What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-16 06:38:16 | Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects (lien direct) | Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks.
The issue - tracked as CVE-2021-41077 - concerns unauthorized access and plunder of secret environment data associated with a public open-source project during the |
|||
|
2021-09-16 02:48:22 | Third Critical Bug Affects Netgear Smart Switches - Details and PoC Released (lien direct) | New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices.
The flaw - dubbed "Seventh Inferno" (CVSS score: 9.8) - is part of a trio of security weaknesses, called Demon's Cries (CVSS score: 9.8) and Draconian Fear (CVSS score: 7.8) |
Vulnerability | ||
|
2021-09-16 00:19:46 | Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks (lien direct) | Microsoft on Wednesday disclosed details of a targeting phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems.
"These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed custom Cobalt Strike Beacon |
|||
|
2021-09-16 00:03:09 | You Can Now Sign-in to Your Microsoft Accounts Without a Password (lien direct) | Microsoft on Wednesday announced a new passwordless mechanism that allows users to access their accounts without a password by using Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or email.
The change is expected to be rolled out in the coming weeks.
"Except for auto-generated passwords that are nearly impossible to remember, we largely create our own |
|||
|
2021-09-15 11:36:41 | Critical Flaws Discovered in Azure App That Microsoft Secretly Installed on Linux VMs (lien direct) | Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems.
The list of flaws, collectively called OMIGOD by researchers from Wiz, affect a little-known software agent called Open Management Infrastructure |
|||
|
2021-09-15 04:03:55 | 3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company (lien direct) | The U.S. Department of Justice (DoJ) on Tuesday disclosed it fined three intelligence community and military personnel $1.68 million in penalties for their role as cyber-mercenaries working on behalf of a U.A.E.-based cybersecurity company.
The trio in question - Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40 - are accused of "knowingly and willfully combine, conspire, confederate, and |
|||
|
2021-09-14 22:00:22 | Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability (lien direct) | A day after Apple and Google rolled out urgent security updates, Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an actively exploited zero-day in its MSHTML Platform that came to light last week.
Of the 66 flaws, three are rated |
Vulnerability | ||
|
2021-09-14 06:43:34 | New Stealthier ZLoader Variant Spreading Via Fake TeamViewer Download Ads (lien direct) | Users searching for TeamViewer remote desktop software on search engines like Google are being redirected to malicious links that drop ZLoader malware onto their systems while simultaneously embracing a stealthier infection chain that allows it to linger on infected devices and evade detection by security solutions.
"The malware is downloaded from a Google advertisement published through Google |
Malware | ||
|
2021-09-14 04:13:23 | HP OMEN Gaming Hub Flaw Affects Millions of Windows Computers (lien direct) | Cybersecurity researchers on Tuesday disclosed details about a high-severity flaw in the HP OMEN driver software that impacts millions of gaming computers worldwide, leaving them open to an array of attacks.
Tracked as CVE-2021-3437 (CVSS score: 7.8), the vulnerabilities could allow threat actors to escalate privileges to kernel mode without requiring administrator permissions, allowing them to |
Threat | ||
|
2021-09-14 03:26:36 | Zero Trust Requires Cloud Data Security with Integrated Continuous Endpoint Risk Assessment (lien direct) | Every once in a while, an industry term will get overused by marketing to the point of becoming a cliche. "Zero Trust" may have reached this threshold.
In some ways, we understand why this is happening. Security perimeters have become obsolete as people use mobile devices and cloud applications to work from anywhere. Zero Trust deployment - moving all your apps and data to the cloud and assuming |
|||
|
2021-09-13 22:26:33 | Apple Issues Urgent Updates to Fix New Zero-Day Linked to Pegasus Spyware (lien direct) | Apple has released iOS 14.8, iPadOS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and Safari 14.1.2 to fix two actively exploited vulnerabilities, one of which defeated extra security protections built into the operating system.
The list of two flaws is as follows -
CVE-2021-30858 (WebKit) - A use after free issue that could result in arbitrary code execution when processing maliciously crafted web |
|||
|
2021-09-13 21:08:50 | Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack (lien direct) | Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild.
Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant credited anonymous |
|||
|
2021-09-13 20:42:07 | Linux Implementation of Cobalt Strike Beacon Targeting Organizations Worldwide (lien direct) | Researchers on Monday took the wraps off a newly discovered Linux and Windows re-implementation of Cobalt Strike Beacon that's actively set its sights on government, telecommunications, information technology, and financial institutions in the wild.
The as-yet undetected version of the penetration testing tool - codenamed "Vermilion Strike" - marks one of the rare Linux ports, which has been |
Tool | ||
|
2021-09-13 06:48:50 | Critical Bug Reported in NPM Package With Millions of Downloads Weekly (lien direct) | A widely used NPM package called 'Pac-Resolver' for the JavaScript programming language has been remediated with a fix for a high-severity remote code execution vulnerability that could be abused to run malicious code inside Node.js applications whenever HTTP requests are sent.
The flaw, tracked as CVE-2021-23406, has a severity rating of 8.1 on the CVSS vulnerability scoring system and affects |
Vulnerability | ||
|
2021-09-13 02:25:17 | New SpookJS Attack Bypasses Google Chrome\'s Site Isolation Protection (lien direct) | A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers and leak sensitive data in a Spectre-style speculative execution attack.
Dubbed "Spook.js" by academics from the University of Michigan, University of Adelaide, Georgia Institute of Technology, and Tel Aviv |
|||
|
2021-09-11 04:18:02 | Mēris Botnet Hit Russia\'s Yandex With Massive 22 Million RPS DDoS Attack (lien direct) | Russian internet giant Yandex has been the target of a record-breaking distributed denial-of-service (DDoS) attack by a new botnet called Mēris.
The botnet is believed to have pummeled the company's web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second (RPS), dwarfing a recent botnet-powered attack that came to light last month, bombarding |
|||
|
2021-09-11 03:30:56 | WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud (lien direct) | WhatsApp on Friday announced it will roll out support for end-to-end encrypted chat backups on the cloud for Android and iOS users, paving the way for storing information such as chat messages and photos in Apple iCloud or Google Drive in a cryptographically secure manner.
The feature, which will go live to all of its two billion users in the coming weeks, is expected to only work on the primary |
|||
|
2021-09-10 04:14:40 | Moving Forward After CentOS 8 EOL (lien direct) | The Linux community was caught unprepared when, in December 2020, as part of a change in the way Red Hat supports and develops CentOS, Red Hat suddenly announced that it's cutting the official CentOS 8 support window from ten years – to just two, with support ending Dec 31, 2021.
It created a peculiar situation where CentOS 7 users that did the right thing and upgraded quickly to CentOS 8 were |
|||
|
2021-09-10 03:24:59 | SOVA: New Android Banking Trojan Emerges With Growing Capabilities (lien direct) | A mix of banking applications, cryptocurrency wallets, and shopping apps from the U.S. and Spain are the target of a newly discovered Android trojan that could enable attackers to siphon personally identifiable information from infected devices, including banking credentials and open the door for on-device fraud.
Dubbed S.O.V.A. (referring to the Russian word for owl), the current version of the |
|||
|
2021-09-10 01:18:43 | Experts Link Sidewalk Malware Attacks to Grayfly Chinese Hacker Group (lien direct) | A previously undocumented backdoor that was recently found targeting an unnamed computer retail company based in the U.S. has been linked to a longstanding Chinese espionage operation dubbed Grayfly.
In late August, Slovakian cybersecurity firm ESET disclosed details of an implant called SideWalk, which is designed to load arbitrary plugins sent from an attacker-controlled server, gather |
Malware Guideline | APT 41 | |
|
2021-09-09 22:07:33 | Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances (lien direct) | Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances (ACI) services that could have been exploited by a malicious actor "to access other customers' information" in what the researcher described as the "first cross-account container takeover in the public cloud."
An attacker exploiting the weakness could execute malicious commands on other users' containers, |
Vulnerability | ||
|
2021-09-09 02:57:24 | Russian Ransomware Group REvil Back Online After 2-Month Hiatus (lien direct) | The operators behind the REvil ransomware-as-a-service (RaaS) staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4.
Two of the dark web portals, including the gang's Happy Blog data leak site and its payment/negotiation site, have resurfaced online, with the most recent victim added on July 8, |
Ransomware | ||
|
2021-09-09 01:28:49 | Fighting the Rogue Toaster Army: Why Secure Coding in Embedded Systems is Our Defensive Edge (lien direct) | There are plenty of pop culture references to rogue AI and robots, and appliances turning on their human masters. It is the stuff of science fiction, fun, and fantasy, but with IoT and connected devices becoming more prevalent in our homes, we need more discussion around cybersecurity and safety.
Software is all around us, and it's very easy to forget just how much we're relying on lines of code |
|||
|
2021-09-09 00:33:52 | Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices (lien direct) | Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices.
"These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain |
|||
|
2021-09-08 22:45:14 | CISA Warns of Actively Exploited Zoho ManageEngine ADSelfService Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a bulletin warning of a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus deployments that is currently being actively exploited in the wild.
The flaw, tracked as CVE-2021-40539, concerns a REST API authentication bypass that could lead to arbitrary remote code execution (RCE). ADSelfService Plus |
Vulnerability Guideline | ||
|
2021-09-08 05:38:12 | 3 Ways to Secure SAP SuccessFactors and Stay Compliant (lien direct) | The work-from-anywhere economy has opened up the possibility for your human resources team to source the best talent from anywhere. To scale their operations, organizations are leveraging the cloud to accelerate essential HR functions such as recruiting, onboarding, evaluating, and more.
SAP is leading this HR transformation with its human capital management (HCM) solution, SAP SuccessFactors. |
Guideline | ||
|
2021-09-08 05:33:28 | HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack (lien direct) | A critical security vulnerability has been disclosed in HAProxy, a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks.
Tracked as CVE-2021-40346, the Integer Overflow vulnerability |
Vulnerability | ||
|
2021-09-08 01:08:36 | Experts Uncover Mobile Spyware Attacks Targeting Kurdish Ethnic Group (lien direct) | Cybersecurity researchers on Tuesday released new findings that reveal a year-long mobile espionage campaign against the Kurdish ethnic group to deploy two Android backdoors that masquerade as legitimate apps.
Active since at least March 2020, the attacks leveraged as many as six dedicated Facebook profiles that claimed to provide news, two of which were aimed at Android users while the other |
|||
|
2021-09-08 00:27:48 | [Ebook] The Guide for Speeding Time to Response for Lean IT Security Teams (lien direct) | Most cyber security today involves much more planning, and much less reacting than in the past. Security teams spend most of their time preparing their organizations' defenses and doing operational work. Even so, teams often must quickly spring into action to respond to an attack.
Security teams with copious resources can quickly shift between these two modes. They have enough resources to |
|||
|
2021-09-07 20:48:34 | New 0-Day Attack Targeting Windows Users With Microsoft Office Documents (lien direct) | Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that's being used to hijack vulnerable Windows systems by leveraging weaponized Office documents.
Tracked as CVE-2021-40444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in |
|||
|
2021-09-07 03:05:28 | Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server (lien direct) | The maintainers of Jenkins-a popular open-source automation server software-have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner.
The "successful attack," which is believed to have occurred last week, was mounted against its |
Vulnerability Threat | ||
|
2021-09-06 05:17:38 | ProtonMail Shares Activist\'s IP Address With Authorities Despite Its "No Log" Policy (lien direct) | End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France.
The Switzerland-based company said it received a "legally binding order from the Swiss Federal Department of Justice" related to a collective called Youth for |
Guideline | ||
|
2021-09-06 04:13:41 | Traffic Exchange Networks Distributing Malware Disguised as Cracked Software (lien direct) | An ongoing campaign has been found to leverage a network of websites acting as a "dropper as a service" to deliver a bundle of malware payloads to victims looking for "cracked" versions of popular business and consumer applications.
"These malware included an assortment of click fraud bots, other information stealers, and even ransomware," researchers from cybersecurity firm Sophos said in a |
Malware | ||
|
2021-09-06 03:33:18 | Critical Auth Bypass Bug Affect NETGEAR Smart Switches - Patch and PoC Released (lien direct) | Networking, storage and security solutions provider Netgear on Friday issued patches to address three security vulnerabilities affecting its smart switches that could be abused by an adversary to gain full control of a vulnerable device.
The flaws, which were discovered and reported to Netgear by Google security engineer Gynvael Coldwind, impact the following models -
GC108P (fixed in firmware |
|||
|
2021-09-04 02:08:38 | Apple Delays Plans to Scan Devices for Child Abuse Images After Privacy Backlash (lien direct) | Apple is temporarily hitting the pause button on its controversial plans to screen users' devices for child sexual abuse material (CSAM) after receiving sustained blowback over worries that the tool could be weaponized for mass surveillance and erode the privacy of users.
"Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the |
Tool | ||
|
2021-09-04 00:50:47 | Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack (lien direct) | Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with "high confidence" to a threat actor operating out of China.
In mid-July, the Texas-based company remedied a remote code execution flaw (CVE-2021-35211) that was rooted in Serv-U's implementation of the |
Vulnerability Threat | ||
|
2021-09-04 00:19:02 | U.S. Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw (lien direct) | The U.S. Cyber Command on Friday warned of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments that could be abused by unauthenticated attackers to take control of a vulnerable system.
"Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate," the Cyber National |
Vulnerability | ||
|
2021-09-03 03:40:42 | This New Malware Family Using CLFS Log Files to Avoid Detection (lien direct) | Cybersecurity researchers have disclosed details about a new malware family that relies on the Common Log File System (CLFS) to hide a second-stage payload in registry transaction files in an attempt to evade detection mechanisms.
FireEye's Mandiant Advanced Practices team, which made the discovery, dubbed the malware PRIVATELOG, and its installer, STASHLOG. Specifics about the identities of the |
Malware | ||
|
2021-09-03 01:44:10 | FIN7 Hackers Using Windows 11 Themed Documents to Drop Javascript Backdoor (lien direct) | A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a point-of-sale (PoS) service provider located in the U.S.
The attacks, which are believed to have taken place between late June to late July 2021, have been attributed with "moderate confidence" to a |
|||
|
2021-09-02 23:20:20 | Cisco Issues Patch for Critical Enterprise NFVIS Flaw - PoC Exploit Available (lien direct) | Cisco has patched a critical security vulnerability impacting its Enterprise Network Function Virtualization Infrastructure Software (NFVIS) that could be exploited by an attacker to take control of an affected system.
Tracked as CVE-2021-34746, the weakness has been rated 9.8 out of a maximum of 10 on the Common Vulnerability Scoring System (CVSS) and could allow a remote attacker to circumvent |
Vulnerability | ||
|
2021-09-02 08:48:58 | What is AS-REP Roasting attack, really? (lien direct) | Microsoft's Active Directory is said to be used by 95% of Fortune 500. As a result, it is a prime target for attackers as they look to gain access to credentials in the organization, as compromised credentials provide one of the easiest ways for hackers to access your data.
A key authentication technology that underpins Microsoft Active Directory is Kerberos. Unfortunately, hackers use many |
|||
|
2021-09-02 05:29:55 | New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable (lien direct) | A set of new security vulnerabilities has been disclosed in commercial Bluetooth stacks that could enable an adversary to execute arbitrary code and, worse, crash the devices via denial-of-service (DoS) attacks.
Collectively dubbed "BrakTooth" (referring to the Norwegian word "Brak" which translates to "crash"), the 16 security weaknesses span across 13 Bluetooth chipsets from 11 vendors such |
|||
|
2021-09-02 03:07:25 | WhatsApp Photo Filter Bug Could Have Exposed Your Data to Remote Attackers (lien direct) | A now-patched high-severity security vulnerability in WhatApp's image filter feature could have been abused to send a malicious image over the messaging app to read sensitive information from the app's memory.
Tracked as CVE-2020-1910 (CVSS score: 7.8), the flaw concerns an out-of-bounds read/write and stems from applying specific image filters to a rogue image and sending the altered image to |
Vulnerability | ||
|
2021-09-02 02:20:08 | Is Traffic Mirroring for NDR Worth the Trouble? We Argue It Isn\'t (lien direct) | Network Detection & Response (NDR) is an emerging technology developed to close the blind security spots left by conventional security solutions, which hackers exploited to gain a foothold in target networks.
Nowadays, enterprises are using a plethora of security solutions to protect their network from cyber threats. The most prominent ones are Firewalls, IPS/IDS, SIEM, EDR, and XDR (which |
|||
|
2021-09-02 02:07:03 | Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks (lien direct) | The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019.
News of the arrest, which originally happened in June, was disclosed by researchers from Netlab, the network research division of Chinese internet security company Qihoo 360, earlier this Monday, detailing |
Malware Threat | ||
|
2021-09-01 22:58:59 | FTC Bans Stalkerware App SpyFone; Orders Company to Erase Secretly Stolen Data (lien direct) | The U.S. Federal Trade Commission on Wednesday banned a stalkerware app company called SpyFone from the surveillance business over concerns that it stealthily harvested and shared data on people's physical movements, phone use, and online activities that were then used by stalkers and domestic abusers to monitor potential targets.
"SpyFone is a brazen brand name for a surveillance business that |
|||
|
2021-09-01 08:50:52 | Cybercriminals Abusing Internet-Sharing Services to Monetize Malware Campaigns (lien direct) | Threat actors are capitalizing on the growing popularity of proxyware platforms like Honeygain and Nanowire to monetize their own malware campaigns, once again illustrating how attackers are quick to repurpose and weaponize legitimate platforms to their advantage.
"Malware is currently leveraging these platforms to monetize the internet bandwidth of victims, similar to how malicious |
Malware Threat | ||
|
2021-09-01 08:19:26 | Linphone SIP Stack Bug Could Let Attackers Remotely Crash Client Devices (lien direct) | Cybersecurity researchers on Tuesday disclosed details about a zero-click security vulnerability in Linphone Session Initiation Protocol (SIP) stack that could be remotely exploited without any action from a victim to crash the SIP client and cause a denial-of-service (DoS) condition.
Tracked as CVE-2021-33056 (CVSS score: 7.5), the issue concerns a NULL pointer dereference vulnerability in the |
Vulnerability | ||
|
2021-09-01 05:50:55 | [LIVE WEBINAR] How Lean Security Teams Can Improve Their Time to Response (lien direct) | Cybersecurity could be described as a marathon for security teams that spend most of their time building sustained defenses that prevent threats day after day. However, they must be ready to hit a sprint whenever an attack succeeds since attack duration, and the resulting damages are directly correlated.
Reacting to a successful attack is a major challenge for lean security teams today since |
|||
|
2021-09-01 00:11:38 | QNAP Working on Patches for OpenSSL Flaws Affecting its NAS Devices (lien direct) | Network-attached storage (NAS) appliance maker QNAP said it's currently investigating two recently patched security flaws in OpenSSL to determine their potential impact, adding it will release security updates should its products turn out to be vulnerable.
Tracked as CVE-2021-3711 (CVSS score: 7.5) and CVE-2021-3712 (CVSS score: 4.4), the weaknesses concern a high-severity buffer overflow in SM2 |
To see everything:
