Unique insights and large ransomware attacks

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT)

This week we get a unique insight into a threat actors inner working as IBM’s X-Force IRIS security team uncover a 40GB cache of data belonging to a threat actor called “ITG18” (overlaps with another outfit alternatively known as Charming Kitten and Phosphorus) believed to be sponsored by Iran. Included in the extracted data is several hours of video “showing operators searching through and exfiltrating data from multiple compromised accounts”.
Read more …

Top 5 Security News

Aerospace and military companies in the crosshairs

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT)

ESET researchers are warning about targeted phishing attacks agains high-profile aerospace and military companies in Europe. The attacker will approach individual personnel about possible job vacancies, some file-sharing then commences with the pretense of informing about this vacancy, this is in reality malware giving the attacker foothold on the victims machine.

Be vigilant about files you get from strangers, and people who makes contact on social media and LinkedIn.

Top 5 Security News

Zoom continues to face security issues

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT)

Zoom has become very popular as people are working from home and unable to travel, but faced backlash after multiple security vulnerabilities was discovered earlier this year. Now Cisco Talos discovered two more security vulnerabilities that could lead to remote code execution. One of the bugs was in zooms giphy animated gif code that could lead to path traversal and arbitrary file write, and the other one was in Zooms message processing code where a specially crafted message could lead to arbitrary code execution. Both vulnerabilities was disclosed to Zoom and a patch was released
before Talos publicly released the information. Just another reminder to keep software up to date.

Zoom also announced that they will no longer offer end-to-end encryption to its free user but offer it as part of its premium feature for paid customers. The move has been criticized by security experts, especially in lieu of all the recent security vulnerabilities discovered in their platform. Eric Yuan, Zooms CEO claim that the move is to work together with FBI and local law enforcement in case someone use Zoom for a bad purpose

Top 5 Security links:

NATO Condemns Cyber-Attacks

Fraudulent iOS VPN Apps Attempt to Scam Users

Hackers Compromise Cisco Servers Via SaltStack Flaws

Malware Campaign Hides in Resumes and Medical Leave Forms

Zero-day in Sign in with Apple

Thunderbolt interface makes millions of PC’s in danger

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT)

It wasn’t really a news that Thunderbolt technology (USB-C) was vulnerable from years before, but now we got a demo from researcher which shows how Thunderbolt flaw allows access to a PC’s data in minutes.

More on this:

https://thunderspy.io/

https://www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/

Top 5 Security links:

A bit of history or the 15 biggest data breaches of the 21st century

WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover

Top 10 Routinely Exploited Vulnerabilities

Never, never pay to cybercriminals

The Confessions of the Hacker Who Saved the Internet

Woman holding laptop and media files

Zero click bugs in Apple operating systems

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

According to Google’s project zero there are vulnerabilities in Apples operating systems media managements. The vulnerabilities could let an attacker gain access by sending a specially crafted image or video to a target and no interaction would be needed from the user to be exploited.
The vulnerabilities was found using fuzzing techniques on previously found bugs, and the vulnerabilities they found have now been fixed.

More on this topic:

Google discloses zero-click bugs impacting several Apple operating systems

Top 5 Security links

Zoom faces a privacy and security backlash

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

The use of the Zoom video conference application has exploded in popularity amid the ongoing coronavirus pandemic but this has lead to the importance of scrutiny from a security and privacy perspective which as uncovered lots of privacy and security issues and even zero day vulnerabilities.
As result of this Zoom now faces a privacy and security backlash.

More on this topic:

Wired article on Zoom

Even Doc Searls has written a series of four posts about Zoom and privacy.

 

Top 5 Security links

In COVID-19 Scam Scramble, Cybercrooks Recycle Phishing Kits

Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers

Online Credit Card Skimmers Are Thriving During the Pandemic

‘Zombie’ Windows win32k bug reanimated by researcher

Privacy vs. Surveillance in the Age of COVID-19

Covid-19 phishing on the rise

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Criminals continue to use the covid-19 pandemic for personal gain and according to Barracuda networks the amount of phishing emails have spikes by over 650% since the end of February.

But even as the campaigns are revving up their attempts at tricking people, their attempts remain largely the same as before the pandemic started. The tools, methods and payloads stays pretty much the same, but now trying to leverage the fear and need for information during a crisis. The company proofpoint.com made en excellent one-slide summary of what is new seen below.

 

 

Top 5 Security links

Reality Check: The Story of Cybersecurity

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“Often, hackers are portrayed as “technical sorcerers” while defenders are “hapless techies focused on zero-day vulnerabilities and only the most advanced threat vectors,” but in reality, that’s not true.
Cybercriminals are not always sophisticated, and in fact, more script kiddies exist than technically savvy hackers.
The difference is that cybercriminals are more organized and create tools and exploit kits that allow less sophisticated actors to become well equipped in launching attacks.”

said Rohit Ghai, president of RSA, in his keynote at the RSA Conference in San Francisco this week.

“The security landscape needs to change the narrative of its story. So we need to reclaim our narrative, reorganize our defense, and rethink our culture.”
this was his solicitation to the cyber security community.

more talks from the RSA Conference 2020 or download the RSAC 2020 Trend Report

 

Top 5 Security News

RSAC 2020: Lack of Machine Learning Laws Open Doors To Attacks

New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices

New LTE Network Flaw Could Let Attackers Impersonate 4G Mobile Users

FBI recommends using passphrases instead of complex passwords

Gmail Is Catching More Malicious Attachments With Deep Learning

 

Basefarm security news

This blog post is a short summary of this week’s Information Security News put together by SecOps team.

Basefarm have started to publish vulnerability bulletin in the blog posts, feel free to share this with our customers:

https://blog.basefarm.com/blog/category/security-blog/vuln-bullet/feed/

 

Top 3 Security News:

CVE-2020-0618 | Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability

Critical Cisco Bug Opens Software Licencing Manager to Remote Attack

You are never secure with a WordPress

CVE-2020-1938: Apache Tomcat AJP Connector Remote Code Execution Vulnerability Alert

 

 

 

Cloud security is voodoo?

“Researchers detail the process of finding two flaws in the Azure Stack architecture and Azure App Service, both of which have been patched.”

“Check Point Research analysts who discovered two vulnerabilities in the Microsoft Azure cloud infrastructure have published the details of how these flaws were found and how attackers could potentially use them.”

Read more at darkreading.com

 Top 5 Security News

 

 

(Blogpost image by Animesh Bhattarai on Unsplash)