management and testing are different, exactly the same, and
completely out of hand. Here are tips from the experts on how to
wrangle patches in a time of malicious software updates.
(Friday March 05, 2021)
On International Women's Day 2021, gender diversity has improved in
cybersecurity, but there is still a long way to go.
(Friday March 05, 2021)
EFF worries that the Google's ‘privacy-first” vision for the
future may pose new privacy risks.
(Friday March 05, 2021)
Malaysia Airlines has notified its frequent flyer members of a
security incident via a third-party IT service provider. According to
an email sent to Enrich members on Monday 1 March, the airline advised
that the incident took place over a nine-year period between March
2010 and June 2019. They did not, however, disclose the number […]
The post Malaysia and Singapore Airlines Breached in Third Party Hacks
[https://www.itsecurityguru.org/2021/03/05/malaysia-and-singapore-airlines-breached-in-third-party-hacks/]
appeared first on IT Security Guru [https://www.itsecurityguru.org].
(Friday March 05, 2021)

Cybersecurity researchers on Thursday disclosed two distinct design
and implementation flaws in Apple's crowdsourced Bluetooth location
tracking system that can lead to a location correlation attack and
unauthorized access to the location history of the past seven days,
thereby by deanonymizing users. The findings are a consequence of an
exhaustive review undertaken by the Open Wireless Link (
(Friday March 05, 2021)
A new variant of the Gafgyt botnet - that's actively targeting
vulnerable D-Link and Internet of Things devices - is the first
variant of the malware to rely on Tor communications, researchers say.
(Friday March 05, 2021)
This Metasploit module exploits an overflow in the Windows Routing and
Remote Access Service (RRAS) to execute code as SYSTEM. The RRAS
DCERPC endpoint is accessible to unauthenticated users via SMBv1
browser named pipe on Windows Server 2003 and Windows XP hosts;
however, this module targets Windows Server 2003 only. Since the
service is hosted inside svchost.exe, a failed exploit attempt can
cause other system services to fail as well.
(Friday March 05, 2021)

In what's a case of hackers getting hacked, a prominent underground
online criminal forum by the name of Maza has been compromised by
unknown attackers, making it the fourth forum to have been breached
since the start of the year. The intrusion is said to have occurred on
March 3, with information about the forum members — including
usernames, email addresses, and hashed passwords — publicly
(Friday March 05, 2021)
When Asterisk sends a re-invite initiating T.38 faxing and the
endpoint responds with a m=image line and zero port, a crash will
occur in Asterisk. This is a re-occurrence of AST-2019-004.
(Friday March 05, 2021)
Ubuntu Security Notice 4757-2 - USN-4757-1 fixed a vulnerability in
wpa_supplicant and hostapd. This update provides the corresponding
update for Ubuntu 14.04 ESM. It was discovered that wpa_supplicant did
not properly handle P2P provision discovery requests in some
situations. A physically proximate attacker could use this to cause a
denial of service or possibly execute arbitrary code. Various other
issues were also addressed.
(Friday March 05, 2021)
Red Hat Security Advisory 2021-0736-01 - IBM Java SE version 8
includes the IBM Java Runtime Environment and the IBM Java Software
Development Kit. This update upgrades IBM Java SE 8 to version 8
SR6-FP25. Issues addressed include buffer overflow and bypass
vulnerabilities.
(Friday March 05, 2021)
Fluig versions 1.7.0-210217 and below suffer from a path traversal
vulnerability.
(Friday March 05, 2021)
Red Hat Security Advisory 2021-0735-01 - Node.js is a software
development platform for building fast and scalable network
applications in the JavaScript programming language. Issues addressed
include denial of service and resource exhaustion vulnerabilities.
(Friday March 05, 2021)
Red Hat Security Advisory 2021-0734-01 - Node.js is a software
development platform for building fast and scalable network
applications in the JavaScript programming language. Issues addressed
include denial of service and resource exhaustion vulnerabilities.
(Friday March 05, 2021)
CatDV version 9.2 RMI authentication bypass exploit.
(Friday March 05, 2021)
If you haven't already, it's time to build trust relationships with
your financial institutions, using strong security, privacy
protections and secure, unique user credentials.
(Friday March 05, 2021)
Imperva’s Directors of Technology in the Office of the CTO, Brian
Anderson and Craig Burlingame, recently conducted an informal
education session titled Creating a Security Super Bowl Dynasty. In
this presentation, they used examples of how teams create consistent,
sustainable success in American football to help teams of security
professionals gain some insight into how […]
The post Anatomy of a Security Super Bowl Dynasty, Part 2: The Offense
[https://www.imperva.com/blog/anatomy-of-a-security-super-bowl-dynasty-part-2-the-offense/]
appeared first on Blog...
(Friday March 05, 2021)
This is a brief whitepaper that goes over some tooling that can be of
assistance while performing reconnaissance against a web application
prior to attack.
(Friday March 05, 2021)

Fraudsters aiming to steal login credentials from AOL users are
sending phishing emails that threaten recipients with account closures
unless they confirm their email addresses and passwords. The AOL
phishing campaign was noticed on February 23, according to Bitdefender
Antispam Lab. Like previous email-based phishing campaigns,
cybercriminals use scare tactics and subject lines ranging from […]
(Friday March 05, 2021)
The latest pre-authenticated Remote Code Execution vulnerability on
Microsoft Exchange Server
WHAT IS PROXYLOGON?
ProxyLogon is the formally generic name for CVE-2021-26855
a vulnerability on Microsoft Exchange Server that allows an attacker
bypassing the authentication and impersonating as the admin. We have
also chained this bug with another post-auth arbitrary-file-write
vulnerability, CVE-2021-27065
to get code execution. All affected components are VULNERABLE BY
DEFAULT!
As a result, an...
(Friday March 05, 2021)
Data breaches all over the place this week! Not just data breaches,
but _noteworthy _data breaches; the VPN ones for being pretty shady,
Oxfam because it included my data which was posted to a hacking forum,
Ticketcounter because of the interactions I had with them during the
disclosure process and
(Friday March 05, 2021)
When the same data is parsed twice by different parsers, some interesting security bugs can be introduced. In this post I will show how I used fuzzing to find a parser diffential issue in Kibana’s alerting and actions feature and how I leveraged radamsa to fuzz NodeJS’ URL parsers.
(Friday March 05, 2021)

As cloud computing continues to grow, Google Cloud is quickly becoming
one of the most popular solutions. However, relatively few engineers
know this platform well. This leaves the door open for aspiring IT
professionals who take the official exams. The Google Cloud
Certifications Practice Tests + Courses Bundle helps you get
certified faster, with 43 hours of video content and over 1,000
(Friday March 05, 2021)
The experts agree. SolarWinds was the worst security disaster of all
time, and it's not done with us yet.
(Friday March 05, 2021)
On March 2, Virginia's Democratic Governor Ralph Northam signed into
law the nation's second major piece of state legislation that governs
consumer data privacy and protection. Virginia's , which will mostly
go into effect on January 1, 2023.
(Friday March 05, 2021)

FireEye and Microsoft on Thursday said they discovered three more
malware strains in connection with the SolarWinds supply-chain attack,
including a "sophisticated second-stage backdoor," as the
investigation into the sprawling espionage campaign continues to
yield fresh clues about the threat actor's tactics and techniques.
Dubbed GoldMax (aka SUNSHUTTLE), GoldFinder, and Sibot, the new set of
(Friday March 05, 2021)
' + jsdescription1Arr.substring(0, 160).trim() + '
(Friday March 05, 2021)

Signaling a major shift to its ads-driven business model, Google on
Wednesday unequivocally stated it would not build alternate
identifiers or tools to track users across multiple websites once it
begins phasing out third-party tracking cookies from its Chrome
browser by early 2022. "Instead, our web products will be powered by
privacy-preserving APIs which prevent individual tracking while
(Friday March 05, 2021)

Enterprise cloud security firm Qualys has become the latest victim to
join a long list of entities to have suffered a data breach after
zero-day vulnerabilities in its Accellion File Transfer Appliance
(FTA) server were exploited to steal sensitive business documents. As
proof of access to the data, the cybercriminals behind the recent
hacks targeting Accellion FTA servers have shared
(Friday March 05, 2021)

Following Microsoft's release of out-of-band patches to address
multiple zero-day flaws in on-premises versions of Microsoft Exchange
Server, the U.S. Cybersecurity and Infrastructure Security Agency
(CISA) has issued an emergency directive warning of "active
exploitation" of the vulnerabilities. The alert comes
on the heels of Microsoft's disclosure that China-based hackers were
(Friday March 05, 2021)
No one can argue that 2020 wasn't disruptive to almost everyone in the
world. And businesses were no exception. To accommodate the need for
social distancing, countless organizations had to reconfigure
everything from their business models to their networks. The almost
overnight shift to remote work meant everyone from employees, to
students, to healthcare workers had to connect to their business
networks from outside. Retailers scrambled to adapt as the pandemic
altered how people patronized their businesses and even what they
purchased. The ripple effects from these changes affected point...
(Thursday March 04, 2021)
Business-related applications like those from Microsoft, Zoom, and
DocuSign are most often impersonated in brand phishing attacks.
(Thursday March 04, 2021)
Interest in vaccines is driving all sorts of activity, reports say,
from vaccine-specific phishing to growing bot traffic on healthcare
sites.
(Thursday March 04, 2021)
Researchers with Microsoft and FireEye found three new malware
families, which they said are used by the threat group behind the
SolarWinds attack.
(Thursday March 04, 2021)
Newly discovered tools were designed for late-stage use after the
attackers had already established a relatively firm presence on a
breached network, vendors say.
(Thursday March 04, 2021)
Elite Russian forums for cybercriminals have been hacked in a string
of breaches, leaving hackers edgy and worried about law enforcement.
(Thursday March 04, 2021)
Practical advice on how to maximize your security and privacy on
TikTok.
(Thursday March 04, 2021)
Justice officials claim antivirus founder and associate fraudulently
promoted altcoins via Twitter.
(Thursday March 04, 2021)
Lastest episode - listen now. (And tell your friends!)
(Thursday March 04, 2021)
Google Maps API checker. Contribute to joanbono/gap development by creating an account on GitHub.
(Thursday March 04, 2021)
It's déjà vu all over again! New month, new Chrome zero-day bug
being exploited in the wild.
(Thursday March 04, 2021)
The enterprise of the future will depend upon organizations' ability
to extend the company firewall to everywhere people are working.
(Thursday March 04, 2021)
Criminals text or email photos of fake government identification
badges to trick people into sending money.
(Thursday March 04, 2021)
TALON, a network of smart, connected security cameras developed by the
Atlanta-based startup and installed by law enforcement around the
country, raises surveillance-related privacy concerns.
(Thursday March 04, 2021)

APT-Hunter is a threat hunting tool for windows event logs made from
the perspective of the purple team mindset to provide detection for
APT movements hidden in the sea of windows event logs.
This will help you to decrease the time to uncover suspicious activity
and the tool will make good use of the windows event logs collected
and make sure to not miss critical events configured to be detected.
The target audience for APT-Hunter is threat hunters, incident
response professionals or forensic investigators.
(Thursday March 04, 2021)
Espionage attacks exploiting the just-patched remote code-execution
security bugs in Microsoft Exchange servers are quickly spreading.
(Thursday March 04, 2021)
Learn how Microsoft Cloud App Security helps manage your SaaS apps and
services, protecting against cyber threats, data leaks, and lack of
compliance.
The post A better cloud access security broker: Securing your SaaS
cloud apps and services with Microsoft Cloud App Security
[https://www.microsoft.com/security/blog/2021/03/04/a-better-cloud-access-security-broker-securing-your-saas-cloud-apps-and-services-with-microsoft-cloud-app-security/]
appeared first on Microsoft Security.
(Thursday March 04, 2021)
Microsoft has identified three new pieces of malware being used in
late-stage activity by NOBELIUM – the actor behind the SolarWinds
attacks, SUNBURST, and TEARDROP.
The post GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s
layered persistence
[https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/]
appeared first on Microsoft Security.
(Thursday March 04, 2021)

Security researchers have identified a new malware campaign designed
to infect host machines with ObliqueRAT, a remote access Trojan, with
the help of malicious Microsoft Office documents. Infecting email
attachments, usually Microsoft Office docs, is a favorite tactic of
attackers. It’s a simple method, and it works, but even these
methods change from time to […]
(Thursday March 04, 2021)
Security vendor confirms attackers exploited a previously disclosed
vulnerability in the enterprise firewall technology to breach its
network.
(Thursday March 04, 2021)
We prototyped a Windows Service Canary to help detect and respond to certain pre-ransomware trade craft. The ultimate goal being to alert and minimize the impact of ransomware deployments.
(Thursday March 04, 2021)
Cybercriminals are using the COVID-19 vaccine to steal Microsoft
credentials, infect systems with malware and bilk victims out of
hundreds of dollars.
(Thursday March 04, 2021)
sqlmap is an open source command-line automatic SQL injection tool.
Its goal is to detect and take advantage of SQL injection
vulnerabilities in web applications. Once it detects one or more SQL
injections on the target host, the user can choose among a variety of
options to perform an extensive back-end database management system
fingerprint, retrieve DBMS session user and database, enumerate users,
password hashes, privileges, databases, dump entire or user's
specified DBMS tables/columns, run his own SQL statement, read or
write either text or binary files on the file system,...
(Thursday March 04, 2021)
Red Hat Security Advisory 2021-0733-01 - IBM Java SE version 7 Release
1 includes the IBM Java Runtime Environment and the IBM Java Software
Development Kit. This update upgrades IBM Java SE 7 to version 7R1
SR4-FP80. Issues addressed include a buffer overflow vulnerability.
(Thursday March 04, 2021)
Red Hat Security Advisory 2021-0717-01 - IBM Java SE version 8
includes the IBM Java Runtime Environment and the IBM Java Software
Development Kit. This update upgrades IBM Java SE 8 to version 8
SR6-FP25. Issues addressed include buffer overflow and bypass
vulnerabilities.
(Thursday March 04, 2021)
Textpattern CMS version 4.8.3 remote code execution exploit.
(Thursday March 04, 2021)
Textpattern CMS version 4.9.0-dev suffers from a persistent cross site
scripting vulnerability.
(Thursday March 04, 2021)
Textpattern CMS version 4.8.4 suffers from a persistent cross site
scripting vulnerability.
(Thursday March 04, 2021)
Whitepaper called Android Vulnerability in ES File Explorer. It
provides an overview of manual exploitation of ES File Explorer
version 4.1.9.7.4 using counterfeit requests over HTTP.
(Thursday March 04, 2021)
Red Hat Security Advisory 2021-0719-01 - Red Hat Advanced Cluster
Management for Kubernetes 2.0.8 images. Red Hat Advanced Cluster
Management for Kubernetes provides the capabilities to address common
challenges that administrators and site reliability engineers face as
they work across a range of public and private cloud environments.
Clusters and applications are all visible and managed from a single
console—with security policy built in. This advisory contains the
container images for Red Hat Advanced Cluster Management for
Kubernetes, which resolve some security issues and bugs.
(Thursday March 04, 2021)
Online Ordering System version 1.0 suffers from an unauthenticated
remote blind SQL injection vulnerability.
(Thursday March 04, 2021)
Online Ordering System version 1.0 suffers from a remote shell upload
vulnerability.
(Thursday March 04, 2021)
Red Hat Security Advisory 2021-0727-01 - The Berkeley Internet Name
Domain is an implementation of the Domain Name System protocols. BIND
includes a DNS server ; a resolver library ; and tools for verifying
that the DNS server is operating correctly. Issues addressed include a
buffer overflow vulnerability.
(Thursday March 04, 2021)
Web Based Quiz System version 1.0 suffers from a remote SQL injection
vulnerability.
(Thursday March 04, 2021)
e107 CMS version 2.3.0 suffers from a cross site request forgery
vulnerability.
(Thursday March 04, 2021)
(Thursday March 04, 2021)
(Thursday March 04, 2021)
(Thursday March 04, 2021)
(Thursday March 04, 2021)
A Russian cybercrime forum appears to have suffered a data breach,
spilling details of users. Which is a terribly unfortunate thing to
happen...
(Thursday March 04, 2021)
Over the past few weeks, three of the longest running and most
venerated Russian-language online forums serving thousands of
experienced cybercriminals have been hacked. In two of the intrusions,
the attackers made off with the forums' user databases, including
email and Internet addresses and hashed passwords.
(Thursday March 04, 2021)
The red team draws attention, but the blue team has the expertise to
keep networks secure day in and day out.
(Thursday March 04, 2021)
Business Email Compromise (BEC) scammers, who have made rich returns
in recent years tricking organisations into transferring funds into
their accounts, have found a new tactic which attempts to swindle Wall
Street firms out of significantly larger amounts of money. Read more
in my article on the Tripwire State of Security blog.
(Thursday March 04, 2021)
Nations around the world are racing to acquire COVID-19 vaccines and
assemble digital infrastructure and web applications to enable
appointment booking. As they do this, Imperva Research Labs has
monitored a staggering 372% increase in bad bot traffic on healthcare
websites globally since September 2020. In February 2021, bot traffic
soared 48.8%, the largest increase […]
The post Bad Bot Traffic on Healthcare Websites Rises 372% As Vaccines
Become Available Globally
[https://www.imperva.com/blog/bad-bot-traffic-on-healthcare-websites-rises-372-as-vaccines-become-available-globally/]
appear
(Thursday March 04, 2021)
Feedzai, a cloud-based risk management platform, has announced its
Financial Crime Report Q1, 2021. Feedzai’s data from financial
transactions across the world shows a stark difference in consumer
behaviour and financial crime in the Asia-Pacific (APAC) region as
compared to Europe (EU) and North America (NA). A clear image appears
– a hyper-digital world where east […]
The post Fraud attempts skyrocketed in 2020 according to latest
Financial Crime Report from Feedzai
[https://www.itsecurityguru.org/2021/03/04/fraud-attempts-skyrocketed-in-2020-according-to-latest-financial-crime-repor
(Thursday March 04, 2021)
4 MARCH 2021
WHOLESOME CURL CALLS FOR YOUR BLOG POSTS
Share via:
An important part of each penetration test is the documentation of all
discovered vulnerabilities. The documentation often includes program
calls to further demonstrate how a vulnerability was found, tested or
exploited. To better visualise these steps in the context of web
applications, we often include invocations of the command-line HTTP
program calls can be styled for documentation to appeal to all
audiences.
[curl...
(Thursday March 04, 2021)
Social media app Clubhouse has been on the market for less than one
year and it’s already facing privacy-related court filings and
fallout from a user data leak that , in which a user recorded and
shared private conversations, user login information, and metadata to
another website.(Insider Story)
(Thursday March 04, 2021)
Wubes is like Qubes but for Microsoft Windows. The idea is to leverage the Windows Sandbox technology to spawn applications in isolation. We currently support spawning a Windows Sandbox for the Firefox browser, with other applications easily added.
(Thursday March 04, 2021)

Amid heightened border tensions between India and China,
cybersecurity researchers have revealed a concerted campaign against
India's critical infrastructure, including the nation's power grid,
from Chinese state-sponsored groups. The attacks, which coincided with
the standoff between the two nations in May 2020, targeted a total of
12 organizations, 10 of which are in the power generation and
(Thursday March 04, 2021)

Exactly a month after patching an actively exploited zero-day flaw
in Chrome, Google today rolled out fixes for yet another zero-day
vulnerability in the world's most popular web browser that it says is
being abused in the wild. Chrome 89.0.4389.72, released by the search
giant for Windows, Mac, and Linux on Tuesday, comes with a total of 47
security fixes, the most severe of which concerns an "
(Thursday March 04, 2021)
Actor, presenter and writer Robert Llewellyn, famous for playing the
part of Kryten in the science-fiction comedy "Red Dwarf," joins us as
we discuss robots gone rogue, electric vehicle nightmares, and creepy
companions. All this and much much more can be found in the latest
edition of the "Smashing Security" podcast, hosted by computer
security veterans Graham Cluley and Carole Theriault.
(Thursday March 04, 2021)
Earlier this month, I came back around to seriously considering an attempt at bitsquatting. While the prior link goes into great depth on the topic, I will attempt to give a very high level overview here:
If this sort of thing interests you: I tend to do stuff like this weekly.
(Wednesday March 03, 2021)
as I write this), and for the most part, the situation with Gab is
just another day on the internet. But Gab is also different, having
grown dramatically in recent months