Discuss the latest breaches and security news
- 200 Topics
- 196 Replies
Krebs analysis of the Twitter hack
Fascinating detective work in this article: krebsonsecurity.com Who’s Behind Wednesday’s Epic Twitter Hack? — Krebs on Security Twitter was thrown into chaos on Wednesday after accounts for some of the world's most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or...
Malware found in Chinese tax software
Information Age Malware found in Chinese tax software Company tries to cover up tracks of GoldenSpy backdoor. found here: reddit r/technology - Malware found in Chinese tax software used by Australian... 21,602 votes and 847 comments so far on Reddit This is software that Australian companies have to use if they are doing business in China, to collect VAT. Hopefully this isn’t software you have to use @Westyy
Cyberattack leads to physical damage to Iranian uranium processing facility
U.S. – 4 Jul 20 Iran threatens retaliation after what it calls possible cyber attack on... Iran will retaliate against any country that carries out cyber attacks on its nuclear sites, the head of civilian defence said, after a fire at its Natanz plant which some Iranian officials said may have been caused by cyber sabotage. Details are scant, but Iran is claiming that a cyberattack led to the fire that damaged this uranium processing facility. It’s unclear if the fire was an intentional part of the attack or just a side effect, but still pretty scary that things like this are possible now. The fire didn’t touch any of the uranium or injure anyone, fortunately.
US Secret Service reports an increase in hacked managed service providers (MSPs)
ZDNet US Secret Service reports an increase in hacked managed service providers... US Secret Service says hackers are breaching MSPs to orchestrate ransomware attacks, point-of-sale intrusions, and business email compromise (BEC) scams. If you’re an MSP, it’s a good time to review all your security practices and maybe schedule an external pen test!
Patch Now! Two Out of Band Patches Fix RCE in Windows
blog.automox.com Patch Now! Two Out of Band Patches Fix RCE in Windows | Automox PATCH NOW: Microsoft released out-of-band Windows patches addressing two remote code execution vulnerabilities, one rated critical and one important. Both are remote code execution vulnerabilities, one rated Critical.
Patch your Palo Alto devices - CVE-2020-2021
This one’s a 10 on the CVSS scale, so update them all as soon as possible! Palo Alto Networks Product Security Assurance – 29 Jun 20 CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS ...
Watching a $1.14 million ransomware negotiation between hackers and scientists searching for COVID-19 treatments
So much for ransomware groups promising not to target organizations related to the pandemic: Graham Cluley – 29 Jun 20 Watching a $1.14 million ransomware negotiation between hackers and... An anonymous tip-off to BBC News enabled them to watch in real-time as an American medical university attempted to negotiate with the hackers who had infected its systems with ransomware.
Out of band Adobe update for 18 critical vulnerabilities
threatpost.com Adobe Patches 18 Critical Flaws in Out-Of-Band Update Critical vulnerabilities were patched in Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush and Audition. No reports of exploits in the wild, but good to fix before the hackers finish building them!
Upgrade your Cisco IOS devices - critical vulnerability
ZDNet Cisco's warning: Critical flaw in IOS routers allows 'complete system... Cisco has delivered updates to address four critical flaws affecting its industrial routers. Mishandling of authorization tokens allows malicious API calls to run arbitrary commands on an IOS device: CVE-2020-3227 Not something we can patch for you unfortunately, but you should make sure to update your Cisco devices!
Make sure to update Zoom to 5.0 by May 30th
Zoom Video Video Conferencing, Web Conferencing, Webinars, Screen Sharing Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems. Zoom Rooms is the original software-based conference... They’ve added new encryption and all meetings will required Zoom 5.0 starting tomorrow.
20 year anniversary of the ILOVEYOU virus
Do you remember where you were when you heard about it? CNN How a badly-coded computer virus caused billions in damage Wearing a striped shirt and Matrix-style dark glasses, Onel de Guzman stared at the floor as he made his way through a crowd of photographers into a hastily arranged press conference in Quezon City, a suburb of the Philippines capital Manila. Some of you younger whippersnappers will be too young to remember this one #getoffmylawn 🙂
Man in the Middle Phone scam
https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-scam/ This one is genius because the scammer is on with both the bank and the customer at the same time, each pretending to be the other. That allows them to gain the trust of both parties and siphon off information that allows them to make transactions.
Two Trend Micro zero-days exploited in the wild by hackers
ZDNet Two Trend Micro zero-days exploited in the wild by hackers | ZDNet Patches for both zero-days were released on Monday, along with fixes for three other similarly critical vulnerabilities. We don’t patch Trend Micro (yet) but I wanted to spread the word so that you can make sure to apply their patches. One of the vulnerabilities lets an attacker delete any file on a compromised system. Remember to test your restores!
Watch out for phishing attacks that make use of the coronavirus
WSJ Hackers Target Companies With Coronavirus Scams Criminals are using concerns about the coronavirus epidemic to spread infections of their own. They are forging emails mentioning the outbreak that appear to be from business partners or public institutions in an effort to get users to open the... Something to let your users know about. Given the anxiety around the virus, they might be more likely to open attachments or believe a phishing email that purports to be news from the CDC or your company about changes to WFH policies.
Let's Encrypt to revoke 3 million certificates on March 4 due to software bug
ZDNet Let's Encrypt to revoke 3 million certificates on March 4 due to software bug... Let's Encrypt issued 3,048,289 TLS certificates without checking the CAA field for the requesting domain. You should have received an email if one of your certs was affected, but you can always replace your certs just in case. They did say that some of the affected certs they didn’t have a good email contact for, so it’s possible that some of the affected people weren’t notified. Here’s their FAQ if you need more info: Let's Encrypt Community Support – 3 Mar 20 Revoking certain certificates on March 4 Due to the 2020.02.29 CAA Rechecking Bug, we unfortunately need to revoke many Let’s Encrypt TLS/SSL certificates. We’re e-mailing affected subscribers for whom we have contact information. This post and thread will collect answers to frequently... Reading time: 22 mins ? Likes: 275 ❤
Check your Wordpress plugins
Some big zero days out there for some of them, including Duplicator, Profile Builder, Themegrill Demo Importer, Themerex Addons and more: ZDNet Hackers are actively exploiting zero-days in several WordPress plugins | ZDNet There's quite the WordPress p0wnage going on right now.
Report: New Android malware can steal 2FA codes from Google Authenticator
Android Authority – 27 Feb 20 Report: New Android malware can steal 2FA codes from Google Authenticator 2FA apps are one of the best ways to secure your accounts, but a new form of malware poses a significant threat. This is a nasty one - once it gets on your system it will relay 2FA codes allowing hackers to break into your other systems.
Details of 10.6 million MGM hotel guests posted on a hacking forum
This is from the MGM breach last year. The data from that hack was posted online recently, including full names, home addresses, phone numbers, emails, and dates of birth. ZDNet Exclusive: Details of 10.6 million MGM hotel guests posted on a hacking forum... MGM Resorts said security incident took place last summer and notified impacted guests last year.
Krebs: Hackers Were Inside Citrix for Five Months
https://krebsonsecurity.com/2020/02/hackers-were-inside-citrix-for-five-months/ “Citrix said the information taken by the intruders may have included Social Security Numbers or other tax identification numbers, driver’s license numbers, passport numbers, financial account numbers, payment card numbers, and/or limited health claims information, such as health insurance participant identification number and/or claims information relating to date of service and provider name.” Pretty crazy that they were inside for that long. The FBI were the ones who had to tell Citrix they’d bee pwned.
Pay Up, Or We’ll Make Google Ban Your Ads
https://krebsonsecurity.com/2020/02/pay-up-or-well-make-google-ban-your-ads/ Google claims that they have systems to detect the fraudulent ad traffic, making the extortion threat empty. Then again Google has made their own bed by making it impossible to contact a human being who works there. It’s completely plausible that malicious actors could get your account banned and then there’s a kafkaesque process to get unbanned.
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.