] The Mad Hacker [

online
mad hacker

Collecting all the news about Cybersecurity, computer security, cracking, hacking, infosec, netsec, & security vunerabilities in one convenient place

Whitehat, greyhat, blackhat, tinker, tailor, solider, spy
We trawl the web so you don't have to
Since 2000

the mad hacker overlay

Cyber espionage by Chinese hackers in neighbouring nations is on the rise

(Saturday June 19, 2021)
A string of cyber espionage campaigns dating all the way back to 2014 and focused on gathering military intelligence from neighbouring countries have been linked to a Chinese military-intelligence apparatus. In a wide-ranging report published by Massachusetts-headquartered Recorded Future this week, the cybersecurity firm's Insikt Group said it identified ties between a group it tracks as "

North Korea Exploited VPN Flaw to Hack South's Nuclear Research Institute

(Saturday June 19, 2021)
South Korea's state-run Korea Atomic Energy Research Institute (KAERI) on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion is said to have taken place on May 14 through a vulnerability in an unnamed virtual private network (VPN) vendor and involved a total of 13 IP addresses, one of which — "27.102.114[.]89

Russia bans VyprVPN, Opera VPN services for not complying with blacklist request

(Saturday June 19, 2021)
Russia's telecommunications and media regulator Roskomnadzor (RKN) on Thursday introduced restrictions on the operation of VyprVPN and Opera VPN services in the country. "In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, pro-narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN and

Weekly Update 248

(Saturday June 19, 2021)
Thought Id do a bit of AMA this week given the rest of the content was a bit lighter. If you like this sort of content then Ill try and be a bit more organised next time, give some notice and make more of an event

Attackers Find New Way to Exploit Google Docs for Phishing

(Friday June 18, 2021)
Tactic continues recent trend by attackers to use trusted cloud services to send and host malicious content.

This Week in Database Leaks: Cognyte, CVS, Wegmans

(Friday June 18, 2021)
Billions of records were found exposed this week due to unprotected databases owned by major corporations and third-party providers.

Accidental Insider Leaks Prove Major Source of Risk

(Friday June 18, 2021)
Research reports highlight growing concerns around insider negligence that leads to data breaches.

Can *YOU* blow a PC speaker using only a Linux kernel driver?

(Friday June 18, 2021)
Can you help? There's a hidden meaning here, and it's time to find it!

11 Security Certifications to Seek Out This Summer

(Friday June 18, 2021)
The more you know, the more you grow. The Edge takes a fresh look at leading security certifications that can help advance your career.

Microsoft announces recipients of academic grants for AI research on combating phishing

(Friday June 18, 2021)
Congratulations to the winners of the Microsoft Security AI RFP, which called for AI research on the threat of phishing and approaches for defending against it. We cannot wait to work with you to invent the future of security together. The post Microsoft announces recipients of academic grants for AI research on combating phishing [https://www.microsoft.com/security/blog/2021/06/18/microsoft-announces-recipients-of-academic-grants-for-ai-research-on-combating-phishing/] appeared first on Microsoft Security Blog.

What’s Making Your Company a Ransomware Sitting Duck

(Friday June 18, 2021)
What's the low-hanging fruit for ransomware attackers? What steps could help to fend them off, and what’s stopping organizations from implementing those steps?

Repairmen suspected of installing ransomware on customers’ PCs. Arrests in South Korea

(Friday June 18, 2021)
Authorities in South Korea have filed charges against employees at a computer repair store. What are the nine charged employees of the company alleged to have done? Created and installed ransomware onto the computers of their customers, netting more than 360 million won (approximately US $320,000.) Read more in my article on the Hot for Security blog.

Carnival Cruise Cyber-Torpedoed by Cyberattack

(Friday June 18, 2021)
This is the fourth time in a bit over a year that Carnival’s admitted to breaches, with two of them being ransomware attacks.

Infographic: How Do You Stop Bad Bots?

(Friday June 18, 2021)
According to Imperva’s Bad Bot Report 2021, bad bot traffic has maintained its upwards trend, amounting to 25.6 percent of all traffic in 2020, an all-time high. Combined with good bot traffic, 40.8 percent of internet traffic in 2020 wasn’t human, as human traffic decreased by 5.7 percent to 59.2 percent of all traffic. In […] The post Infographic: How Do You Stop Bad Bots? [https://www.imperva.com/blog/infographic-how-do-you-stop-bad-bots/] appeared first on Blog [https://www.imperva.com/blog].

4 Habits of Highly Effective Security Operators

(Friday June 18, 2021)
These good habits can make all the difference in advancing careers for cybersecurity operators who spend their days putting out fires large and small.

Insider Versus Outsider: Navigating Top Data Loss Threats

(Friday June 18, 2021)
Troy Gill, manager of security research at Zix, discusses the most common ways sensitive data is scooped up by nefarious sorts.

Malware prevents its victims from going to illegal download sites

(Friday June 18, 2021)
© Pirate Bay In a report, SophosLab said it learned of the existence of malware intended to prevent its victims from downloading illegally. Active between October 2020 and January 2021, this malware was content to change the HOSTS file of its victims to prevent them from going to The Pirate Bay and its mirrors. Malware... original Report author Andrew…

BrandPost: Harness the Power of Predictive Analytics to Protect Your Endpoints

(Friday June 18, 2021)
In today’s distributed-workforce environment, employees are scattered here, there, and everywhere — and so are their PCs. Making sure devices stay up and running is more critical, and more challenging, than ever before. With , powered by the TechPulse1 platform, you proactively find and prevent issues now, so they don’t cause employee downtime later. The cloud-based TechPulse platform powers many HP service offerings, going beyond just data to provide relevant, AI-driven insights that guide better decision-making: * Aggregates critical data from your endpoint devices...

‘Oddball’ Malware Blocks Access to Pirated Software

(Friday June 18, 2021)
Rather than steal credentials or hold data for ransom, a recent campaign observed by Sophos prevents people from visiting sites that offer illegal downloads.

BrandPost: Protect Against Malicious Document and File Downloads

(Friday June 18, 2021)
To do their jobs, users need to be able to download files from external sources. People tend to click on shared documents quickly, averaging less than four minutes from the time they hit the inbox. Malicious downloads enter the organization in many ways, including: * Web browsing * Clicking on shared links * Installing programs * Initiating FTP file transfers Malicious downloads are particularly effective because bad websites are so abundant, short-lived, and contain content that changes frequently to avoid accurate categorization; with unique and polymorphic malware that evade...

First American Financial Pays Farcical $500K Fine

(Friday June 18, 2021)
In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. [NYSE:FAF] was leaking more than 800 million documents -- many containing sensitive financial data -- related to real estate transactions dating back more than 16 years. This week, the U.S. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000.

BrandPost: Prevent Credential Theft

(Friday June 18, 2021)
Phishing attacks are the most common source of cybersecurity breaches in business today, and employee credentials are a top target for these malicious actors. That’s because they are the key to unlocking many of the other security protocols put in place to protect your business. A correct user name and password combination is often all that stands between a cybercriminal and a company’s valuable intellectual property. Spear phishing is particularly effective because it often exploits a positive behavior – the person’s desire to comply with security policies by providing or updating...

2 Factor Authentication: The Tester’s Edition

(Friday June 18, 2021)
For better safety and security, many applications now use 2 factor authentication. Here is an article on how to test it as well as automate it.

Faux ‘DarkSide’ Gang Takes Aim at Global Energy, Food Sectors

(Friday June 18, 2021)
A DarkSide doppelganger mounts a fraud campaign aimed at extorting nearly $4 million from each target.

Threat Actors Spread Agent Tesla Disguised as COVID-19 Vaccination Registration

(Friday June 18, 2021)
A recent phishing campaign targeting Windows machines is attempting to infect users with one of the most recent versions of the Agent Tesla remote access Trojan (RAT). The malicious campaign, spotted by the Bitdefender Antispam Lab, tries to deliver the malicious payload under the guise of a COVID-19 vaccination schedule that comes as an attachment.  […]

Make the Internet a Better, Safer Place on Stop Cyberbullying Day

(Friday June 18, 2021)
Stop Cyberbullying Day has been promoting good digital citizenship practices for more than a decade to make the digital world a better and more welcoming place for everyone. This year, we’re reminded of the challenges and risks children and teens face when using digital technologies. Stuck at home during the pandemic, kids have turned to […]

Google Releases New Framework to Prevent Software Supply Chain Attacks

(Friday June 18, 2021)
As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications.  Called "Supply chain Levels for Software Artifacts" (SLSA, and pronounced "salsa"), the end-to-end framework aims to secure the software development and

Fake Ledger devices mailed out in attempt to steal from cryptocurrency fans

(Friday June 18, 2021)
Received a replacement Ledger cryptocurrency wallet through the post following the service's data breach? Be on your guard... Read more in my article on the Hot for Security blog.

10 old software bugs that took way too long to squash

(Friday June 18, 2021)
In 2021, a vulnerability was revealed in a system that lay at the foundation of modern computing. An attacker could force the system to execute arbitrary code. Shockingly, the vulnerable code was almost 54 years old—and there was no patch available, and no expectation that one would be forthcoming.(Insider Story)

Bypassing 2FA using OpenID Misconfiguration

(Friday June 18, 2021)
Posted on Jun 11, 2021 Two factor authentication is rapidly becoming a norm in all authentication systems, however faulty implementation can often times render the defense mechanism useless. There's plenty of write-ups going through vulnerabilities such as missing rate limits, improper access controls and token leakage, but this short write-up will present a unique bypass caused by a misconfiguration in an OpenID implementation. The target was a company with over 50 worldwide brands, with a lot...

Scapy Turned 18. Boy They Grow Up Fast, Don’t They!

(Friday June 18, 2021)
JavaScript не е активиран в браузъра ви, така че този файл не може да бъде отворен. Активирайте и презаредете.

[eBook] 7 Signs You Might Need a New Detection and Response Tool

(Friday June 18, 2021)
It's natural to get complacent with the status quo when things seem to be working. The familiar is comfortable, and even if something better comes along, it brings with it many unknowns. In cybersecurity, this tendency is countered by the fast pace of innovation and how quickly technology becomes obsolete, often overnight. This combination usually results in one of two things – organizations

Update‌ ‌Your Chrome Browser to Patch Yet Another 0-Day Exploit‌ed ‌in‌-the‌-Wild

(Friday June 18, 2021)
Google has rolled out yet another update to Chrome browser for Windows, Mac, and Linux to fix four security vulnerabilities, including one zero-day flaw that's being exploited in the wild. Tracked as CVE-2021-30554, the high severity flaw concerns a use after free vulnerability in WebGL (aka Web Graphics Library), a JavaScript API for rendering interactive 2D and 3D graphics within the browser.

Molerats Hackers Return With New Attacks Targeting Middle Eastern Governments

(Friday June 18, 2021)
A Middle Eastern advanced persistent threat (APT) group has resurfaced after a two-month hiatus to target government institutions in the Middle East and global government entities associated with geopolitics in the region in a rash of new campaigns observed earlier this month. Sunnyvale-based enterprise security firm Proofpoint attributed the activity to a politically motivated threat actor it

Data Breaches Surge in Food & Beverage, Other Industries

(Thursday June 17, 2021)
Six previously "under-attacked" vertical industries saw a surge in data breaches last year due to COVID-19 related disruptions and other factors, new data shows.

Bypassing Image Load Kernel Callbacks - @MDSecLabs

(Thursday June 17, 2021)
Load Kernel Callbacks As security teams continue to advance, it has become essential for attacker’s to have complete control over every part of their operation, from the infrastructure down to individual actions that occur on the endpoint. Even with this in mind, image load events have always been something I’ve tried to ignore despite the extensive view they can give into the actions on an endpoint. This was simply because they occur from inside the kernel, so there’s nothing a...

One in Five Manufacturing Firms Targeted by Cyberattacks

(Thursday June 17, 2021)
Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.

Carnival Cruise Line Reports Security Breach

(Thursday June 17, 2021)
The cruise ship operator says the incident affected employee and guest data.

Google Launches SLSA, a New Framework for Supply Chain Integrity

(Thursday June 17, 2021)
The "Supply chain Levels for Software Artifacts" aims to ensure the integrity of components throughout the software supply chain.

Clop Raid: A Big Win in the War on Ransomware?

(Thursday June 17, 2021)
Cops arrest six, seize cars and cash in splashy raid, and experts are applauding.

S3 Ep37: Quantum crypto, refunding Bitcoins, and Alpaca problems [Podcast]

(Thursday June 17, 2021)
Latest episode - listen now!

Cisco Smart Switches Riddled with Severe Security Holes

(Thursday June 17, 2021)
The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations.

Ubuntu Security Notice USN-4991-1

(Thursday June 17, 2021)
Ubuntu Security Notice 4991-1 - Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or possibly cause libxml2 to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. Zhipeng Xie discovered that libxml2 incorrectly handled certain XML schemas. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. Various other issues were also...

Red Hat Security Advisory 2021-2479-01

(Thursday June 17, 2021)
Red Hat Security Advisory 2021-2479-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a cross site scripting vulnerability.

Ubuntu Security Notice USN-4990-1

(Thursday June 17, 2021)
Ubuntu Security Notice 4990-1 - It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. It was discovered that Nettle incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

Windows Kerberos AppContainer Enterprise Authentication Capability Bypass

(Thursday June 17, 2021)
Kerberos supports a security buffer to set the target SPN of a ticket bypassing the SPN check in LSASS.

Red Hat Security Advisory 2021-2476-01

(Thursday June 17, 2021)
Red Hat Security Advisory 2021-2476-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.11.0 serves as an update to Red Hat Decision Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed...

Trojan.Win32.Alien.erf Directory Traversal

(Thursday June 17, 2021)
Trojan.Win32.Alien.erf malware suffers from a directory traversal vulnerability.

Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution

(Thursday June 17, 2021)
The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user supplied data. This can be leveraged by an attacker to leak sensitive information in rendered-preview content. This module will leak the ViewState validation key and then use it to sign a crafted object that will trigger code execution when deserialized. Tested against SharePoint 2019 and SharePoint 2016, both on Windows Server 2016.

Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution

(Thursday June 17, 2021)
This Metasploit module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user.

Dup Scout 13.5.28 Unquoted Service Path

(Thursday June 17, 2021)
Dup Scout version 13.5.28 suffers from an unquoted service path vulnerability.

Red Hat Security Advisory 2021-2475-01

(Thursday June 17, 2021)
Red Hat Security Advisory 2021-2475-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.11.0 serves as an update to Red Hat Process Automation Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML...

Trojan.Win32.Alien.erf Buffer Overflow

(Thursday June 17, 2021)
Trojan.Win32.Alien.erf malware suffers from a buffer overflow vulnerability.

Unified Office Total Connect Now 1.0 SQL Injection

(Thursday June 17, 2021)
Unified Office Total Connect Now version 1.0 suffers from a remote SQL injection vulnerability.

Samsung NPU npu_session_format Out-Of-Bounds Write

(Thursday June 17, 2021)
Samsung NPU (Neural Processing Unit) suffers from an out-of-bounds write vulnerability in npu_session_format.

Red Hat Security Advisory 2021-2472-01

(Thursday June 17, 2021)
Red Hat Security Advisory 2021-2472-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Issues addressed include null pointer and use-after-free vulnerabilities.

Red Hat Security Advisory 2021-2469-01

(Thursday June 17, 2021)
Red Hat Security Advisory 2021-2469-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.

How to hack a bicycle – Peloton Bike+ rooting bug patched

(Thursday June 17, 2021)
It's a bike, Jim, but not as we know it.

VeryFitPro 3.2.8 Insecure Transit

(Thursday June 17, 2021)
VeryFitPro version 3.2.8 sends unencrypted cleartext transmission of sensitive information.

VX Search 13.5.28 Unquoted Service Path

(Thursday June 17, 2021)
VX Search version 13.5.28 suffers from an unquoted service path vulnerability.

Red Hat Security Advisory 2021-2471-01

(Thursday June 17, 2021)
Red Hat Security Advisory 2021-2471-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37...

Zoho ManageEngine ServiceDesk Plus 9.4 User Enumeration

(Thursday June 17, 2021)
Zoho ManageEngine ServiceDesk Plus version 9.4 suffers from a user enumeration vulnerability.

Red Hat Security Advisory 2021-2467-01

(Thursday June 17, 2021)
Red Hat Security Advisory 2021-2467-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.

Trojan.Win32.Alien.erf Denial Of Service

(Thursday June 17, 2021)
Trojan.Win32.Alien.erf malware suffers from a denial of service vulnerability.

Workspace ONE Intelligent Hub 20.3.8.0 Unquoted Service Path

(Thursday June 17, 2021)
Workspace ONE Intelligent Hub version 20.3.8.0 suffers from an unquoted service path vulnerability.

Red Hat Security Advisory 2021-2461-01

(Thursday June 17, 2021)
Red Hat Security Advisory 2021-2461-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues....

Penetration Testing Web Storage (User Experience)

(Thursday June 17, 2021)
Whitepaper called Penetration Testing Web Storage (User Experience). Written in Arabic.

Ubuntu Security Notice USN-4989-2

(Thursday June 17, 2021)
Ubuntu Security Notice 4989-2 - USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Various other issues were also addressed.

Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes

(Thursday June 17, 2021)
An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft's native email controls.

Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?

(Thursday June 17, 2021)
Consider four factors and behaviors that impact a particular employee's risk, and how security training should take them into account.

CVS Health Records for 1.1 Billion Customers Exposed

(Thursday June 17, 2021)
A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration.

Certified Pre-Owned: Abusing Active Directory Certificate Services

(Thursday June 17, 2021)
TL;DR Active Directory Certificate Services has a lot of attack potential! Check out our whitepaper “Certified Pre-Owned: Abusing Active Directory Certificate Services” for complete details. We’re…

CLOP ransomware suspects charged by police in Ukraine

(Thursday June 17, 2021)
Six people alleged to be part of the notorious CLOP ransomware gang have been detained and charged by Ukrainian police, following nearly two dozen raids across the country. Read more in my article on the Tripwire State of Security blog.

Lessons Learned from 100 Data Breaches: Part 4, Trends in Average Volumes of Stolen Records

(Thursday June 17, 2021)
Imperva research shows an increase in the volume of data stolen every year. In 2020, we started to see more and more breaches that exfiltrate records in billions. Based on the analysis of thousands of data breach details published on dbdigest, we made calculations on the raw data and found some interesting information about data […] The post Lessons Learned from 100 Data Breaches: Part 4, Trends in Average Volumes of Stolen Records [https://www.imperva.com/blog/lessons-learned-from-100-data-breaches-part-4-trends-in-average-volumes-of-stolen-records/] appeared first on Blog...

Improve your threat detection and response with Microsoft and Wortell

(Thursday June 17, 2021)
Managed detection and response services to reduce alert fatigue, mitigate attacks, and gain proactive threat hunting capabilities. The post Improve your threat detection and response with Microsoft and Wortell [https://www.microsoft.com/security/blog/2021/06/17/improve-your-threat-detection-and-response-with-microsoft-and-wortell/] appeared first on Microsoft Security Blog.

Report: Active Directory Certificate Services a big security blindspot on enterprise networks

(Thursday June 17, 2021)
As the core of Windows enterprise networks, Active Directory, the service that handles user and computer authentication and authorization, has been well studied and probed by security researchers for decades. Its component, however, has not received the same level of scrutiny and, according to a team of researchers, deployments are rife with serious configuration mistakes that can lead to account and domain-level privilege escalation and compromise. [ Check out . ]

Mission Critical: What Really Matters in a Cybersecurity Incident

(Thursday June 17, 2021)
The things you do before and during a cybersecurity incident can make or break the success of your response.

Threat Actors Use Google Docs to Host Phishing Attacks

(Thursday June 17, 2021)
Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials.

Smashing Security podcast #232: Zoomolympics and language matters

(Thursday June 17, 2021)
Video gaming giant Electronic Arts suffers a hack following slack security, the Japanese Olympics are proving unpopular with everyone apart from cybercriminals, and le coq est mort. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Biden says 16 sectors should be off limits to attack

(Thursday June 17, 2021)
In a speech on Wednesday, the U.S. President, Joe Biden told the Russian President, that 16 sectors of critical infrastructure should be “off-limits” to attacks, specifically cyberattacks. Unfortunately, analysts believe his efforts to be futile. Robert Golladay, the EMEA and APAC director at Illusive claims that “the fact that one of the leaders of the […] The post Biden says 16 sectors should be off limits to attack [https://www.itsecurityguru.org/2021/06/17/biden-says-16-sectors-should-be-off-limits-to-attack/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

A New Spyware is Targeting Telegram and Psiphon VPN Users in Iran

(Thursday June 17, 2021)
Threat actors with suspected ties to Iran have been found to leverage instant messaging and VPN apps like Telegram and Psiphon to install a Windows remote access trojan (RAT) capable of stealing sensitive information from targets' devices since at least 2015. Russian cybersecurity firm Kaspersky, which pieced together the activity, attributed the campaign to an advanced persistent threat (APT)

Over a billion CVS health records exposed

(Thursday June 17, 2021)
On Thursday, an online database belonging to CVS Health was discovered online. This was the result of another misconfigured cloud service, which can significantly impact security and lead to a massive data leak. The uncovered database was not password-protected and had no security defences in place to prevent access from unauthorised persons. The database was […] The post Over a billion CVS health records exposed [https://www.itsecurityguru.org/2021/06/17/over-a-billion-cvs-health-records-exposed/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

5 biggest healthcare security threats for 2021

(Thursday June 17, 2021)
Cyberattacks targeting the healthcare sector have surged because of the COVID-19 pandemic and the resulting rush to enable remote delivery of healthcare services. Security vendors and researchers tracking the industry have reported a major increase in , web application attacks, and other threats targeting healthcare providers.(Insider Story)

Strengthen Your Password Policy With GDPR Compliance

(Thursday June 17, 2021)
A solid password policy is the first line of defense for your corporate network. Protecting your systems from unauthorized users may sound easy on the surface, but it can actually be quite complicated. You have to balance password security with usability, while also following various regulatory requirements. Companies in the EU must have password policies that are compliant with the General Data

Ukraine Police Arrest Cyber Criminals Behind Clop Ransomware Attacks

(Thursday June 17, 2021)
Ukrainian law enforcement officials on Wednesday announced the arrest of the Clop ransomware gang, adding it disrupted the infrastructure employed in attacks targeting victims worldwide since at least 2019. As part of an international operation between the National Police of Ukraine and authorities from Interpol, Korea, and the U.S., six defendants have been accused of running a double extortion

Researchers Uncover 'Process Ghosting' — A New Malware Evasion Technique

(Thursday June 17, 2021)
Cybersecurity researchers have disclosed a new executable image tampering attack dubbed "Process Ghosting" that could be potentially abused by an attacker to circumvent protections and stealthily run malicious code on a Windows system. "With this technique, an attacker can write a piece of malware to disk in such a way that it's difficult to scan or delete it — and where it then executes the

Public crypto audit report: lurch/OMEMO

(Thursday June 17, 2021)
PDF Document

Using Monday.com's project manager as a command & control server

(Thursday June 17, 2021)
CVE/Research Publications. Contribute to 1d8/publications development by creating an account on GitHub.

Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets

(Thursday June 17, 2021)
As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets. "Ransomware operators often buy access from independent cybercriminal groups who infiltrate major

Critical ThroughTek Flaw Opens Millions of Connected Cameras to Eavesdropping

(Thursday June 17, 2021)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday issued an advisory regarding a critical software supply-chain flaw impacting ThroughTek's software development kit (SDK) that could be abused by an adversary to gain improper access to audio and video streams. "Successful exploitation of this vulnerability could permit unauthorized access to sensitive information, such