News Summary About Latest Cybersecurity Stories, Feb 22nd

0 Likes
5 months ago

Microsoft Internal Solorigate Investigation – Final Update

https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/

---

Attack on RIPE NCC Access: Please Enable Two-Factor Authentication

https://www.ripe.net/publications/news/announcements/attack-on-ripe-ncc-access 

COEST_0-1613990202181.png

 

Attack on RIPE NCC Access: Please Enable Two-Factor Authentication — RIPE Network Coordination Centre

Last weekend, RIPE NCC Access, our single sign-on (SSO) service was affected by what appears to be a deliberate ‘credential-stuffing’ attack, which caused some downtime. We mitigated the attack, and we are now taking steps to ensure that our services are better protected against such threats in the future.

www.ripe.net

 

---

Press Briefing by Press Secretary Jen Psaki and Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger, February 17, 2021

https://www.whitehouse.gov/briefing-room/press-briefings/2021/02/17/press-briefing-by-press-secretary-jen-psaki-and-deputy-national-security-advisor-for-cyber-and-emerging-technology-anne-neuberger-february-17-2021/ 

COEST_1-1613990202270.png

 

Press Briefing by Press Secretary Jen Psaki and Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger, February 17, 2021 | The White House

1:11 P.M. EST MS. PSAKI: Hi, everyone. Well, we have another special guest with us here today. Joining us today is Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging ...

www.whitehouse.gov

 

---

[PDF] SANDWORM intrusion set campaign targeting Centreon systems

https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf 

SANDWORMINTRUSIONSET CAMPAIGNTARGETING CENTREONSYSTEMS

www.cert.ssi.gouv.fr

 

---

Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning

https://securityaffairs.co/wordpress/114767/malware/apple-m1-chip-malware.html 

COEST_2-1613990202276.png

 

Experts spotted the first malware tailored for Apple M1 Chip--Security Affairs

The popular security researcher Patrick Wardle discovered one of the first malware designed to target latest generation of Apple devices using the company M1 chip. The discovery suggests threat actors are tailoring […]

securityaffairs.co

 

---

Hackers steal credit card data abusing Google’s Apps Script

https://securityaffairs.co/wordpress/114750/cyber-crime/googles-apps-script-magecart.html 

COEST_3-1613990202277.png

 

Hackers steal credit card data abusing Google's Apps Script--Security Affairs

Sansec researchers reported that threat actors are abusing Google’s Apps Script business application development platform to steal credit card data provided by customers of e-commerce ...

securityaffairs.co

 

---

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

https://securityaffairs.co/wordpress/114720/malware/watchdog-botnet.html 

COEST_4-1613990202286.png

 

WatchDog botnet targets Windows and Linux servers--Security Affairs

WatchDog is one of the largest and longest-lasting Monero cryptojacking operations uncovered by security experts, its name comes from the name of a Linux daemon called watchdogd.

 

The WatchDog botnet has been active at least since Jan. 27, 2019 and already mined at least 209 Monero (XMR), valued to be around $32,056 USD.

securityaffairs.co

 

---

ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams

https://securityaffairs.co/wordpress/114689/cyber-crime/scamclub-malvertising-webkit-zero-day.html 

COEST_5-1613990202288.png

 

ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams--Security Affairs

The Malvertising gang ScamClub has abused an unpatched zero-day vulnerability in WebKit-based browsers to bypass security measures and redirect users from legitimate sites to websites hosting online gift card scams. The malvertising ...

securityaffairs.co

 

---

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

https://securityaffairs.co/wordpress/114667/malware/javali-trojan.html 

COEST_6-1613990202291.png

 

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware--Security Affairs

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware.

 

In the last few years, many banking trojans developed by Latin American criminals have increased in volume and sophistication. Although exists a strong adoption of technologies with the goal of protecting the final user such as plugins, tokens, e-tokens, two-factor-authentication mechanisms, CHIP ...

securityaffairs.co

 

---

Telegram flaw could have allowed access to users secret chats

https://securityaffairs.co/wordpress/114653/hacking/telegram-flaw-access-secret-chats.html 

COEST_7-1613990202293.jpeg

 

Telegram flaw could have allowed access to users secret chats--Security Affairs

The experts discovered that sending a sticker to a Telegram user could have exposed his secret chats, photos, and videos to remote attackers.

 

In 2019, Telegram had introduced in animated stickers, this was the starting point for the investigation of the experts.The “rlottie” folder caught their attention, it was the folder used for the Samsung native library for playing Lottie animations ...

securityaffairs.co

 

---

Hackers abusing the Ngrok platform phishing attacks

https://securityaffairs.co/wordpress/114644/cyber-crime/ngrok-phishing-attacks.html 

COEST_8-1613990202296.png

 

Hackers abusing the Ngrok platform phishing attacks--Security Affairs

Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost. ngrok is a cross-platform application used to […]

securityaffairs.co

 

---

A new Bluetooth overlay skimmer block chip-based transactions

https://securityaffairs.co/wordpress/114625/cyber-crime/bluetooth-overlay-skimmer.html 

COEST_9-1613990202305.png

 

A new Bluetooth overlay skimmer block chip-based transactions--Security Affairs

The payment card skimmer included a PIN pad overlay and was able to physically block chip-based transactions.

 

The PIN pad overlay was designed to capture, store and transmit via Bluetooth payment card data stolen on the stripe along with the PIN provided by the clients on the terminal.

securityaffairs.co

 

---

The kingpin behind Joker’s Stash retires with a billionaire exit

https://securityaffairs.co/wordpress/114580/cyber-crime/jokers-stash-retires.html 

The kingpin behind Joker's Stash retires with a billionaire exit--Security Affairs

The administrators of the most popular carding marketplace on the dark web Joker’s Stash announced his retirement.

 

Cybercriminal behind the most prominent carding marketplace on the dark web Joker’s Stash retires, he will shut down its servers and destroy the backups. According to Forbes, the man has amassed a billion dollars worth of Bitcoin with […]

securityaffairs.co

 

---

PayPal addresses reflected XSS bug in user wallet currency converter

https://securityaffairs.co/wordpress/114570/hacking/paypal-reflected-xss-wallet.html 

PayPal addresses reflected XSS bug in user wallet currency converter - Security Affairs--Security Affairs

PayPal has addressed a reflected cross-site scripting (XSS) vulnerability that affected the currency converter feature of user wallets.

 

PayPal has fixed a reflected cross-site scripting (XSS) vulnerability that was discovered in the currency converter feature of user wallets on February 19, 2020, close one year ago. The ‘reflected XSS and CSP bypass’ vulnerability was reported […]

securityaffairs.co

 

---

ApoMacroSploit : Apocalyptical FUD race

https://research.checkpoint.com/2021/apomacrosploit-apocalyptical-fud-race/ 

ApoMacroSploit : Apocalyptical FUD race - Check Point Research

ApoMacroSploit : Apocalyptical FUD race February 16, 2021 1.1 Introduction. At the end of November, Check Point Research detected a new Office malware builder called APOMacroSploit, which was implicated in multiple malicious emails to more than 80 customers worldwide.

research.checkpoint.com

 

---

GPGME used confusion, it's super effective !

https://www.synacktiv.com/publications/gpgme-used-confusion-its-super-effective.html 

GPGme used confusion, it's super effective ! | Synacktiv

Here's the interesting part : the PGP verification bypass issue is "the fault of no one". This is explained way more thoroughly in the original advisory but here's the gist of the story : the gpgme_op_verify_result function behave in a unexpected way when checking detached pgp signatures. In this setup, the function can return a non-NULL gpgme_verify_result_t pointer, but containing a list of ...

www.synacktiv.com

 

---

Brave privacy bug exposes Tor onion URLs to your DNS provider

https://www.bleepingcomputer.com/news/security/brave-privacy-bug-exposes-tor-onion-urls-to-your-dns-provider/ 

Brave privacy bug exposes Tor onion URLs to your DNS provider

www.bleepingcomputer.com

 

---

FBI: Telephony denial-of-service attacks can lead to loss of lives

https://www.bleepingcomputer.com/news/security/fbi-telephony-denial-of-service-attacks-can-lead-to-loss-of-lives/ 

FBI: Telephony denial-of-service attacks can lead to loss of lives

The Federal Bureau of Investigation (FBI) has warned of the harsh consequences of telephony denial-of-service (TDoS) attacks and has also provided the steps needed to mitigate their impact.

www.bleepingcomputer.com

 

---

Kia Motors America suffers ransomware attack, $20 million ransom

https://www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/ 

Kia Motors America suffers ransomware attack, $20 million ransom

Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data.

www.bleepingcomputer.com

 

---

Dutch Police post "say no to cybercrime" warnings on hacker forums

https://www.bleepingcomputer.com/news/security/dutch-police-post-say-no-to-cybercrime-warnings-on-hacker-forums/ 

Dutch Police post "say no to cybercrime" warnings on hacker forums

www.bleepingcomputer.com

 

---

CrowdStrike Buys Log Management Startup Humio for $400M

https://www.darkreading.com/endpoint/crowdstrike-buys-log-management-startup-humio-for-$400m/d/d-id/1340200 

CrowdStrike Buys Log Management Startup Humio for $400M

Humio was founded in 2016 and has developed a logging and aggregation platform that can be used to collect, report, and analyze data from different sources.

www.darkreading.com

 

---

French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine

https://securityaffairs.co/wordpress/114590/cyber-crime/egregor-ransomware-arrests.html 

French and Ukrainian police arrested Egregor affiliates in Ukraine--Security Affairs

An international operation conducted in Ukraine and France lead to the arrest of criminals believed to be affiliated with the Egregor RaaS.

 

Some affiliated with the Egregor RaaS, not the main ransomware gang, have been arrested as a result of a joint operation conducted by law enforcement in Ukraine and France. Authorities did not reveal […]

securityaffairs.co

 

---

Telemarket Fraudster Sentenced to Two Years in Prison

https://www.justice.gov/usao-ri/pr/telemarket-fraudster-sentenced-two-years-prison 

Telemarket Fraudster Sentenced to Two Years in Prison | USAO-RI | Department of Justice

PROVIDENCE – A key participant in a telemarketing fraud scheme that preyed on the trust of individuals has been sentenced to 24 months in federal prison.

www.justice.gov

 

---

The OpenSSL Project addressed three vulnerabilities

https://securityaffairs.co/wordpress/114712/security/openssl-flaws.html

The OpenSSL Project addressed three vulnerabilities--Security Affairs

The OpenSSL Project released security patches to address three vulnerabilities, two denial-of-service (DoS) flaws, and an incorrect SSLv2 rollback protection issue. The fist vulnerability, tracked as CVE-2021-23841, is a NULL pointer dereference issue ...

securityaffairs.co

 

 

Labels:

Industry News
Comment List
Anonymous
Related Discussions
Recommended