Posts

Showing posts from December, 2022

KnowBe4 - One Out of 10 Threats Still Make It All the Way to the Endpoint

Image
Despite good intentions, layered security measures, and efficacy claims by security solution vendors, new data shows that email-based threats are still getting all the way to the Inbox. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/one-out-of-10-threats-still-make-it-all-the-way-to-the-endpoint

Rapid 7 - 2022 Annual Metasploit Wrap-Up

Image
It's been another gangbusters year for Metasploit, and the holidays are a time to give thanks to all the people that help make our load a little bit lighter. So, while this end-of-year wrap-up is a highlight reel of the headline features and extensions that landed in Metasploit-land in 2022, we also want to express our gratitude and appreciation for our stellar community of contributors, maintainers, and users. The Metasploit team merged 824 pull requests across Metasploit-related projects in 2022, more than 650 of which were incorporated into the main metasploit-framework repository. If you fixed a typo, linked a new reference, or cleaned up some code spaghetti, thank you! Active Directory Certificate Services attacks For years now, penetration testers and attackers have emphasized Active Directory as a particularly juicy and valuable attack surface area. In 2021, we saw fresh attack research that outlined new techniques for targeting Active Directory Certificate Services, or...

KnowBe4 - Your KnowBe4 Fresh Content Updates from December 2022

Image
Check out the 36 new pieces of training content added in December, alongside the always fresh content update highlights and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/your-knowbe4-fresh-content-updates-from-december-2022

Schneier - Recovering Smartphone Voice from the Accelerometer

Yet another smartphone side-channel attack: “ EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers “: Abstract: Eavesdropping from the user’s smartphone is a well-known threat to the user’s safety and privacy. Existing studies show that loudspeaker reverberation can inject speech into motion sensor readings, leading to speech eavesdropping. While more devastating attacks on ear speakers, which produce much smaller scale vibrations, were believed impossible to eavesdrop with zero-permission motion sensors. In this work, we revisit this important line of reach. We explore recent trends in smartphone manufacturers that include extra/powerful speakers in place of small ear speakers, and demonstrate the feasibility of using motion sensors to capture such tiny speech vibrations. We investigate the impacts of these new ear speakers on built-in motion sensors and examine the potential to elicit private speech information from the minute vibrations. Ou...

The Hacker News - Researcher Uncovers Potential Wiretapping Bugs in Google Home Smart Speakers

A security researcher was awarded a bug bounty of $107,500 for identifying security issues in Google Home smart speakers that could be exploited to install backdoors and turn them into wiretapping devices. The flaws "allowed an attacker within wireless proximity to install a 'backdoor' account on the device, enabling them to send commands to it remotely over the internet, access its microphone from The Hacker News https://thehackernews.com/2022/12/researcher-uncovers-potential.html

The Hacker News - CISA Warns of Active exploitation of JasperReports Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two-years-old security flaws impacting TIBCO Software's JasperReports product to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaws, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9), were addressed by TIBCO in April 2018 and March 2019, from The Hacker News https://thehackernews.com/2022/12/cisa-warns-of-active-exploitation-of.html

Rapid 7 - Understanding the Ecosystem of Smart Cities for the Purpose of Security Testing

Image
Is there a defined ecosystem, similar to what we encountered with the Internet of Things (IoT), that can be charted out as it relates to smart city technology and its security implications? While evaluating IoT I struggled with defining what IoT is. I found that there were varying definitions out there, but none that helped me fully understand what constitutes IoT and how to approach evaluating its security posture. To solve that dilemma in my mind and to better be able to discuss it with vendors and consumers I finally landed on the concept that IoT is often better defined as a series of traits that can be used to explain it, its structure, and better understand the components and their interaction with each other. This concept and approach also allowed me to properly map out all of the interlinking mechanisms as it relates to security testing of the IoT technology's full ecosystem. Looking at it from this perspective we see that Smart Cities leverage IoT technology and concept...

TrustedSec - To OOB, or Not to OOB?: Why Out-of-Band Communications are Essential for Incident Response

tl;dr Out-of-band (OOB) communications are alternative systems or technologies that allow responders to collaborate, coordinate, and inform during an incident. OOB should not use any existing, normal infrastructure. OOB should provide email, voice, and real-time communications capabilities; mass one-way communications to employees, clients, and the public; and file storage. Ensure that your OOB solution meets any internal legal requirements. Set up OOB before an incident occurs. Test your OOB platforms. Communications are critical during an incident. If you cannot coordinate, collaborate, and inform actions and information about an incident, the incident response will eventually fail. Normally, this isn’t an issue, as organizations have resources like Microsoft 365 email, SharePoint, Slack, and Teams to use to communicate with each other. However, what happens when those technologies are unavailable? That is where OOB communications come in. OOB communications are alternativ...

HACKMAGEDDON - 1-15 December 2022 Cyber Attack Timeline

In the first timeline of December, I have collected 147 events (corresponding to 9.8 events/day), a result slightly... from HACKMAGEDDON https://www.hackmageddon.com/2022/12/29/1-15-december-2022-cyber-attack-timeline/

The Hacker News - Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities

Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. The issues in question are CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), which were addressed by the virtualization services provider on November 8 and December 13, 2022, respectively. While CVE-2022-27510 from The Hacker News https://thehackernews.com/2022/12/thousands-of-citrix-servers-still.html

The Hacker News - New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software

Users searching for popular software are being targeted by a new malvertising campaign that abuses Google Ads to serve trojanized variants that deploy malware, such as Raccoon Stealer and Vidar. The activity makes use of seemingly credible websites with typosquatted domain names that are surfaced on top of Google search results in the form of malicious ads by hijacking searches for specific from The Hacker News https://thehackernews.com/2022/12/new-malvertising-campaign-via-google.html

KnowBe4 - [Eye Opener] Insurance policy doesn’t cover ransomware attack, Ohio Supreme Court says

Image
Dec. 27, 2022, The Ohio Supreme Court ruled in favor of an insurance company, determining that its contract to cover any direct physical loss or damage to property did not encompass ransom payments made when a hacker illegally gained access to medical billing software company EMOIs systems and data. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/eye-opener-insurance-policy-doesnt-cover-ransomware-attack-ohio-supreme-court-says

The Hacker News - BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies

Decentralized multi-chain crypto wallet BitKeep on Wednesday confirmed a cyberattack that allowed threat actors to distribute fraudulent versions of its Android app with the goal of stealing users' digital currencies. "With maliciously implanted code, the altered APK led to the leak of user's private keys and enabled the hacker to move funds," BitKeep CEO Kevin Como said, describing it as a " from The Hacker News https://thehackernews.com/2022/12/bitkeep-confirms-cyber-attack-loses.html

The Hacker News - APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector

Microsoft's decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months. Now according to Cisco Talos, advanced persistent threat (APT) actors and commodity malware families alike are increasingly using Excel add-in (.XLL) files as an initial intrusion vector. from The Hacker News https://thehackernews.com/2022/12/apt-hackers-turn-to-malicious-excel-add.html

The Hacker News - Facebook to Pay $725 Million to settle Lawsuit Over Cambridge Analytica Data Leak

Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has agreed to pay $725 million to settle a long-running class-action lawsuit filed in 2018. The legal dispute sprang up in response to revelations that the social media giant allowed third-party apps such as those, including Cambridge Analytica to access users' personal information without their consent for political from The Hacker News https://thehackernews.com/2022/12/facebook-to-pay-725-million-to-settle.html

The Hacker News - W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names

Threat actors have published yet another round of malicious packages to Python Package Index (PyPI) with the goal of delivering information-stealing malware on compromised developer machines. Interestingly, while the malware goes by a variety of names like ANGEL Stealer, Celestial Stealer, Fade Stealer, Leaf $tealer, PURE Stealer, Satan Stealer, and @skid Stealer, cybersecurity company Phylum from The Hacker News https://thehackernews.com/2022/12/w4sp-stealer-discovered-in-multiple.html

Schneier - Friday Squid Blogging: Injured Giant Squid and Paddleboarder

Here’s a video —I don’t know where it’s from—of an injured juvenile male giant squid grabbing on to a paddleboard. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2022/12/friday-squid-blogging-injured-giant-squid-and-paddleboarder.html

The Hacker News - FrodoPIR: New Privacy-Focused Database Querying System

The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying and retrieval system called FrodoPIR. The idea, the company said, is to use the technology to build out a wide range of use cases such as safe browsing, checking passwords against breached databases, certificate revocation checks, and streaming, among others. The scheme is called FrodoPIR from The Hacker News https://thehackernews.com/2022/12/frodopir-new-privacy-focused-database.html

Schneier - Hacking the JFK Airport Taxi Dispatch System

Two men have been convicted of hacking the taxi dispatch system at the JFK airport. This enabled them to reorder the taxis on the list; they charged taxi drivers $10 to cut the line. from Schneier on Security https://www.schneier.com/blog/archives/2022/12/hacking-the-jfk-airport-taxi-dispatch-system.html

The Hacker News - Accelerate Your Incident Response

Tis the season for security and IT teams to send out that company-wide email: “No, our CEO does NOT want you to buy gift cards.”  As much of the workforce signs off for the holidays, hackers are stepping up their game. We’ll no doubt see an increase in activity as hackers continue to unleash e-commerce scams and holiday-themed phishing attacks. Hackers love to use these tactics to trick end from The Hacker News https://thehackernews.com/2022/12/accelerate-your-incident-response.html

The Hacker News - Vice Society Ransomware Attackers Adopt Robust Encryption Methods

The Vice Society ransomware actors have switched to yet another custom ransomware payload in their recent attacks aimed at a variety of sectors. "This ransomware variant, dubbed 'PolyVice,' implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms," SentinelOne researcher Antonio Cocomazzi said in an analysis. Vice Society, which is tracked by Microsoft under the from The Hacker News https://thehackernews.com/2022/12/vice-society-ransomware-attackers-adopt.html

The Hacker News - France Fines Microsoft €60 Million for Using Advertising Cookies Without User Consent

France's privacy watchdog has imposed a €60 million ($63.88 million) fine against Microsoft's Ireland subsidiary for dropping advertising cookies in users' computers without their explicit consent in violation of data protection laws in the European Union. The Commission nationale de l'informatique et des libertés (CNIL) noted that users visiting the home page of its Bing search engine did not from The Hacker News https://thehackernews.com/2022/12/france-fines-microsoft-60-million-for.html

The Hacker News - The Era of Cyber Threat Intelligence Sharing

We spent forty years defending ourselves as individuals. Trying to outsmart cybercriminals, outpower them, and when all our efforts failed, only then we considered banding together with our peers to outnumber them. Cybercriminals don't reinvent themselves each time. Their resources are limited, and they have a limited budget. Therefore they use playbooks to attack many people. Meaning most of from The Hacker News https://thehackernews.com/2022/12/the-era-of-cyber-threat-intelligence.html

The Hacker News - Critical Security Flaw Reported in Passwordstate Enterprise Password Manager

Multiple high-severity vulnerabilities have been disclosed in Passwordstate password management solution that could be exploited by an unauthenticated remote adversary to obtain a user's plaintext passwords. "Successful exploitation allows an unauthenticated attacker to exfiltrate passwords from an instance, overwrite all stored passwords within the database, or elevate their privileges within from The Hacker News https://thehackernews.com/2022/12/critical-security-flaw-reported-in.html

Schneier - Critical Microsoft Code-Execution Vulnerability

A critical code-execution vulnerability in Microsoft Windows was patched in September. It seems that researchers just realized how serious it was (and is): Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required. Also, like EternalBlue, it’s wormable, meaning that a single exploit can trigger a chain reaction of self-replicating follow-on exploits on other vulnerable systems. The wormability of EternalBlue allowed WannaCry and several other attacks to spread across the world in a matter of minutes with no user interaction required. But unlike EternalBlue, which could be exploited when using only the SMB, or server message block, a protocol for file and printer sharing and similar network activities, this latest vulnerability is present in a much broader range of network protocols, giving attackers more flexibility than they had when exploiting the older vulnerability. […] Microsoft fixed ...

The Hacker News - Two New Security Flaws Reported in Ghost CMS Blogging Software

Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as Ghost, one of which could be abused to elevate privileges via specially crafted HTTP requests. Tracked as CVE-2022-41654 (CVSS score: 8.5), the authentication bypass vulnerability that allows unprivileged users (i.e., members) to make unauthorized modifications to newsletter settings. from The Hacker News https://thehackernews.com/2022/12/two-new-security-flaws-reported-in.html

The Hacker News - Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities

The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network. Microsoft Threat Intelligence Center (MSTIC) is tracking the ongoing threat under the moniker DEV-1061, its designation for unknown, emerging, or developing activity clusters. Zerobot, first documented by Fortinet FortiGuard Labs earlier this month, from The Hacker News https://thehackernews.com/2022/12/zerobot-botnet-emerges-as-growing.html

Rapid 7 - CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE

Image
Beginning December 20, 2022, Rapid7 has responded to an increase in the number of Microsoft Exchange server compromises. Further investigation aligned these attacks to what CrowdStrike is reporting as “ OWASSRF ”, a chaining of CVE-2022-41080 and CVE-2022-41082 to bypass URL rewrite mitigations that Microsoft provided for ProxyNotShell allowing for remote code execution (RCE) via privilege escalation via Outlook Web Access (OWA). Patched servers do not appear vulnerable, servers only utilizing Microsoft’s mitigations do appear vulnerable. Threat actors are using this to deploy ransomware. Rapid7 recommends that organizations who have yet to install the Exchange update (KB5019758) from November 2022 should do so immediately and investigate systems for indicators of compromise. Do not rely on the rewrite mitigations for protection. Affected Products The following on-prem versions of Exchange that have not applied the November 8, 2022 KB5019758 update are vulnerable: Microsoft...

KnowBe4 - Ivanti Report Shows Cybersecurity Practitioners Concentrating on Right Threats

Image
A recent Ivanti report shows cybersecurity practitioners getting more focused on the threat landscape, but defenders may need to hone their attention to focus on the right threats .   from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ivanti-report-shows-cybersecurity-practitioners-concentrating-on-right-threats

The Hacker News - GodFather Android Banking Trojan Targeting Users of Over 400 Banking and Crypto Apps

An Android banking trojan known as GodFather is being used to target users of more than 400 banking and cryptocurrency apps spanning across 16 countries. This includes 215 banks, 94 crypto wallet providers, and 110 crypto exchange platforms serving users in the U.S., Turkey, Spain, Italy, Canada, and Canada, among others, Singapore-headquartered Group-IB said in a report shared with The Hacker from The Hacker News https://thehackernews.com/2022/12/godfather-android-banking-trojan.html

The Hacker News - Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations

Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA). "The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint," CrowdStrike researchers Brian Pitchford, from The Hacker News https://thehackernews.com/2022/12/ransomware-hackers-using-new-way-to.html

The Hacker News - Ukraine's DELTA Military System Users Under Attack from Info Stealing Malware

The Computer Emergency Response Team of Ukraine (CERT-UA) this week disclosed that users of the Delta situational awareness program received phishing emails from a compromised email account belonging to the Ministry of Defense. The attacks, which have been attributed to a threat cluster dubbed UAC-0142, aimed to infect systems with two pieces of data-stealing malware referred to as FateGrab and from The Hacker News https://thehackernews.com/2022/12/ukraines-delta-military-system-users.html

KnowBe4 - CyberheistNews Vol 12 #51 [Ughh] The FBI's Trusted Threat Sharing 'InfraGard' Network Was Hacked

Image
from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-12-51-ughh-the-fbis-trusted-threat-sharing-infragard-network-was-hacked

Schneier - Trojaned Windows Installer Targets Ukraine

Mandiant is reporting on a trojaned Windows installer that targets Ukrainian users. The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system: Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers. The trojanized ISOs were hosted on Ukrainian- and Russian-language torrent file sharing sites. Upon installation of the compromised software, the malware gathers information on the compromised system and exfiltrates it. At a subset of victims, additional tools are deployed to enable further intelligence gathering. In some instances, we discovered additional payloads that were likely deployed following initial reconnaissance including the STOWAWAY, BEACON, and SPAREPART backdoors. One obvious solution would be for Microsoft to give the Ukrainians Windows licenses, so ...

Rapid 7 - ICYMI: 10 cybersecurity acronyms you should know in 2023

Image
Cybersecurity is acronym-heavy to say the least. If you’re reading this, you already know. From CVE to FTP, we in IT love our abbreviations, FR FR. Truthfully though, it can be a bit much. However, even the nerdiest among us miss a few. So, In Case You Missed It, here are 10 cybersecurity acronyms you should know IRL, err in 2023. HUMINT Peppermint on a sticky day? How dare you. HUMINT is short for Human Intelligence . This abbreviation refers to information collected by threat researchers from sources across the clear, deep and dark web. Real people doing real things, you might say. These folks are out there hunting down potential threats and stopping them before they occur. Pretty cool stuff, TBH. CSPM Cloud Security Posture Management tools include use cases for compliance assessment, operational monitoring, DevOps integrations, incident response, risk identification, and risk visualization. Good posture: so hot RN. IAM Not the guy with the green eggs, this IAM stands for Id...

The Hacker News - Microsoft Details Gatekeeper Bypass Vulnerability in Apple macOS Systems

Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications. The shortcoming, dubbed Achilles (CVE-2022-42821, CVSS score: 5.5), was addressed by the iPhone maker in macOS Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, describing it as a logic from The Hacker News https://thehackernews.com/2022/12/microsoft-details-gatekeeper-bypass.html

SBS CyberSecurity - In The Wild 306

Image
     In The Wild - CyberSecurity Newsletter Welcome to the 306 th  issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!            Holiday Cybersecurity Tips With Andy SBS Educational Resources ‘Tis the season for your holiday shopping and visiting your fav...