Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Google Chrome update ...

 Business

Google Chrome urgently requires an update to patch a severe vulnerability. You may be tired of updating Chrome (the latest urgent update was just last month), but it’s that time again, and with good reason: Cybercriminals have already exploited this vulnerability. What is CVE-2021-21193? On March 12, Google   show more ...

released stable build 89.0.4389.90 for Chrome, patching five vulnerabilities, three with a high severity rating. One of them, CVE-2021-21193, deserves special attention. It is a vulnerability in Google Chrome’s browser engine Blink — the main component responsible for converting HTML code into the well-designed Web pages you’re used to browsing. It is a use-after-free vulnerability, which means Blink had trouble clearing memory. The typical consequences of attacks on use-after-free vulnerabilities are data corruption and arbitrary code execution, though no information is available about what actually happens in this particular case. Google usually shares more details after most users have updated their browsers. An anonymous security researcher reported CVE-2021-211193 on March 9, and Google rushed out a fix in just three days. That rush might be attributable to the vulnerability’s real-world exploitation; crooks have already used the vulnerability, and that is reason enough for everybody to patch Google Chrome ASAP. How to patch Google Chrome Google started rolling out the update on March 12, but it may be several days before the update button appears in the upper right corner of your browser. To speed things up, you can apply the update manually. In Chrome, simply click on the menu (three-dot) button and select Settings —> About Chrome. If your version of the browser is 89.0.4389.90 or newer, you’re already using a patched version. If your version is older, then the browser will prompt you to let the browser update itself, requiring a relaunch. In that case, when it reopens, Chrome will automatically restore any tabs (except for Incognito tabs) you had open.

image for WeLeakInfo Leaked Cu ...

 Breadcrumbs

A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com, a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone   show more ...

plunder and publish account data on 24,000 customers who paid to access the service with a credit card. For several years, WeLeakInfo was the largest of several services selling access to hacked passwords. Prosecutors said it had indexed, searchable information from more than 10,000 data breaches containing over 12 billion indexed records — including names, email addresses, usernames, phone numbers, and passwords for online accounts. For a small fee, you could enter an email address and see every password ever associated with that address in a previous breach. Or the reverse — show me all the email accounts that ever used a specific password (see screenshot above). It was a fantastic tool for launching targeted attacks against people, and that’s exactly how the service was viewed by many of its customers. Now, nearly 24,000 WeLeakInfo’s customers are finding that the personal and payment data they shared with WeLeakInfo over its five-year-run has been leaked online. WeLeakInfo’s service fees. In a post on the database leaking forum Raidforums, a regular contributor using the handle “pompompurin” said he stole the WeLeakInfo payment logs and other data after noticing the domain wli[.]design was no longer listed as registered. “Long story short: FBI let one of weleakinfo’s domains expire that they used for the emails/payments,” pompompurin wrote. “I registered that domain, & was able to [password] reset the stripe.com account & get all the Data. [It’s] only from people that used stripe.com to checkout. If you used paypal or [bitcoin] ur all good.” Cyber threat intelligence firm Flashpoint obtained a copy of the data leaked by pompompurin, and said it includes partial credit card data, email addresses, full names, IP addresses, browser user agent string data, physical addresses, phone numbers, and amount paid. One forum member commented that they found their own payment data in the logs. How WeLeakInfo stacked up against its competitors (according to WLI). According to DomainTools [an advertiser on this site] Wli[.]design was registered on Aug. 24, 2016 with the domain registrar Dynadot. On March 12, the domain was moved to another registrar — Namecheap. Pompompurin released several screenshots of himself logged in to the WeLeakInfo account at stripe.com, an online payment processor. Under “management and ownership” was listed a Gerald Murphy from Fintona, U.K. Shortly after WeLeakInfo’s domain was seized by authorities in Jan. 2020, the U.K.’s National Crime Agency (NCA) arrested two individuals in connection with the service, including a 22-year-old from Fintona. PLENTY OF TIME FOR OPSEC MISTAKES It’s been a tough few months for denizens of various hacking forums, which are finding themselves on the defensive end of a great many attacks testing the security of their aliases and operational security lately. Over the past few weeks three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions (against the Russian hacking forums “Mazafaka” and “Verified”) — the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords. “Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums,” a recent story here explained. An exposure of 15 years worth of user data from a forum like Mazafaka is a big risk for registrants because investigators often can use common registration details to connect specific individuals who might have used multiple hacker handles over the years. Many of the domains from the email addresses listed in the Maza dump date to the early 2000s, back when budding cybercriminals typically took fewer precautions to obfuscate or separate the myriad connections to their real-life identities online. The biggest potential gold mine for de-anonymizing Maza members is the leak of user numbers for ICQ, an instant messaging service formerly owned by AOL that was widely used by cybercrime forum members up until around 2010. That’s about when AOL sold the platform in 2010 to Russian investor DST for $187.5 million. Back then, people often associated their ICQ numbers to different interests, pursuits and commerce tied to their real life identities. In many cases, these associations are on public, Russian language forums, such as discussion sites on topics like cars, music or programming. In a common inadvertent exposure, a cybercriminal happens to make an innocuous post 15 years ago to a now-defunct Russian-language automobile forum. That post, preserved in perpetuity by sites like archive.org, includes an ICQ number and says there’s a guy named Sergey in Vladivostok who’s selling his car. And the profile link on the auto forum leads to another now-defunct but still-archived personal site for Sergey. Interestingly, services like WeLeakInfo can just as easily be used against cybercriminals as by them. For example, it’s likely that the database for the automobile forum where Sergey posted got compromised at some point and is for sale on sites like WeLeakInfo (there are active competitors). Ditto for any other forum where Sergey used the same email address or password. When researchers start finding password re-use across multiple email addresses that all follow a pattern, it becomes much easier to tie Sergey from Vladivostok to his cybercriminal and real-life identities.

 Expert Blogs and Opinion

More than ever, software flaws are being seized on by sophisticated hackers who take these bugs - and use them to create attacks that compromise the computer systems of thousands of organizations.

 Expert Blogs and Opinion

The most common form of password reuse is the use of the same password and email/account name for multiple sites and services. If one account is hacked, you must assume all are hacked.

 Trends, Reports, Analysis

The indictments were presented Friday against Jean-Francois Eap, the head of Sky Global, and Thomas Herdman, a former high-level distributor of Sky Global devices, the department said Friday.

 Breaches and Incidents

The hardest-hit sectors in India are finance and banking institutions (28%), governmentmilitary organizations (16%), manufacturing (12.5%), insurancelegal (9.5%), and others (34%), according to CPR.

 Threat Actors

The victimology of this Chinese hacker group coincides with that of APT41, also known as Barium. Moreover, RedEcho boasts of a robust infrastructure.

 Feed

Ubuntu Security Notice 4764-1 - It was discovered that GLib incorrectly handled certain symlinks when replacing files. If a user or automated system were tricked into extracting a specially crafted file with File Roller, a remote attacker could possibly create files outside of the intended directory.

 Feed

Red Hat Security Advisory 2021-0831-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and resource exhaustion vulnerabilities.

 Feed

Red Hat Security Advisory 2021-0830-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and resource exhaustion vulnerabilities.

 Feed

Red Hat Security Advisory 2021-0827-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and resource exhaustion vulnerabilities.

 Feed

This Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request in SonLogger. It has been tested on version less than 6.4.1 in Windows 10 Enterprise.

 Feed

All editions of Windows Server 2012 (but not 2012 R2) are vulnerable to DLL hijacking due to the way TiWorker.exe will try to call the non-existent SrClient.dll file when Windows Update checks for updates. This issue can be leveraged for privilege escalation if %PATH% includes directories that are writable by   show more ...

low-privileged users. The attack can be triggered by any low-privileged user and does not require a system reboot. This module has been successfully tested on Windows Server 2012 (x64).

 Feed

Red Hat Security Advisory 2021-0835-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and memory leak vulnerabilities.

 Feed

Red Hat Security Advisory 2021-0837-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and memory leak vulnerabilities.

 Feed

Red Hat Security Advisory 2021-0834-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and memory leak vulnerabilities.

 Feed

Red Hat Security Advisory 2021-0819-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Issues addressed include a cross site scripting vulnerability.

 Feed

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

 Feed

A buffer overflow was identified in the VoIPmonitor live sniffer feature. The description variable in the function save_packet_sql is defined as a fixed length array of 1024 characters. The description is set to the value of a SIP request or response line. By setting a long request or response line VoIPmonitor will trigger a buffer overflow.

 Feed

Distributed Denial of Service (DDoS) attack is a malicious form of attack that disrupts the regular network traffic by overwhelming the website with more traffic than the server can handle. The main aim of this kind of cyberattack is to render the website inoperable. Over recent years, these kinds of attacks are increasing, fueling the demand for the best DDoS protection software solutions. Many

 Feed

The U.S. Department of Justice (DoJ) on Friday announced an indictment against Jean-Francois Eap, the CEO of encrypted messaging company Sky Global, and an associate for wilfully participating in a criminal enterprise to help international drug traffickers avoid law enforcement. Eap (also known as "888888") and Thomas Herdman, a former high-level distributor of Sky Global devices, have been

 Business + Partners

IPv6 has been a long time coming. Drafted by the Internet Engineering Task Force (ITEF) in 1998, it became an Internet Standard in 2017. Though the rollout of IPv6 addresses has proceeded at a glacial pace since then, adoption numbers continue to inch higher. Worldwide IPv6 adoption, according to Google’s handy   show more ...

tracker, is around 33 percent. It’s higher in the United States, at just shy of 45 percent. The graph has been trending relentlessly up and to the right since the mid-2000s. This increased adoption means more cyberattacks are originating from IPv6 addresses. That means security vendors and device manufacturers who rely on embedded threat intelligence should insist on visibility surrounding the successor to IPv4. Why we needed IPv6 Since the late 1980s, the internet’s architects realized they were cruising toward a problem. IP addresses, those numbers assigned to every internet-connected device, or node, were designed to contain 32 bits. That made for just under 4.3 billion possible number combinations under the IPv4 system. It was apparent even thirty years ago that these possibilities would be exhausted. That day came in February 2011, met with a dramatic announcement by the Internet Corporation for Assigned Names and Numbers. Its opening line reads, “A critical point in the history of the Internet was reached today with the allocation of the last remaining IPv4 (Internet Protocol version 4) addresses.” It seemed like the end of an era. But it wasn’t really one at all. IP addresses are frequently recycled, reallocated and many millions were never used at all. There’s even a famous story about Stanford University giving back a block of millions of unused IPv4 addresses. That helps explain why we’ve gotten so far from the adoption of IPv6 as an Internet Standard to majority adoption. On the other hand, IPv6 is based on 128-bit encryption. This allows for a whopping 3.4 x 1038 permutations, or roughly 340 trillion trillion trillion. So, while the day may come when we need to revisit the IP system, that day is unlikely to be soon and it almost certainly won’t be because we’ve run out of assignable options. By the way…whatever happened IPv5? Didn’t we skip a number? Well, it did exist, but was never officially adopted because it used the same 32-bit architecture as its predecessor. Begun as an experimental method for transferring streaming voice and video data, IPv5 lives on through its successor, voice over IP (VoIP). What continued IPv6 adoption means for internet security Hackers tend to set their sites on new targets only when they become worthy of their attention. The same goes for IPv6. As the rest of the internet pursues its perfectly logical reasons for making the migration, increasing numbers of cybercriminals are looking to exploit it. As IPv6 adoption becomes more prevalent, threat actors are increasingly using its addresses as an attack vector. If threat intelligence feeds haven’t prepared to analyze IPv6 addresses, they’re faced with big black holes in their data sets. As we’ve seen in recent attacks, the ability to monitor anomalous web traffic is key to detecting a breach. So, in addition to having visibility into the threat status of an IP, it’s also critical to have location data and be able to cross-reference its activities with known malicious ones. Device manufacturers, too, should look to account for accelerated IPv6 adoption when it comes to securing their products. This is especially true for IoT devices. Not typically armed with the highest security measures to start with, they now face the additional threat of an intelligence blind spot if the manufacturer makes no effort to analyze IPv6 addresses. As internet-connected nodes in the form of IoT devices continue to proliferate, millions of new IPs will be needed. IPv6 will thankfully be more than up to the task of accommodating them, but manufacturers should make sure their devices are designed with the capabilities to analyze them. IPv6 may have been a long time coming, but it’s too late in the game to ignore. When it’s time to choose a threat intelligence partner, choose one that’s prepared. To learn more about the Webroot BrightCloud IP Reputation Service, click here. The post It’s Too Late for Threat Intelligence Vendors to Ignore IPv6 appeared first on Webroot Blog.

2021-03
Aggregator history
Monday, March 15
MON
TUE
WED
THU
FRI
SAT
SUN
MarchAprilMay