Cyber espionage by Chinese hackers in neighbouring nations is on the rise
(Saturday June 19, 2021)
North Korea Exploited VPN Flaw to Hack South's Nuclear Research Institute
(Saturday June 19, 2021)
Russia bans VyprVPN, Opera VPN services for not complying with blacklist request
(Saturday June 19, 2021)
Weekly Update 248
(Saturday June 19, 2021)
Thought Id do a bit of AMA this week given the rest of the content was
a bit lighter. If you like this sort of content then Ill try and be a
bit more organised next time, give some notice and make more of an
event
Attackers Find New Way to Exploit Google Docs for Phishing
(Friday June 18, 2021)
This Week in Database Leaks: Cognyte, CVS, Wegmans
(Friday June 18, 2021)
Accidental Insider Leaks Prove Major Source of Risk
(Friday June 18, 2021)
Research reports highlight growing concerns around insider negligence
that leads to data breaches.
Can *YOU* blow a PC speaker using only a Linux kernel driver?
(Friday June 18, 2021)
11 Security Certifications to Seek Out This Summer
(Friday June 18, 2021)
The more you know, the more you grow. The Edge takes a fresh look at
leading security certifications that can help advance your career.
Microsoft announces recipients of academic grants for AI research on combating phishing
(Friday June 18, 2021)
What’s Making Your Company a Ransomware Sitting Duck
(Friday June 18, 2021)
Repairmen suspected of installing ransomware on customers’ PCs. Arrests in South Korea
(Friday June 18, 2021)
Carnival Cruise Cyber-Torpedoed by Cyberattack
(Friday June 18, 2021)
Infographic: How Do You Stop Bad Bots?
(Friday June 18, 2021)
According to Imperva’s Bad Bot Report 2021, bad bot traffic has
maintained its upwards trend, amounting to 25.6 percent of all traffic
in 2020, an all-time high. Combined with good bot traffic, 40.8
percent of internet traffic in 2020 wasn’t human, as human traffic
decreased by 5.7 percent to 59.2 percent of all traffic. In […]
The post Infographic: How Do You Stop Bad Bots?
[https://www.imperva.com/blog/infographic-how-do-you-stop-bad-bots/]
appeared first on Blog [https://www.imperva.com/blog].
4 Habits of Highly Effective Security Operators
(Friday June 18, 2021)
These good habits can make all the difference in advancing careers for
cybersecurity operators who spend their days putting out fires large
and small.
Insider Versus Outsider: Navigating Top Data Loss Threats
(Friday June 18, 2021)
Troy Gill, manager of security research at Zix, discusses the most
common ways sensitive data is scooped up by nefarious sorts.
Google Docs/Drive feature allows attackers to embed any custom (malicious) web page in an email's body. Attackers are using this trick to bypass email security solutions configured to allow Google Docs/Drive links.
(Friday June 18, 2021)
Malware prevents its victims from going to illegal download sites
(Friday June 18, 2021)
© Pirate Bay In a report, SophosLab said it learned of the existence of malware intended to prevent its victims from downloading illegally. Active between October 2020 and January 2021, this malware was content to change the HOSTS file of its victims to prevent them from going to The Pirate Bay and its mirrors. Malware... original Report author Andrew…
BrandPost: Harness the Power of Predictive Analytics to Protect Your Endpoints
(Friday June 18, 2021)
‘Oddball’ Malware Blocks Access to Pirated Software
(Friday June 18, 2021)
BrandPost: Protect Against Malicious Document and File Downloads
(Friday June 18, 2021)
To do their jobs, users need to be able to download files from
external sources. People tend to click on shared documents quickly,
averaging less than four minutes from the time they hit the inbox.
Malicious downloads enter the organization in many ways, including:
* Web browsing
* Clicking on shared links
* Installing programs
* Initiating FTP file transfers
Malicious downloads are particularly effective because bad websites
are so abundant, short-lived, and contain content that changes
frequently to avoid accurate categorization; with unique and
polymorphic malware that evade...
First American Financial Pays Farcical $500K Fine
(Friday June 18, 2021)
In May 2019, KrebsOnSecurity broke the news that the website of
mortgage settlement giant First American Financial Corp. [NYSE:FAF]
was leaking more than 800 million documents -- many containing
sensitive financial data -- related to real estate transactions dating
back more than 16 years. This week, the U.S. Securities and Exchange
Commission settled its investigation into the matter after the Fortune
500 company agreed to pay a paltry penalty of less than $500,000.
BrandPost: Prevent Credential Theft
(Friday June 18, 2021)
2 Factor Authentication: The Tester’s Edition
(Friday June 18, 2021)
For better safety and security, many applications now use 2 factor authentication. Here is an article on how to test it as well as automate it.
Faux ‘DarkSide’ Gang Takes Aim at Global Energy, Food Sectors
(Friday June 18, 2021)
A DarkSide doppelganger mounts a fraud campaign aimed at extorting
nearly $4 million from each target.
Threat Actors Spread Agent Tesla Disguised as COVID-19 Vaccination Registration
(Friday June 18, 2021)
A recent phishing campaign targeting Windows machines is attempting to
infect users with one of the most recent versions of the Agent Tesla
remote access Trojan (RAT). The malicious campaign, spotted by the
Bitdefender Antispam Lab, tries to deliver the malicious payload under
the guise of a COVID-19 vaccination schedule that comes as an
attachment. […]Make the Internet a Better, Safer Place on Stop Cyberbullying Day
(Friday June 18, 2021)
Stop Cyberbullying Day has been promoting good digital citizenship
practices for more than a decade to make the digital world a better
and more welcoming place for everyone. This year, we’re reminded of
the challenges and risks children and teens face when using digital
technologies. Stuck at home during the pandemic, kids have turned to
[…]Google Releases New Framework to Prevent Software Supply Chain Attacks
(Friday June 18, 2021)
Fake Ledger devices mailed out in attempt to steal from cryptocurrency fans
(Friday June 18, 2021)
10 old software bugs that took way too long to squash
(Friday June 18, 2021)
Bypassing 2FA using OpenID Misconfiguration
(Friday June 18, 2021)
Posted on Jun 11, 2021
Two factor authentication is rapidly becoming a norm in all
authentication systems, however faulty implementation can often times
render the defense mechanism useless. There's plenty of write-ups
going through vulnerabilities such as missing rate limits, improper
access controls and token leakage, but this short write-up will
present a unique bypass caused by a misconfiguration in an OpenID
implementation.
The target was a company with over 50 worldwide brands, with a lot...
Scapy Turned 18. Boy They Grow Up Fast, Don’t They!
(Friday June 18, 2021)
JavaScript не е активиран в браузъра ви,
така че този файл не може да бъде
отворен. Активирайте и презаредете.
[eBook] 7 Signs You Might Need a New Detection and Response Tool
(Friday June 18, 2021)
Update Your Chrome Browser to Patch Yet Another 0-Day Exploited in-the-Wild
(Friday June 18, 2021)
Molerats Hackers Return With New Attacks Targeting Middle Eastern Governments
(Friday June 18, 2021)
Data Breaches Surge in Food & Beverage, Other Industries
(Thursday June 17, 2021)
Six previously "under-attacked" vertical industries saw a surge in
data breaches last year due to COVID-19 related disruptions and other
factors, new data shows.
Bypassing Image Load Kernel Callbacks - @MDSecLabs
(Thursday June 17, 2021)
Load Kernel Callbacks
As security teams continue to advance, it has become essential for
attacker’s to have complete control over every part of their
operation, from the infrastructure down to individual actions that
occur on the endpoint. Even with this in mind, image load events have
always been something I’ve tried to ignore despite the extensive
view they can give into the actions on an endpoint. This was simply
because they occur from inside the kernel, so there’s nothing a...
One in Five Manufacturing Firms Targeted by Cyberattacks
(Thursday June 17, 2021)
Carnival Cruise Line Reports Security Breach
(Thursday June 17, 2021)
The cruise ship operator says the incident affected employee and guest
data.
Google Launches SLSA, a New Framework for Supply Chain Integrity
(Thursday June 17, 2021)
The "Supply chain Levels for Software Artifacts" aims to ensure the
integrity of components throughout the software supply chain.
Clop Raid: A Big Win in the War on Ransomware?
(Thursday June 17, 2021)
S3 Ep37: Quantum crypto, refunding Bitcoins, and Alpaca problems [Podcast]
(Thursday June 17, 2021)
Cisco Smart Switches Riddled with Severe Security Holes
(Thursday June 17, 2021)
The intro-level networking gear for SMBs could allow remote attacks
designed to steal information, drop malware and disrupt operations.
Ubuntu Security Notice USN-4991-1
(Thursday June 17, 2021)
Red Hat Security Advisory 2021-2479-01
(Thursday June 17, 2021)
Red Hat Security Advisory 2021-2479-01 - Red Hat OpenShift Container
Storage is software-defined storage integrated with and optimized for
the Red Hat OpenShift Container Platform. Red Hat OpenShift Container
Storage is a highly scalable, production-grade persistent storage for
stateful applications running in the Red Hat OpenShift Container
Platform. Issues addressed include a cross site scripting
vulnerability.
Ubuntu Security Notice USN-4990-1
(Thursday June 17, 2021)
Ubuntu Security Notice 4990-1 - It was discovered that Nettle
incorrectly handled RSA decryption. A remote attacker could possibly
use this issue to cause Nettle to crash, resulting in a denial of
service. It was discovered that Nettle incorrectly handled certain
padding oracles. A remote attacker could possibly use this issue to
perform a variant of the Bleichenbacher attack. This issue only
affected Ubuntu 18.04 LTS. Various other issues were also addressed.
Windows Kerberos AppContainer Enterprise Authentication Capability Bypass
(Thursday June 17, 2021)
Red Hat Security Advisory 2021-2476-01
(Thursday June 17, 2021)
Trojan.Win32.Alien.erf Directory Traversal
(Thursday June 17, 2021)
Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution
(Thursday June 17, 2021)
Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution
(Thursday June 17, 2021)
Dup Scout 13.5.28 Unquoted Service Path
(Thursday June 17, 2021)
Dup Scout version 13.5.28 suffers from an unquoted service path
vulnerability.
Red Hat Security Advisory 2021-2475-01
(Thursday June 17, 2021)
Trojan.Win32.Alien.erf Buffer Overflow
(Thursday June 17, 2021)
Unified Office Total Connect Now 1.0 SQL Injection
(Thursday June 17, 2021)
Samsung NPU npu_session_format Out-Of-Bounds Write
(Thursday June 17, 2021)
Samsung NPU (Neural Processing Unit) suffers from an out-of-bounds
write vulnerability in npu_session_format.
Red Hat Security Advisory 2021-2472-01
(Thursday June 17, 2021)
Red Hat Security Advisory 2021-2469-01
(Thursday June 17, 2021)
Red Hat Security Advisory 2021-2469-01 - The Dynamic Host
Configuration Protocol is a protocol that allows individual devices on
an IP network to get their own network configuration information,
including an IP address, a subnet mask, and a broadcast address. The
dhcp packages provide a relay agent and ISC DHCP service required to
enable and administer DHCP on a network. Issues addressed include a
buffer overflow vulnerability.
How to hack a bicycle – Peloton Bike+ rooting bug patched
(Thursday June 17, 2021)
VeryFitPro 3.2.8 Insecure Transit
(Thursday June 17, 2021)
VeryFitPro version 3.2.8 sends unencrypted cleartext transmission of
sensitive information.
VX Search 13.5.28 Unquoted Service Path
(Thursday June 17, 2021)
VX Search version 13.5.28 suffers from an unquoted service path
vulnerability.
Red Hat Security Advisory 2021-2471-01
(Thursday June 17, 2021)
Red Hat Security Advisory 2021-2471-01 - Red Hat JBoss Core Services
is a set of supplementary software for Red Hat JBoss middleware
products. This software, such as Apache HTTP Server, is common to
multiple JBoss middleware products, and is packaged under Red Hat
JBoss Core Services to allow for faster distribution of updates, and
for a more consistent update experience. This release adds the new
Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the
JBoss Core Services offering. This release serves as a replacement for
Red Hat JBoss Core Services Pack Apache Server 2.4.37...
Zoho ManageEngine ServiceDesk Plus 9.4 User Enumeration
(Thursday June 17, 2021)
Zoho ManageEngine ServiceDesk Plus version 9.4 suffers from a user
enumeration vulnerability.
Red Hat Security Advisory 2021-2467-01
(Thursday June 17, 2021)
Trojan.Win32.Alien.erf Denial Of Service
(Thursday June 17, 2021)
Workspace ONE Intelligent Hub 20.3.8.0 Unquoted Service Path
(Thursday June 17, 2021)
Workspace ONE Intelligent Hub version 20.3.8.0 suffers from an
unquoted service path vulnerability.
Red Hat Security Advisory 2021-2461-01
(Thursday June 17, 2021)
Penetration Testing Web Storage (User Experience)
(Thursday June 17, 2021)
Whitepaper called Penetration Testing Web Storage (User Experience).
Written in Arabic.
Ubuntu Security Notice USN-4989-2
(Thursday June 17, 2021)
Ubuntu Security Notice 4989-2 - USN-4989-1 fixed several
vulnerabilities in BlueZ. This update provides the corresponding
update for Ubuntu 16.04 ESM. It was discovered that BlueZ incorrectly
checked certain permissions when pairing. A local attacker could
possibly use this issue to impersonate devices. Various other issues
were also addressed.
Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes
(Thursday June 17, 2021)
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
(Thursday June 17, 2021)
CVS Health Records for 1.1 Billion Customers Exposed
(Thursday June 17, 2021)
Certified Pre-Owned: Abusing Active Directory Certificate Services
(Thursday June 17, 2021)
TL;DR Active Directory Certificate Services has a lot of attack potential! Check out our whitepaper “Certified Pre-Owned: Abusing Active Directory Certificate Services” for complete details. We’re…
CLOP ransomware suspects charged by police in Ukraine
(Thursday June 17, 2021)
Lessons Learned from 100 Data Breaches: Part 4, Trends in Average Volumes of Stolen Records
(Thursday June 17, 2021)
Imperva research shows an increase in the volume of data stolen every
year. In 2020, we started to see more and more breaches that
exfiltrate records in billions. Based on the analysis of thousands of
data breach details published on dbdigest, we made calculations on the
raw data and found some interesting information about data […]
The post Lessons Learned from 100 Data Breaches: Part 4, Trends in
Average Volumes of Stolen Records
[https://www.imperva.com/blog/lessons-learned-from-100-data-breaches-part-4-trends-in-average-volumes-of-stolen-records/]
appeared first on Blog...
Improve your threat detection and response with Microsoft and Wortell
(Thursday June 17, 2021)
Report: Active Directory Certificate Services a big security blindspot on enterprise networks
(Thursday June 17, 2021)
Mission Critical: What Really Matters in a Cybersecurity Incident
(Thursday June 17, 2021)
The things you do before and during a cybersecurity incident can make
or break the success of your response.
Threat Actors Use Google Docs to Host Phishing Attacks
(Thursday June 17, 2021)
Smashing Security podcast #232: Zoomolympics and language matters
(Thursday June 17, 2021)
Biden says 16 sectors should be off limits to attack
(Thursday June 17, 2021)
In a speech on Wednesday, the U.S. President, Joe Biden told the
Russian President, that 16 sectors of critical infrastructure should
be “off-limits” to attacks, specifically cyberattacks.
Unfortunately, analysts believe his efforts to be futile. Robert
Golladay, the EMEA and APAC director at Illusive claims that “the
fact that one of the leaders of the […]
The post Biden says 16 sectors should be off limits to attack
[https://www.itsecurityguru.org/2021/06/17/biden-says-16-sectors-should-be-off-limits-to-attack/]
appeared first on IT Security Guru [https://www.itsecurityguru.org].
A New Spyware is Targeting Telegram and Psiphon VPN Users in Iran
(Thursday June 17, 2021)
Over a billion CVS health records exposed
(Thursday June 17, 2021)
5 biggest healthcare security threats for 2021
(Thursday June 17, 2021)
Cyberattacks targeting the healthcare sector have surged because of
the COVID-19 pandemic and the resulting rush to enable remote delivery
of healthcare services. Security vendors and researchers tracking the
industry have reported a major increase in , web application attacks,
and other threats targeting healthcare providers.(Insider Story)
Strengthen Your Password Policy With GDPR Compliance
(Thursday June 17, 2021)
Ukraine Police Arrest Cyber Criminals Behind Clop Ransomware Attacks
(Thursday June 17, 2021)
Researchers Uncover 'Process Ghosting' — A New Malware Evasion Technique
(Thursday June 17, 2021)
Using Monday.com's project manager as a command & control server
(Thursday June 17, 2021)
CVE/Research Publications. Contribute to 1d8/publications development by creating an account on GitHub.
Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets
(Thursday June 17, 2021)
Critical ThroughTek Flaw Opens Millions of Connected Cameras to Eavesdropping
(Thursday June 17, 2021)
