] The Mad Hacker [

online
mad hacker

Collecting all the news about Cybersecurity, computer security, cracking, hacking, infosec, netsec, & security vunerabilities in one convenient place

Whitehat, greyhat, blackhat, tinker, tailor, solider, spy
We trawl the web so you don't have to
Since 2000

the mad hacker overlay

Dark_Nexus Botnet Compromises Thousands of ASUS, D-Link Routers

(Wednesday April 08, 2020)
Researchers say the botnet has emerged over the past three months and shares aspects with Mirai and Qbot.

BEC, Domain Jacking Help Criminals Disrupt Cash Transfers

(Wednesday April 08, 2020)
The two hacking methods occur independently but are being used in concert to steal funds that are part of online payments and transactions.

OSS-Fuzz integration for LibreSSL

(Wednesday April 08, 2020)
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

Red Hat Security Advisory 2020-1406-01

(Wednesday April 08, 2020)
Red Hat Security Advisory 2020-1406-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.7.0 ESR. Issues addressed include an out of bounds write vulnerability.

Ubuntu Security Notice USN-4326-1

(Wednesday April 08, 2020)
Ubuntu Security Notice 4326-1 - It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2020-1280-01

(Wednesday April 08, 2020)
Red Hat Security Advisory 2020-1280-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue was resolved where /etc/passwd was given incorrect privileges.

Red Hat Security Advisory 2020-1404-01

(Wednesday April 08, 2020)
Red Hat Security Advisory 2020-1404-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.7.0 ESR. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2020-1403-01

(Wednesday April 08, 2020)
Red Hat Security Advisory 2020-1403-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include an out of bounds access vulnerability.

Ubuntu Security Notice USN-4324-1

(Wednesday April 08, 2020)
Ubuntu Security Notice 4324-1 - Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information. Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice USN-4325-1

(Wednesday April 08, 2020)
Ubuntu Security Notice 4325-1 - It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service. Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information. Various other issues were also addressed.

Centreon 19.10-3.el7 SQL Injection

(Wednesday April 08, 2020)
This is a whitepaper tutorial that describes steps taken to identify post-authentication remote SQL injection vulnerabilities in Centreon version 19.10-3.el7.

Red Hat Security Advisory 2020-1277-01

(Wednesday April 08, 2020)
Red Hat Security Advisory 2020-1277-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a memory exhaustion vulnerability.

Amcrest Dahua NVR Camera IP2M-841 Denial Of Service

(Wednesday April 08, 2020)
Amcrest Dahua NVR Camera IP2M-841 denial of service proof of concept exploit.

Symantec Web Gateway 5.0.2.8 Remote Code Execution

(Wednesday April 08, 2020)
This is a whitepaper tutorial that describes steps taken to identify post-authentication remote code execution vulnerabilities in Symantec Web Gateway version 5.0.2.8.

Red Hat Security Advisory 2020-1287-01

(Wednesday April 08, 2020)
Red Hat Security Advisory 2020-1287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include an out of bounds write vulnerability.

Django 3.0 Cross Site Request Forgery

(Wednesday April 08, 2020)
Django version 3.0 suffers from a cross site request forgery token bypass vulnerability.

Ubuntu Security Notice USN-4323-1

(Wednesday April 08, 2020)
Ubuntu Security Notice 4323-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. It was discovered that extensions could obtain auth codes from OAuth login flows in some circumstances. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain access to the user's account. Various other issues were also addressed.

Threat Mapper - Powerful vulnerability scanner for Kubernetes and more

(Wednesday April 08, 2020)
Identify vulnerabilities in running containers, images, hosts and repositories - deepfence/ThreatMapper

ManageEngine 14 Remote Code Execution

(Wednesday April 08, 2020)
This is a whitepaper tutorial that describes steps taken to identify post-authentication remote code execution vulnerabilities in ManageEngine version 14.

NagiosXI 5.6.11 Remote Command Execution

(Wednesday April 08, 2020)
This is a whitepaper tutorial that describes steps taken to identify post-authentication remote command execution vulnerabilities in NagiosXI version 5.6.11.

Symantec Web Gateway 5.0.2.8 Remote Command Execution

(Wednesday April 08, 2020)
This is a whitepaper tutorial that walks through creating a proof of concept exploit for a pre-authentication remote command execution vulnerability in Symantec Web Gateway version 5.0.2.8.

NagiosXI 5.6 Remote Command Execution

(Wednesday April 08, 2020)
This is a whitepaper tutorial that walks through creating a proof of concept exploit for a remote command execution vulnerability in NagiosXI version 5.6.

ThreatList: Skype-Themed Apps Hide a Raft of Malware

(Wednesday April 08, 2020)
Hundreds of thousands of malware files are disguised as well-known social conferencing and collaboration apps.

Slack in the security spotlight – lessons for collaboration servers

(Wednesday April 08, 2020)
Interested in WFH collaboration tools right now? Lots of people are - so here's a history lesson to learn from...

phoenixNAP Integrates Alert Logic MDR into its Secure Cloud Solution

(Wednesday April 08, 2020)
phoenixNAP®, a global IT services provider offering security-focused cloud infrastructure, dedicated servers, colocation, and specialised Infrastructure-as-a-Service (IaaS) technology solutions, today announced a collaboration with Alert Logic, the industry’s first SaaS-enabled managed detection and response provider. This partnership will expand phoenixNAP’s Data Security Cloud (DSC) to include Alert Logic’s market-defining managed detection and response solution, enabling […] The post phoenixNAP Integrates Alert Logic MDR into its Secure...

Fingerprint Cloning: Myth Or Reality?

(Wednesday April 08, 2020)

Accenture Buys Revolutionary Security in Third Acquisition of 2020

(Wednesday April 08, 2020)
The deal is intended to strengthen Accenture's critical infrastructure protection capabilities and address more complex IT and OT challenges.

Microsoft shares new threat intelligence, security guidance during global crisis

(Wednesday April 08, 2020)
Our threat intelligence shows that COVID-19 themed threats are retreads of existing attacks that have been slightly altered to tie to the pandemic. We’re seeing a changing of lures, not a surge in attacks. These attacks are settling into the normal ebb and flow of the threat environment. The post Microsoft shares new threat intelligence, security guidance during global crisis [https://www.microsoft.com/security/blog/2020/04/08/microsoft-shares-new-threat-intelligence-security-guidance-during-global-crisis/] appeared first on Microsoft Security.

HP Support Assistant App Riddled with Security Issues and Vulnerabilities, Researcher Finds

(Wednesday April 08, 2020)
A security researcher found 10 vulnerabilities in the HP Support Assistant application shipped with every laptop the company makes, from the officially dead Windows 7 up to the latest version of Windows 10. Many companies pre-install software on their laptops and computers with the simple goal of providing support for fixes and automatic updates. While […]

A tool for hiding your online assets from online scanners

(Wednesday April 08, 2020)
A tool for hiding your online assets from online scanners - avilum/waycup

Why Threat Hunting with XDR Matters

(Wednesday April 08, 2020)
Extended detection response technology assumes a breach across all your endpoints, networks, SaaS applications, cloud infrastructure, and any network-addressable resource.

OhMyZsh dotenv Remote Code Execution

(Wednesday April 08, 2020)
OhMyZsh dotenv RCE

Data on 600,000 Email.it users for sale on dark web after email provider refuses to pay bounty

(Wednesday April 08, 2020)
Email.it, an Italian email provider, has recently confirmed that it was breached, confirming suspicions raised after an announcement posted by the NN Hacking Group on its Twitter account on April 5. Data stolen is said to contain private information on 600,000 users, including passwords in clear text, messages and attachments from Inboxes, SMS and fax […]

Feline Secure?

(Wednesday April 08, 2020)
When there's a will, there's a way.

The Magic in Hacking - Exploit Development - 0x00sec

(Wednesday April 08, 2020)
The Magic in Hacking While wandering around the various amazing topics in this forum, I noticed a lack of one of the subjects I enjoy the most - exploit development (last post was more than a month ago). I decided to wr…

‘Fake Fingerprints’ Bypass Scanners with 3D Printing

(Wednesday April 08, 2020)
New research used 3D printing technology to bypass fingerprint scanners, and tested it against Apple, Samsung and Microsoft mobile products.

COVID-19 CISO Checklist for Securing a Remote Workforce

(Wednesday April 08, 2020)
The CISO Checklist for Secure Remote Working was built to assist CISOs in navigating through COVID-19, providing them with a concise, high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times.

New Imperva Framework: Accelerating the development of large scale solutions with “Stepping”

(Wednesday April 08, 2020)
Handling large amounts of data at scale is a common task in the high-tech industry nowadays. To address this challenge many frameworks have been developed and made publicly available such as distributed messaging queues, distributed databases, lightweight protocols and caching servers, among others. These tools and frameworks are already part of the toolkit of any […] The post New Imperva Framework: Accelerating the development of large scale solutions with “Stepping” [https://www.imperva.com/blog/new-imperva-framework-accelerating-the-development-of-large-scale-solutions/] appeared...

AA20-099A: COVID-19 Exploited by Malicious Cyber Actors

(Wednesday April 08, 2020)
Original release date: April 8, 2020 SUMMARY THIS IS A JOINT ALERT FROM THE UNITED STATES DEPARTMENT OF HOMELAND SECURITY (DHS) CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY (CISA) AND THE UNITED KINGDOM’S NATIONAL CYBER SECURITY CENTRE (NCSC). This alert provides information on exploitation by cybercriminal and advanced persistent threat (APT) groups of the current coronavirus disease 2019 (COVID-19) global pandemic. It includes a non-exhaustive list of indicators of compromise (IOCs) for detection as well as mitigation advice. Both CISA and NCSC are seeing a growing use of...

Update Firefox again – more RCEs and an Android “takeover” bug too

(Wednesday April 08, 2020)
Hot on the heels of Firefox's emergency update over the weekend are the four-weekly fixes that Mozilla had in train already. Get 'em now!

Microsoft project proposed to aid Linux IoT code integrity

(Wednesday April 08, 2020)
Imagine a computer user from 2010 dreaming of a world in which Microsoft is not only an enthusiastic proponent of open source software but actively contributes to it with its own ideas. The time is now.

Dark Nexus: A New Emerging IoT Botnet Malware Spotted in the Wild

(Wednesday April 08, 2020)
Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage 'distributed denial-of-service' attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services. The botnet, named "dark_nexus" by Bitdefender researchers, works by employing credential stuffing attacks against a variety of devices, such as

As if the world couldn’t get any weirder, this AI toilet scans your anus to identify you

(Wednesday April 08, 2020)
It's what the researchers call "A mountable toilet system for personalized health monitoring via the analysis of excreta."

Is Costco sending you freebies and stimulus checks? No, it’s just another petty scam.

(Wednesday April 08, 2020)
Last week, the FBI announced that fraudsters are sending out bogus text messages offering stimulus checks or packages to loyal Costco customers. Consumers all across the U.S. should be aware that Costco Wholesale is not giving out stimulus checks or other goodies to customers. Scammers most likely modelled this scheme around the previous government grant […]

The Cybersecurity Maturity Model Certification explained: What defense contractors need to know

(Wednesday April 08, 2020)
WHAT IS THE CMMC? The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. The CMMC is the DoD's response to significant compromises of sensitive defense information located on contractors' information systems. The US Department of Defense (DoD) released the much-anticipated on January 31, 2020. It was drafted with significant input from University Affiliated Research Centers, Federally Funded Research and Development Centers, and...

Microsoft Threat Protection: What security and IT admins need to know

(Wednesday April 08, 2020)
I have a love/hate relationship with Microsoft Threat Protection (MTP). I absolutely love the concept, the platform and the pieces that make up MTP. It gives you a single-pane view of everything from the users’ systems all the way to Azure cloud assets. Microsoft Threat Protection consists of Microsoft Defender Advanced Threat Protection (ATP), Microsoft Office 365 ATP, Microsoft Cloud App Security and Azure ATP.(Insider Story)

Episode 7: Security in a time of crisis

(Wednesday April 08, 2020)
The biggest risk from the scramble to move to remote work at scale will likely be an increase in data exposed from misconfigured cloud storage buckets, says Christopher Burgess, a writer and speaker on security issues and former senior security adviser to Cisco. “You can choke a horse on the number of AWS storage regimes that have been misconfigured to allow the general public into data. Pick an industry and they’ve been affected by it.” But Burgess sees a silver lining outcome from the current crisis: “I think we’re going to also see a great deal of clever innovation on...

NASA sees increasing malicious activity due to pandemic

(Wednesday April 08, 2020)
NASA has seen “significantly increasing” malicious activity from both nation-state hackers and cybercriminals targeting the US space agency’s systems and personnel working from home during the COVID-19 pandemic. Mitigation tools and measures set in place by NASA’s Security Operations Center (SOC) successfully blocked a wave of cyberattacks, the agency reporting double the number of phishing […] The post NASA sees increasing malicious activity due to pandemic [https://www.itsecurityguru.org/2020/04/08/nasa-under-attack/] appeared first on IT Security Guru...

Google addresses issue with Face Unlock

(Wednesday April 08, 2020)
Google has addressed a security concern with the Face Unlock system on its Pixel 4 smartphones, more than five months after the devices went on sale. In October 2019, a BBC News test found the Face Unlock system allowed access to a person’s device even if they had their eyes closed. Security researchers criticised the […] The post Google addresses issue with Face Unlock [https://www.itsecurityguru.org/2020/04/08/google-addresses-issue-with-face-unlock/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

US Stimulus Checks Targeted by Scammers

(Wednesday April 08, 2020)
In the latest sorry COVID-19 scam, fraudsters are impersonating financial institutions to steal from Americans expecting stimulus checks from the US federal government. Following the outbreak of the novel coronavirus, many Americans have been furloughed, fired, or had their hours or workload reduced as businesses across the country closed and lockdown measures were implemented. To […] The post US Stimulus Checks Targeted by Scammers [https://www.itsecurityguru.org/2020/04/08/us-stimulus-checks-targeted-by-scammers/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

xHelper Malware Re-Installs After Factory Reset

(Wednesday April 08, 2020)
A mysterious piece of Android malware that re-installs itself on infected devices even after users delete it or factory reset their devices—making it nearly impossible to remove. xHelper reportedly infected over 45,000 devices last year, and since then, cybersecurity researchers have been trying to unfold how the malware survives factory reset and how it infected […] The post xHelper Malware Re-Installs After Factory Reset [https://www.itsecurityguru.org/2020/04/08/xhelper-malware-re-installs-after-factory-reset/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

Malware Concealed Under SSL Certificates

(Wednesday April 08, 2020)
Cybercriminals are increasingly relying on SSL certificates to lull people into a false sense of security when clicking malicious links. The assumption that HTTPS links and the accompanying lock icon protect employees from attack can threaten businesses without sufficient SSL inspection. Nearly 52% of the top 1 million websites were available over HTTPS in 2019, […] The post Malware Concealed Under SSL Certificates [https://www.itsecurityguru.org/2020/04/08/malware-concealed-under-ssl-certificates/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

New, rapidly evolving IoT botnet Dark Nexus targets wide variety of devices

(Wednesday April 08, 2020)
Security researchers are tracking a new . ] According to developer who advertises distributed denial-of-service (DDoS) services on YouTube and other social media websites.

Tale of two hypervisor bugs - Escaping from FreeBSD bhyve

(Wednesday April 08, 2020)
Phrack staff website.

Universally Evading Sysmon and ETW

(Wednesday April 08, 2020)
latest release are both available. Sysmon and windows event log are both extremely powerful tools in a defender's arsenal. Their very flexible configurations insight into the activity on endpoints, making the process of detecting attackers a lot easier. It's for this reason that I'm going to lead you through my journey in defeating them ;) There's been some great research into this by xpn Their solutions are both good but don't quite reach my needs of a fully universal bypass. Metterpreter's...

How Cyber Adversaries are Adapting to Exploit the Global Pandemic

(Wednesday April 08, 2020)
HOW CYBER ADVERSARIES ARE ADAPTING TO EXPLOIT THE GLOBAL PANDEMIC Threat actors pivot their tactics to exploit perceived COVID-19 information vacuums, increased reliance on remote conferencing platforms, and victims’ fears. Threat actors pivot their tactics to exploit perceived COVID-19 information vacuums, increased reliance on remote conferencing platforms, and victims’ fears.

Privacy & Digital-Rights Experts Worry Contact-Tracing Apps Lack Limits

(Tuesday April 07, 2020)
Mobile-phone-based tracking of people can help fight pandemics, but privacy and security researchers stress that it needs to be done right.

Chinese APT Groups Targeted Enterprise Linux Systems in Decade-Long Data Theft Campaign

(Tuesday April 07, 2020)
Organizations across multiple industries compromised in a systematic effort to steal IP and other sensitive business data, BlackBerry says.

Cybercriminals Hide Malware & Phishing Sites Under SSL Certificates

(Tuesday April 07, 2020)
More than half of the top 1 million websites use HTTPS, researchers report, but not all encrypted traffic is safe.

The Edge Names 'Holy Cow' Cartoon Caption Winners

(Tuesday April 07, 2020)
What can cows possibly have to do with cybersecurity?

CryptoHack - A fun challenge platform for learning cryptography

(Tuesday April 07, 2020)
A fun platform to learn about cryptography through solving challenges and cracking insecure code. Can you reach the top of the leaderboard?

Global Internet Traffic Spiking? Add Bandwidth with Cisco’s Flexible Consumption Model

(Tuesday April 07, 2020)
With a third of the world’s population on Coronavirus lockdown, the Internet has become their de facto connection to the outside world. Spikes in Internet traffic have been dramatic, and service providers are publicly reporting traffic increases ranging from 30% to 60%. The post Global Internet Traffic Spiking? Add Bandwidth with Cisco’s Flexible Consumption Model [https://blogs.cisco.com/news/global-internet-traffic-spiking-add-bandwidth-with-ciscos-flexible-consumption-model] appeared first on Cisco Blogs [https://blogs.cisco.com].

Serious Exchange Flaw Still Plagues 350K Servers

(Tuesday April 07, 2020)
The Microsoft Exchange vulnerability was patched in February and has been targeted by several threat groups.

Scanner of Default Logins in Administrative Web Interfaces

(Tuesday April 07, 2020)
default-http-login-hunter.sh is a tool capable of checking more then 380 web interfaces for default credentials. It is based on NNdefaccts alternate fingerprint dataset.

How Do I Make Sure My Work-From-Home Users Install Updates?

(Tuesday April 07, 2020)
Most enterprise endpoint solutions will support policies to enforce recommended updates.

Mature DevOps Teams Are Secure DevOps Teams

(Tuesday April 07, 2020)
New research shows the relationship between mature DevOps processes, secure applications, and happy developers.

BrandPost: How to Prioritize Application Security Flaws

(Tuesday April 07, 2020)
Volume 10 of the Veracode “State of Software Security” report makes one fact abundantly clear: there’s no shortage of security flaws to be fixed in the applications we use every day. So many, in fact, that it’s virtually impossible to address them all, which raises the question: how do you prioritize which flaws to fix? The numbers are mind-boggling. For the 10th edition of its report, Veracode looked at scans of 85,000 applications from its cloud-based software security testing platform (up from fewer than 1,600 in Volume 1 of the report). It found more than 4 out of 5 (83%) of...

The Coronavirus & Cybersecurity: 3 Areas of Exploitation

(Tuesday April 07, 2020)
Criminal, political, and strategic factors are combining to create a perfect storm of cyber infections that target the global supply chain.

Offensive OSINT s01e01 - OSINT & RDP

(Tuesday April 07, 2020)
Credential stuffing usually reminds of accessing other services due to compromised victim's credentials. In most cases after massive password dump, cybercriminals test this same pair of username and password in other popular platforms like Facebook, Spotify, Netflix etc. It was the subject of my last year research, you can read more about credential stuffing below. Advanced credential stuffing with PEPE Script parses Pastebin email:password dumps and collects information about each email...

Not just another BGP Hijack

(Tuesday April 07, 2020)
April 6, 2020 by Aftab Siddiqui On 1 April 2020, many networks witnessed a massive BGP hijack by post, we’ll dig into the details of this routing incident and explain why implementing strict network filtering practices and a secure and resilient global Internet routing system. BGP hijacks are sadly common, but most are very short-lived and don’t create service disruptions on a global level. Most (not all) routing incidents happen because of configuration mistakes, but as we have learned...

xHelper: The Russian Nesting Doll of Android Malware

(Tuesday April 07, 2020)
Ultimately delivering the Triada payload, xHelper goes to great lengths to become virtually indestructible once installed on a smartphone.

FIN6 and TrickBot Combine Forces in ‘Anchor’ Attacks

(Tuesday April 07, 2020)
FIN6 fingerprints were spotted in recent cyberattacks that initially infected victims with the TrickBot trojan, and then eventually downloaded the Anchor backdoor malware.

TAO Open Source Assessment Platform 3.3.0 RC2 Cross Site Scripting

(Tuesday April 07, 2020)
TAO Open Source Assessment Platform version 3.3.0 RC2 suffers from multiple cross site scripting vulnerabilities.

One Identity Offers Free Privileged Session Management Capability to Support Critical Infrastructure Providers

(Tuesday April 07, 2020)
As emergency services, public health organisations, utilities and other critical organisations rush to enable as many remote workers as possible, best practices for keeping users secure have understandably become an ongoing challenge. Any organisation relies on privileged IT users to configure systems and perform vital functions so their enterprise stays up and running. If this […] The post One Identity Offers Free Privileged Session Management Capability to Support Critical Infrastructure Providers [https://www.itsecurityguru.org/2020/04/07/one-identity-offers-free-privileged-session-manag

Ubuntu Security Notice USN-4322-1

(Tuesday April 07, 2020)
Ubuntu Security Notice 4322-1 - It was discovered that GnuTLS incorrectly handled randomness when performing DTLS negotiation. A remote attacker could possibly use this issue to obtain sensitive information, contrary to expectations.

Red Hat Security Advisory 2020-1358-01

(Tuesday April 07, 2020)
Red Hat Security Advisory 2020-1358-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include an out of bounds access vulnerability.

Red Hat Security Advisory 2020-1360-01

(Tuesday April 07, 2020)
Red Hat Security Advisory 2020-1360-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include an out of bounds access vulnerability.

Ubuntu Security Notice USN-4321-1

(Tuesday April 07, 2020)
Ubuntu Security Notice 4321-1 - Felix Wilhelm discovered that HAProxy incorrectly handled certain HTTP/2 requests. An attacker could possibly use this to execute arbitrary code.

Red Hat Security Advisory 2020-1276-01

(Tuesday April 07, 2020)
Red Hat Security Advisory 2020-1276-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2020-1372-01

(Tuesday April 07, 2020)
Red Hat Security Advisory 2020-1372-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

71% of Security Pros See Threats Jump Since COVID-19 Outbreak

(Tuesday April 07, 2020)
Phishing is the top threat, followed by websites offering false information about the pandemic, malware, and ransomware attacks.

Mobile security—the 60 percent problem

(Tuesday April 07, 2020)
What percentage of endpoints in your organization are currently protected? The post Mobile security—the 60 percent problem [https://www.microsoft.com/security/blog/2020/04/07/mobile-security-60-percent-problem/] appeared first on Microsoft Security.

Conceptual Attack Graphs - How to create and present them

(Tuesday April 07, 2020)
Posted on Apr 6, 2020 #presentations CONCEPTUAL ATTACK GRAPHS One question that I have gotten a few times about “Cybersecurity Attacks - Red Team Strategies” is around the conceptual attack graphs in “Chapter 3, Measuring an Offensive Security Program”. Specifically, how I create them. In this post I will briefly go over some of the reasons for creating them, and also how I create them and share a template for others to use and adjust. I’m not a graphic designer, so I’m sure...

Phishing and Malware Attacks Against NASA Employees Have Doubled

(Tuesday April 07, 2020)
NASA’s Security Operations Center (SOC) experts have issued a warning regarding  a growing trend toward phishing attempts, malware attacks, or just people accessing malicious sites. Many NASA employees have started to work from home, just like numerous other employees throughout the world. And, just like everyone else, they are now more exposed to phishing attempts […]

Zoom Fixes Issues with Traffic Routed through Chinese Servers, Promises Better Encryption

(Tuesday April 07, 2020)
An investigation by Citizen Lab underlined a few security issues of teleconferencing application Zoom, on all platforms, and the company was quick to promise sweeping changes that would make Zoom more secure and transparent. Two major issues were brought up by Citizen Lab, one related to traffic between Zoom participants being rerouted through Chinese servers, […]

Using Application Telemetry to Reveal Insider & Evasive Threats

(Tuesday April 07, 2020)
Data from application processes and other systems leave a trail of threat crumbs that can be used to detect and shut down attacks.

Official Government COVID-19 Apps Hide a Raft of Threats

(Tuesday April 07, 2020)
Android apps launched for citizens in Iran, Colombia and Italy offer cyberattackers new attack vectors.

Unveiled: How xHelper Android Malware Re-Installs Even After Factory Reset

(Tuesday April 07, 2020)
Remember xHelper? A mysterious piece of Android malware that re-installs itself on infected devices even after users delete it or factory reset their devices—making it nearly impossible to remove. xHelper reportedly infected over 45,000 devices last year, and since then, cybersecurity researchers have been trying to unfold how the malware survives factory reset and how it infected so many

Europol and Singapore Police arrest suspect behind €6 million Coronavirus money laundering scheme

(Tuesday April 07, 2020)
As the cybercrime landscape continues to expand amid the Coronavirus pandemic, governments around the world have joined forces to fight the rising criminal activity. In a press release from April 6, Europol announced that a 39-year old man suspected of a €6 million medical equipment scam was arrested in Singapore. According to authorities, the suspect […]

Scam alert: UK citizens receive fake text messages amid lockdown. If you plan to leave the house, you better pay up.

(Tuesday April 07, 2020)
New scams taking advantage of the current lockdown are popping up daily. According to Richmond Council leaders, fraudsters have a new trick up their sleeve – “fines” for not respecting social distancing measures. Following the UK’s government’s announcement informing citizens to stay at home to reduce the spread of Covid-19, three new measures were introduced: […]

Microsoft Buys Corp.com So Bad Guys Can’t

(Tuesday April 07, 2020)
In February, KrebsOnSecurity told the story of a private citizen auctioning off the dangerous domain corp.com for the starting price of $1.7 million. Domain experts called corp.com dangerous because years of testing have shown whoever wields it would have access to an unending stream of passwords, email and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe. This week, Microsoft Corp. agreed to buy the domain in a bid to keep it out of the hands of those who might abuse its awesome power.