Posts

Showing posts from June, 2022

The Hacker News - Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers

A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence said in a series of tweets on Thursday. "The group has actively updated its techniques and payloads from The Hacker News https://thehackernews.com/2022/06/microsoft-warns-of-cryptomining-malware.html

KnowBe4 - Celebrity Crypto Scams Just Keep on Getting Worse

Image
Bloomberg News recently reported  that fake celebrity-endorsed crypto scams have doubled in the UK this year, and on average scammed victims out of $14,540 in stolen value before they realize what happened, which is 65% higher than the average crypto scam theft from the previous year. The article’s source expects celebrity-endorsed crypto scams to increase another 87% next year based on current rising trends. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/celebrity-crypto-scams-just-keep-on-getting-worse

US-CERT - #StopRansomware: MedusaLocker

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2022/06/30/stopransomware-medusalocker

US-CERT - #StopRansomware: MedusaLocker

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/alerts/aa22-181a

Threat Post - ZuoRAT Can Take Over Widely Used SOHO Routers

Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor. from Threatpost https://threatpost.com/zuorat-soho-routers/180113/

Black Hills InfoSec - Talkin’ About Infosec News – 6/27/2022

ORIGINALLY AIRED ON JUNE 27, 2022 Articles discussed in this episode: 02:13 – Story # 1: The #1 Period Tracker on the App Store Will Hand Over Data Without a […] The post Talkin’ About Infosec News – 6/27/2022 appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/talkin-about-infosec-news-6-27-2022/

Dark Reading - Zero-Days Aren't Going Away Anytime Soon & What Leaders Need to Know

There were a record number of zero-day attacks last year, but some basic cyber-hygiene strategies can help keep your organization more safe. from Dark Reading https://www.darkreading.com/attacks-breaches/zero-days-aren-t-going-away-anytime-soon-and-what-leaders-need-to-know

The Hacker News - U.S. FCC Commissioner Asks Apple and Google to Remove TikTok from App Stores

One of the commissioners of the U.S. Federal Communications Commission (FCC) has renewed calls asking for Apple and Google to boot the popular video-sharing platform TikTok from their app stores citing "its pattern of surreptitious data practices." "It is clear that TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing's apparently from The Hacker News https://thehackernews.com/2022/06/us-fcc-commissioner-asks-apple-and.html

Threat Post - A Guide to Surviving a Ransomware Attack

Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture. from Threatpost https://threatpost.com/a-guide-to-surviving-a-ransomware-attack/180110/

The Hacker News - What is Shadow IT and why is it so risky?

Shadow IT refers to the practice of users deploying unauthorized technology resources in order to circumvent their IT department. Users may resort to using shadow IT practices when they feel that existing IT policies are too restrictive or get in the way of them being able to do their jobs effectively. An old school phenomenon  Shadow IT is not new. There have been countless examples of from The Hacker News https://thehackernews.com/2022/06/what-is-shadow-it-and-why-is-it-so-risky.html

The Hacker News - Ex-Canadian Government Employee Pleads Guilty Over NetWalker Ransomware Attacks

A former Canadian government employee this week agreed to plead guilty in the U.S. to charges related to his involvement with the NetWalker ransomware syndicate. Sebastien Vachon-Desjardins, who was extradited to the U.S. on March 10, 2022, is accused of conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to from The Hacker News https://thehackernews.com/2022/06/ex-canadian-government-employee-pleads.html

The Hacker News - North Korean Hackers Suspected to be Behind $100M Horizon Bridge Hack

The notorious North Korea-backed hacking collective Lazarus Group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge, citing similarities to the Ronin bridge attack in March 2022. The finding comes as Harmony confirmed that its Horizon Bridge, a platform that allows users to move cryptocurrency across different blockchains, had been breached last week. from The Hacker News https://thehackernews.com/2022/06/north-korean-hackers-suspected-to-be.html

US-CERT - Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2022/06/29/mozilla-releases-security-updates-firefox-firefox-esr-and

Dark Reading - Cyberattacks via Unpatched Systems Cost Orgs More Than Phishing

External attacks focused on vulnerabilities are still the most common ways that companies are successfully attacked, according to incident data. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/cyberattacks-bug-exploits-more-costly-incidents

Dark Reading - Shifting the Cybersecurity Paradigm From Severity-Focused to Risk-Centric

Embrace cyber-risk modeling and ask security teams to pinpoint the risks that matter and prioritize remediation efforts. from Dark Reading https://www.darkreading.com/risk/shifting-the-cybersecurity-paradigm-from-severity-focused-to-risk-centric

The Hacker News - New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators

Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies. Dubbed "YTStealer" by Intezer, the malicious tool is likely believed to be sold as a service on the dark web, with it distributed using fake installers that also drop RedLine Stealer and Vidar. "What sets YTStealer aside from other from The Hacker News https://thehackernews.com/2022/06/new-ytstealer-malware-aims-to-hijack.html

Dark Reading - 5 Surprising Cyberattacks AI Stopped This Year

See how these novel, sophisticated, or creative threats used techniques such as living off the land to evade detection from traditional defensive measures — but were busted by AI. from Dark Reading https://www.darkreading.com/dr-tech/5-surprising-cyberattacks-ai-stopped-this-year

The Hacker News - New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers

A new security vulnerability has been disclosed in RARlab's UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary. The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive. from The Hacker News https://thehackernews.com/2022/06/new-unrar-vulnerability-could-let.html

The Hacker News - New 'FabricScape' Bug in Microsoft Azure Service Fabric Impacts Linux Workloads

Cybersecurity researchers from Palo Alto Networks Unit 42 disclosed details of a new security flaw affecting Microsoft's Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster. The issue, which has been dubbed FabricScape (CVE-2022-30137), could be exploited on containers that are configured to have runtime access. It has been remediated from The Hacker News https://thehackernews.com/2022/06/new-fabricscape-bug-in-microsoft-azure.html

The Hacker News - CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue, tracked as CVE-2021-4034 (CVSS score: 7.8), came to light in January 2022 and concerns a case of local privilege escalation in polkit's pkexec utility, which allows an from The Hacker News https://thehackernews.com/2022/06/cisa-warns-of-active-exploitation-of.html

Dark Reading - Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign

The clever, interactive phishing campaign is a sign of increasingly complex social-engineering attacks, researchers warn. from Dark Reading https://www.darkreading.com/attacks-breaches/facebook-business-pages-chatbot-data-harvesting-campaign

SBS CyberSecurity - #askSBS: Remote Patch Management

We have a really difficult time with laptop users taking their devices home and leaving them offline at night and on weekends. Any thoughts on getting those remote users to leave their devices online to get patched? from SBS CyberSecurity https://sbscyber.com/resources/articleType/ArticleView/articleId/3910/asksbs-remote-patch-management

Rapid 7 - For Ransomware Double-Extorters, It's All About the Benjamins — and Data From Healthcare and Pharma

Image
Welcome to the second installment in our series looking at the latest ransomware research from Rapid7. Two weeks ago, we launched "Pain Points: Ransomware Data Disclosure Trends" , our first-of-its-kind look into the practice of double extortion, what kinds of data get disclosed, and how the ransomware “market" has shifted in the two years since double extortion became a particularly nasty evolution to the practice. Today, we're going to talk a little more about the healthcare and pharmaceutical industry data and analysis from the report, highlighting how these two industries differ from some of the other hardest-hit industries and how they relate to each other (or don't in some cases). But first, let's recap what "Pain Points" is actually analyzing. Rapid7's threat intelligence platform (TIP) scans the clear, deep, and dark web for data on threats and operationalizes that data automatically with our Threat Command product. This means we hav...

Dark Reading - Can Zero-Knowledge Crypto Solve Our Password Problems?

Creating temporary keys that are not stored in central repositories and time out automatically could improve security for even small businesses. from Dark Reading https://www.darkreading.com/emerging-tech/can-zero-knowledge-crypto-solve-our-password-problems-

The Hacker News - ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks

A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks. The malware "grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to maintain an undetected foothold," from The Hacker News https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html

US-CERT - 2022 CWE Top 25 Most Dangerous Software Weaknesses

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2022/06/28/2022-cwe-top-25-most-dangerous-software-weaknesses

Rapid 7 - CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)

Image
The ruby-mysql Ruby gem prior to version 2.10.0 maintained by Tomita Masahiro is vulnerable to an instance of CWE-610: Externally Controlled Reference to a Resource in Another Sphere , wherein a malicious MySQL server can request local file content from a client without explicit authorization from the user. The initial CVSSv3 estimate for this issue is 6.5 . Note that this issue does not affect the much more popular mysql2 gem. This issue was fixed in ruby-mysql 2.10.0 on October 23, 2021, and users of ruby-mysql are urged to update. Product description The ruby-mysql Ruby gem is an implementation of a MySQL client. While it is far less popular than the mysql2 gem, it serves a particular niche audience of users that desire a pure Ruby implementation of MySQL client functionality without linking to an external library (as mysql2 does). Credit This issue was reported to Rapid7 by Hans-Martin Münch of MOGWAI LABS GmbH, initially as a Metasploit issue, and is being disclosed in ac...

Threat Post - ‘Killnet’ Adversary Pummels Lithuania with DDoS Attacks Over Blockade

Cyber collective Killnet claims it won’t let up until the Baltic country opens trade routes to and from the Russian exclave of Kaliningrad. from Threatpost https://threatpost.com/killnet-pummels-lithuania/180075/

The Hacker News - OpenSSH to Release Security Patch for Remote Memory Corruption Vulnerability

The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. The issue has been identified in OpenSSL version 3.0.4, which was released on June 21, 2022, and impacts x64 systems with the AVX-512 instruction set. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL are not affected. <!--adsense--> Security from The Hacker News https://thehackernews.com/2022/06/openssh-to-release-security-patch-for.html

The Hacker News - New Android Banking Trojan 'Revive' Targeting Users of Spanish Financial Services

A previously unknown Android banking trojan has been discovered in the wild, targeting users of the Spanish financial services company BBVA. Said to be in its early stages of development, the malware — dubbed Revive by Italian cybersecurity firm Cleafy — was first observed on June 15, 2022 and distributed by means of phishing campaigns. "The name Revive has been chosen since one of the from The Hacker News https://thehackernews.com/2022/06/new-android-banking-trojan-revive.html

US-CERT - Vulnerability Summary for the Week of June 20, 2022

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/bulletins/sb22-178

BuzzSec Blog Update

All,  The tool I used to grab new RSS feeds and then publish them has been broken for some time. They should now all be fixed. I have to pay for the meta programming now so I hope you all enjoy it. I don't do any ads or make any money from this service. I just want people and my clients to be in the KNOW and as such have curated some great feeds for your threat intel.

SBS CyberSecurity - In The Wild 281

Image
     In The Wild - CyberSecurity Newsletter Welcome to the 281 st     issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!            Hacker Hour: Cyber Insurance - Misrepresentation of Facts SBS Educational Resources Date: June 29, 2022 Time: 2:00 - 3...