Welcome to episode 247 of the Transatlantic Cable, where we talk about all the recent info-sec related news you might have missed this week. To kick off, the team look at a story around NFTs – in recent weeks, the overall trading volume of non-fungible tokens has dropped dramatically, but that didnt faze the owner show more ...
GitHub says it has identified and alerted developers who have had their private repositories accessed and downloaded via stolen authentication tokens from Heroku and Travis CI.
The recently targeted firms include Tendertech, GUOV i GS – General Dept. of Troops and Civil Construction, Synesis Surveillance System, Neocom Geoservice, Gazregion, Metrospetstekhnika, and JSC Bank PSCB.
“We are seeing Russian state actors scanning, probing, looking for opportunities, looking for weaknesses in our systems on critical infrastructure, on businesses,” explained Deputy Attorney General Lisa Monaco.
Thousands of passengers of Canadian low-cost airline, Sunwing Airlines Inc, face a fourth day of flight delays after a third-party system the airline uses was hacked, according to the CEO.
A full 89 percent of organizations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs, according to a survey commissioned by Cyren and conducted by Osterman Research.
This malicious cyber activity may occur as a response to the unprecedented economic costs imposed on Russia as well as material support provided by the United States, its allies, and partners.
Alliance Ophthalmology, Dallas Retina Center, and Texas Eye and Cataract are suing ECL Group over these issues brought on by a series of ransomware attacks and other security issues, beginning in March 2021.
The HHS claimed that Hive ransomware is the fourth most active ransomware group in the cybercrime landscape. It conducts double extortion against organizations and leaks the stolen data on the dark web.
The CISA announced that it’s seeking public comment on a couple of guidance documents created as part of a project called Secure Cloud Business Applications (SCuBA), to help improve visibility, standards, and security practices for government cloud.
A Hive ransomware affiliate has been targeting Microsoft Exchange servers vulnerable to ProxyShell security issues to deploy various backdoors, including Cobalt Strike beacon.
The multibillion-dollar data brokerage industry is virtually unregulated and poses a grave national security threat by advertising and selling information it has culled on military personnel, cybersecurity experts and a U.S. senator say.
The Federal Bureau of Investigation (FBI) says the Black Cat ransomware gang, also known as ALPHV, has breached the networks of at least 60 organizations worldwide between November 2021 and March 2022.
VMware released a report which takes the pulse of the financial industry’s top CISOs and security leaders on the changing behavior of cybercriminal cartels and the defensive shift of the financial sector.
In an alert, the FBI, CISA, and the Treasury Department revealed that the group is sending a large number of spear-phishing messages to employees working in blockchain technology and cryptocurrency firms. These emails often mimic a recruitment effort and offer high-paying jobs to entice the recipients into downloading malware-laced cryptocurrency applications which are referred to as TraderTraitor.
According to Israeli cybersecurity company Check Point, the issues could be used as a launchpad to carry out remote code execution (RCE) attacks simply by sending a specially crafted audio file.
According to a Gigamon survey, the majority of respondents believe there is room for improvement in visibility to assure the security, compliance, and performance of their hybrid and multi-cloud workloads.
According to Mandiant's M-Trends 2022 report, the global median dwell time dropped down to 21 days in 2021 from 24 days in 2020. One reason why the attack life cycle of FIN12 has been shortened is that the gang does not focus on stealing confidential data before triggering the ransomware attack.
"This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA," Cisco explained.
The use of cyber as an offensive weapon within a geopolitical conflict could be considered a military strategy as it allows disruption while maintaining deniability, or at least not causing immediate escalation.
REvil ransomware’s servers in the TOR network are back up after months of inactivity and redirect to a new operation that appears to have started since at least mid-December last year.
In a September 2021 report from the Cloud Security Alliance (CSA), nearly 70% of respondents reported that their company’s cloud security, IT operations, and developer teams are misaligned on security policies and/or enforcement strategies.
The first of the bugs fixed with the latest iterations of the open-source CMS is an access bypass issue that exists because of an improperly implemented generic entity access API for entity revisions.
Cybercriminals purposely choose specific times when all of us are busy with taxes, and preparing for holidays (e.g., Easter), that’s why you need to be especially careful during these times.
Ukraine is now issuing physical security keys to as many government agencies as possible, said Oleksandr Potii, deputy chief of the State Service of Special Communication and Information Protection.
REvil ransomware’s servers in the Tor network are active again after months of inactivity. At present, these servers are redirecting users to a new operation that is believed to have started in mid-December 2021.
Ginzo stealer is obfuscated with ConfuserEx, resulting in error messages when trying to decompile the code. That is because the type initializer .cctor decrypts the actual code on the fly. It also initializes data required for string decryption.
Australia's financial intelligence and regulatory body Austrac has released two financial crime guides to help businesses detect and prevent criminal abuse of digital currencies and ransomware.
Tracked as CVE-2022-29360, the flaw relates to a stored cross-site-scripting (XSS) vulnerability impacting the latest version of RainLoop (v1.16.0) that was released on May 7, 2021.
According to a new Forrester survey, 63% of organizations were breached in the past year, 4% more than the year before. In the past 12 months, organizations faced an average of three breaches.
Tracked as CVE-2022-20783 (CVSS score of 7.5), the NSA-reported flaw is a denial of service (DoS) issue in TelePresence Collaboration Endpoint (CE) and RoomOS software, which could be exploited remotely, without authentication.
This Metasploit module exploits the "custom script" feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module, a "custom script" is arbitrary operating system command execution. This module uses an attacker provided show more ...
This Metasploit module exploits a vulnerability in the Linux Kernel's watch_queue event notification system. It relies on a heap out-of-bounds write in kernel memory. The exploit may fail on the first attempt so multiple attempts may be needed. Note that the exploit can potentially cause a denial of service if multiple failed attempts occur, however this is unlikely.
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
The USR IOT industrial router is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device. Affected versions include 1.0.36 and 1.2.7.
Red Hat Security Advisory 2022-1476-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private show more ...
Red Hat Security Advisory 2022-1363-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.29.
Ubuntu Security Notice 5385-1 - Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device driver in the Linux kernel did not properly validate meta-data coming from the device. A local attacker who can control an emulated device can use this to cause a denial of service or possibly execute arbitrary show more ...
Ubuntu Security Notice 5384-1 - It was discovered that the UDF file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious UDF image that, when mounted and operated on, could cause a denial of service. Lyu Tao show more ...
Ubuntu Security Notice 5383-1 - David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB show more ...
Ubuntu Security Notice 5381-1 - David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the block layer subsystem in the Linux show more ...
Ubuntu Security Notice 5382-1 - Albin Eldstål-Ahrens and Lukas Lamster discovered libinput did not properly handle input devices with specially crafted names. A local attacker with physical access could use this to cause libinput to crash or expose sensitive information.
Red Hat Security Advisory 2022-1389-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 11 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 and includes bug fixes and enhancements. show more ...
Red Hat Security Advisory 2022-1443-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2022-1390-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution show more ...
Red Hat Security Advisory 2022-1478-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
Red Hat Security Advisory 2022-1455-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds write and privilege escalation vulnerabilities.
Red Hat Security Advisory 2022-1444-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2022-1441-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2022-1469-01 - Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.5.2 serves as a replacement for Red Hat show more ...
Red Hat Security Advisory 2022-1463-01 - Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.5.2 on RHEL 8 serves as a replacement for Red show more ...
Red Hat Security Advisory 2022-1445-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2022-1336-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-1440-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2022-1462-01 - Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.5.2 on RHEL 7 serves as a replacement for Red show more ...
Red Hat Security Advisory 2022-1442-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
The Five Eyes nations have released a joint cybersecurity advisory warning of increased malicious attacks from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. "Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks," authorities from Australia,
The "hotpatch" released by Amazon Web Services (AWS) in response to the Log4Shell vulnerabilities could be leveraged for container escape and privilege escalation, allowing an attacker to seize control of the underlying host. "Aside from containers, unprivileged processes can also exploit the patch to escalate privileges and gain root code execution," Palo Alto Networks Unit 42 researcher Yuval
An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims' inboxes. "The code vulnerability [...] can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client," SonarSource security researcher Simon Scannell said in a report published
Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices. According to Israeli cybersecurity company Check Point, the issues could be used as a launchpad to carry out remote code execution (RCE) attacks simply by
A recent Hive ransomware attack carried out by an affiliate involved the exploitation of "ProxyShell" vulnerabilities in the Microsoft Exchange Server that were disclosed last year to encrypt an unnamed customer's network. "The actor managed to achieve its malicious goals and encrypt the environment in less than 72 hours from the initial compromise," Varonis security researcher, Nadav Ovadia,
A new set of phishing attacks delivering the more_eggs malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers. "This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with fake resumes instead of
Researchers have spotted that the TOR address used by the notorious REvil ransomware gang is now redirecting to a new website, with information about seemingly new attacks. Read more in my article on the Tripwire State of Security blog.
Security researchers at Kaspersky have released a free decryption tool that promises to recover files for organisations hit by the Yanlouwang ransomware, meaning they don't have to pay the ransom.
A man loses $650,000 from his cryptocurrency wallet after his Apple iCloud account is hacked, video conferencing apps may not be muting your mic quite the way you imagined, and Google has unblurred military bases in Russia... or has it? All this and much more is discussed in the latest edition of the award-winning show more ...
