VMware Patches ESXi Vulnerability That Earned Hacker $200,000

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

VMware on Thursday informed customers that it has released patches for a critical remote code execution vulnerability in ESXi that was disclosed recently at the Tianfu Cup hacking competition in China.

According to organizers of the Tianfu Cup, a member of the 360Vulcan team demonstrated a virtual machine escape and took control of the host operating system. The exploit only took 24 seconds to execute and earned the hacker $200,000, the highest single payout at the event.

Read more

Top 5 Security News

Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD

Critical DoS messaging flaw fixed in December Android update

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

VPN Connection Hijacking Vulnerability Affects Linux, Unix Systems

Apple Explains Mysterious iPhone 11 Location Requests

Threat Hunting or Efficiency: Pick Your EDR Path?

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Cybersecurity teams face a lot of conflicting objectives—both within their teams and from upper management. But a May 2019 commissioned study conducted by Forrester Consulting on behalf of McAfee really puts a fine point on it: When decision makers were asked which endpoint security goals and initiatives they’re prioritizing for the coming year, the top two responses were “improve security detection capabilities” (87%) and “increase efficiency in the SOC” (76%).

Read more

 

Top 5 Security News

5 scams to watch out for this shopping season

Dexphot Malware Hijacked 80K+ Devices to Mine Cryptocurrency

It’s Way Too Easy to Get a .gov Domain Name

A Cause You Care About Needs Your Cybersecurity Help

Google caught a state hacker crew uploading badness to the Play Store

white printing paper with numbers

Data leaks and breaches

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Today I want to take a look at data leaks and breaches as the last week has had quite a few of those. Unicef Norway had a database exposed to the internet (Paywall) without any form of authentication. Most of the data here was public data about people, but certain sensitive information such as address and phone numbers for people living in hiding, prominent people in the public and young children could be found. Singapore Accountancy Commission (SAC) had a folder containing 6,541 accountants data in sent to multiple parties in a security mishap, that was not discovered until months later.
T-mobile in the United states also suffered a data-breach towards some of its prepaid customers. According to T-mobile no sensitive data was stolen, but they still urged affected customers to change their PIN number and account passwords.

 

Top 5 Security News

Thousands of hacked Disney+ accounts are already for sale on hacking forums

Google Discloses Android Camera Hijack Hack

Twitter will finally let users disable SMS as default 2FA method

French hospital contracts 6,000 PC-locking ransomware infection

AccorHotels subsidiary Gekko Group exposes hotels and travelers data in massive data leak

Security Software & Tools Tips – November 2019

In this monthly post, we try to make you aware of five different security-related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* Kismet
* MAGNET RAM Capture
* RedLock
* SQLMap
* Wazuh

Kismet

Information from the block-doh website:

Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework.

Website:

https://kismetwireless.org/

MAGNET RAM Capture

Information from the MAGNET RAM Capture website:

MAGNET RAM Capture is a free imaging tool designed to capture the physical memory of a suspect’s computer, allowing investigators to recover and analyze valuable artifacts that are often only found in memory.

Website:

https://www.magnetforensics.com/resources/magnet-ram-capture/

RedLock

Information from the RedLock website:

RedLock Enables Cloud Threat Defense: Threat defense in the cloud requires a new AI-driven approach that correlates disparate security data sets including network traffic, user activities, risky configurations and threat intelligence, to provide a unified view of risks across fragmented cloud environments.

Website:

https://redlock.io/

SQLMap

Information from the SQLMap website:

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.

Website:

https://github.com/sqlmapproject/sqlmap

Wazuh

Information from the Wazuh website:

Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

Website:

https://wazuh.com/

Image by StockSnap from Pixabay

Visa Warns of New JavaScript Skimmer ‘Pipka’

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

A new JavaScript skimmer targets data entered into the payment forms of ecommerce merchant websites, Visa Payment Fraud Disruption (PFD) warns.

Visa notes in a security alert (PDF).

“In September 2019, Visa Payment Fraud Disruption’s (PFD) eCommerce Threat Disruption (eTD) program identified a new JavaScript skimmer that targets payment data entered into payment forms of eCommerce merchant websites. PFD is naming the skimmer Pipka, due to the skimmer’s configured exfiltration point at the time of analysis (as shown below in the Pipka C2s).” reads the advisory published by VISA. “Pipka was identified on a North American merchant website that was previously infected with the JavaScript skimmer Inter, and PFD has since identified at least sixteen additional merchant websites compromised with Pipka.”

read more

 

Top 5 Security News

Website, Know Thyself: What Code Are You Serving?

GitHub gathers friends for a security code cleanse to scrub that software up to spec

New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks

AI wordsmith too dangerous to be released… has been released

Flaws in Qualcomm chips allows stealing private from devices

Using two laptops

Insider threats

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

This week we have seen multiple cases of one of the harder issues in security, the insider threat.
Two former employees of twitter have been charged with spying on Twitter users for Saudi Arabia, together with a third man with ties to the Saudi royal family. According to court documents they were working together, using twitters internal systems to unmask  critics of the Kingdom and other users of Twitter.
Trend Micro also suffered from an insider attack where an employee accessed and sold customer data to a malevolent third party. Trend started getting suspicious after customers started getting calls from scammers claiming to be from Trend Micro support. The employee was fired after a three month investigation by Trend micro, and is now investigated by law enforcement.  You can read more about both cases here.

The Cybersecurity Insiders 2020 Insider Threat Report came out, and found that more than half of the organizations that participated believes that insider threats are harder to follow up in cloud environments. Meaning that the trend of offloading to the cloud could increase risk on unexpected levels.

Insider threats are one of the more complex issues in security with different challenges depending on a lot of factors, and organizations need to focus on what the challenges are for their specific organization, and find preventive measures that works in their environment.

Top 5 Security News

BlueKeep Attacks Have Arrived, Are Initially Underwhelming
Cybersecurity Skills Shortage Tops Four Million
Bug Hunters Hack Samsung Galaxy S10, Xiaomi Mi9 at Pwn2Own
Wizard Spider Upgrades Ryuk Ransomware to Reach Deep into LANs
Facebook reveals another privacy breach, this time involving developers

Happy Birthday, CVE!

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

It was October 1999. Macs had just got embedded Wi-Fi, Napster had launched, and Yahoo had purchased Geocities for $3.6bn. Something else happened that escaped most computer users at the time: CVE posted its first bug. The Common Vulnerabilities and Exposures (CVE) system is 20 years old this week.

Created by the non-profit Mitre Corporation, which oversees several federal government programs, CVE provides common identifiers for cybersecurity bugs, making them easier to track and fix.

Read more

Top 5 Security News

New Chrome 0-day Bug Under Active Attacks – Update Your Browser Now!

DNS over HTTPS Will Give You Back Privacy that Big ISPs Fought to Take Away

32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant

Breaches at NetworkSolutions, Register.com, and Web.com

Fake Voicemail/Office 365 Attack Targets Enterprise Execs

Security Software & Tools Tips – October 2019

In this monthly post, we try to make you aware of five different security-related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* block-doh
* DisableWinTracking
* P0f
* GitGuardian
* Sandboxie

block-doh

Information from the block-doh website:

DoH provides “privacy” at the expense of security. The prominent providers do NOT filter malicious websites, domains, and IP addresses. This has the effect of creating a mechanism by which hackers bypass security policy and this has been observed in the wild. Organizations that use DNS to protect their constituents are directly harmed by DoH.

Website:

https://github.com/bambenek/block-doh

DisableWinTracking

Information from the DisableWinTracking website:

A tool that uses some of the known methods of disabling tracking in Windows 10.

Website:

https://github.com/10se1ucgo/DisableWinTracking

P0f

Information from the P0f website:

P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way.

Website:

http://lcamtuf.coredump.cx/p0f3/

GitGuardian

Information from the GitGuardian website:

GitGuardian is a cybersecurity bot. It prevents public exposure of your secrets from your Github repo. It is also the first platform scanning all GitHub public activity in real time for API secret tokens, database credentials or vault keys.

Website:

https://www.gitguardian.com/

Sandboxie

Information from the Sandboxie website:

Sandboxie uses isolation technology to separate programs from your underlying operating system preventing unwanted changes from happening to your personal data, programs and applications that rest safely on your hard drive.

Website:

https://www.sandboxie.com/

Image by 200 Degrees from Pixabay

Do you know about all equipment connected in you operation, really?

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Pen Test Partners has a great blog-post about one of their recent adventures.

This is a little bit out of the normal scenario for many, but this is regarding a finding they did on a ship. This is a good reminder to all to cover critical control number 1, inventory and control of hardware assets. It is not so easy to track this down on the spot when you got unlabeled shielded cables and deck penetration to deal with, no known paperwork or invoices related to the thing they found. They have a nice write up of what they did, what considerations they had to make.

Spoiler: In the end they figure out it is an outdated Windows machine, complete with TeamViewer installed, originating from a contract that had been expired for several years. And this machine had direct connection to the main engine of the ship.

Top 5 Security News
Sudo vulnerability discovered in Linux (CVE-2019-14287)
Cozy Bear Russian Hackers Spotted After Staying Undetected for Years
Researchers at Adaptive Mobile security release report concerning SimJacker attacks
What Your Personal Information is Worth to Cybercriminals
Help! I bought a domain and ended up with a stranger’s PayPal! And I can’t give it back

 

Photo by Vidar Nordli-Mathisen on Unsplash

Never Trust a Platform to Put Privacy Ahead of Profit

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“If you wanted to secure the phone numbers you’d just put them in a database table called ‘2FA numbers don’t sell to marketers,'” says Matthew Green, a cryptographer at Johns Hopkins University. “This stuff is like a bank leaving customers’ money lying around and then spending it on snacks. Obviously that could happen. We just try to prevent it from happening because, you know, ethics.”

Read more in the Wired article

Top 5 Security News

Almost 50% of Company Network Traffic Comes From Bots, Report Says

New Microsoft NTLM Flaws May Allow Full Domain Compromise

Breaches are now commonplace, but Reason Cybersecurity lets users guard their privacy

Father of Unix Ken Thompson checkmated as his old password has finally been cracked

Copy-and-paste sharing on Stack Overflow spreads insecure code