News

• Vultur Bank Malware Infests Thousands Of Devices
• Cisco Researchers Spotlight Solarmarker Malware
• Security Team Finds Crimea Manifesto Buried In VBA Rat
• Inside The Bitcoin Mine With Its Own Power Plant
• Israeli Authorities Inspect NSO Offices After Damning Investigation
• Call For Hungarian Ministers To Resign In Wake Of Pegasus Revelations
• Reboot Of PunkSpider Tool At DEF CON Stirs Debate
• Feds List The Top 30 Most Exploited Vulnerabilities
• Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers
• LEAs, CISA Lobby For Breach Reporting Requirement
• Enterprise Data Breach Cost Reached Record High During Pandemic
• Biden: Major Cyber Attack Could Lead To A Real Shooting War
• Babuk Ransomware Gang Ransomed
• Microsoft Rushes Fix For PetitPotam Attack PoC
• VPN Servers Seized By Ukrainian Authorities Weren't Encrypted
• Olympics Broadcaster Announces His Password On Live TV
• Mitre Releases 2021 Top 25 Most Dangerous Software Weaknesses
• Microsoft Outlines How To Protect Against PetitPotam
• An Explosive Spyware Report Shows Limits Of iOS, Android Security
• Emmanuel Macron Pushes For Israel Inquiry Into NSO Spyware Concerns
• Researchers Find New Attack Vector Against Kubernetes Clusters
• Kaseya Has Acquired The REvil Ransomware Decryption Key
• Israel To Examine Whether Spyware Export Rules Should Be Tightened
• Critical Jira Flaw In Atlassian Could Lead To RCE
• NSO Will No Longer Talk To The Press About Damning Reports

• CIS Podcast: Cybersecurity Where You Are Ep.12 Fri, 30 Jul 2021 19:17:15 +0000
  

  Cybersecurity and Government: Less Wizardry, More Policy It can appear that cybersecurity practices are being built on the creative wizardry of technical experts rather than referential universal policy that everyone can abide by. When it comes to cybersecurity, there can be a lack of understanding by those in government of how it should work and […]

  The post CIS Podcast: Cybersecurity Where You Are Ep.12 appeared first on CIS.

Looking Glass Cyber

Malware Patrol

• Malware Patrol data offered through Bandura Cyber Threat Intelligence Marketplace
• InfoSec Articles (07/05/21 – 07/19/21)

SecList

• APT trends report Q2 2021
  This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

securingtomorrow.mcafee.com

• The New McAfee: A Bold New World of Protection Online
• Introducing MVISION Cloud Firewall – Delivering Protection Across All Ports and Protocols
• Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems?
• It’s All About You: McAfee’s New All-Consumer Focus
• What is a VPN and Can it Hide My IP Address?
• 9 Tips to Help Kids Avoid Popular App Scams
• My Journey from Intern to Principal Engineer
• How to Secure Your Smart Home: A Step-by-Step Guide
• Hybrid Workplace Vulnerabilities: 4 Ways to Promote Online Safety
• Fighting new Ransomware Techniques with McAfee’s Latest Innovations
• McAfee Partners with American Express to Provide Best-in-Class Security

Quick Heal

• Mitigating Ransomware Attacks: How to keep you and your family safe
• FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data
• WARZONE RAT – Beware Of The Trojan Malware Stealing Data Triggering From Various Office Documents
• Phishing Scam Alert: Domain Name Expiration Notices stealing data through phishing site
• RockYou2021: Massive data leak of passwords on the dark web
• Breaches and Incidents: Top 5 Cyber-attacks in Quarter 1 – 2021
• Google Play store applications laced with Joker malware yet again
• Cobalt Strike 2021 – Analysis of Malicious PowerShell Attack Framework
• LinkedIn Phishing Scam: Hackers target users with fake job offers
• Quick Heal announces SHA-1 deprecation for its products

Threat Post

• NSA Warns Public Networks are Hacker Hotbeds
• Novel Meteor Wiper Used in Attack that Crippled Iranian Train System
• UC San Diego Health Breach Tied to Phishing Attack
• CISA’s Top 30 Bugs: One’s Old Enough to Buy Beer
• Israeli Government Agencies Visit NSO Group Offices
• Six Malicious Linux Shell Scripts Used to Evade Defenses and How to Stop Them
• BlackMatter & Haron: Evil Ransomware Newborns or Rebirths
• Reboot of PunkSpider Tool at DEF CON Stirs Debate
• Podcast: Why Securing Active Directory Is a Nightmare
• No More Ransom Saves Victims Nearly €1 billion Over 5 Years

Naked Security

• S3 Ep43: Apple 0-day, pygmy hippos, hive nightmares and Twitter hacker bust [Podcast]
• Microsoft researcher found Apple 0-day in March, didn’t report it
• Apple emergency zero-day fix for iPhones and Macs – get it now!
• Windows “PetitPotam” network attack – how to protect against it
• US court gets UK Twitter hack suspect arrested in Spain
• S3 Ep42: Viruses, Nightmares, patches, rewards and scammers [Podcast]
• Windows “HiveNightmare” bug could leak passwords – here’s what to do!
• Apple iPhone patches are out – no news if recent Wi-Fi bug is fixed
• S3 Ep41: Crashing iPhones, PrintNightmares, and Code Red memories [Podcast]
• More PrintNightmare: “We TOLD you not to turn the Print Spooler back on!”

Security Affairs

• GhostEmperor, a new Chinese-speaking threat actor targets Southeast Asia
• Security Affairs newsletter Round 325
• Threat actors leaked data stolen from EA, including FIFA code
• SolarWinds hackers breached 27 state attorneys’ offices
• Android Banking Trojan Vultur uses screen recording for credentials stealing
• CVE-2021-3490 – Pwning Linux kernel eBPF on Ubuntu machines
• Estonia ‘s police arrested a Tallin resident who stole 286K ID scans from a government DB
• Meteor was the wiper used against Iran’s national railway system
• BlackMatter and Haron, two new ransomware gangs in the threat landscape
• LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains

Security Awareness Tips of the week

• Detecting Fraud
• Kids and Family Members
• Hosting a Video Conference
• Never Give Your Password Over the Phone
• Patch and Update

Exploits

• Pi-Hole Remove Commands Linux Privilege Escalation
• Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery
• ObjectPlanet Opinio 7.13 Shell Upload
• ObjectPlanet Opinio 7.13 Expression Language Injection
• ObjectPlanet Opinio 7.13 / 7.14 XML Injection
• Microsoft Exchange AD Schema Misconfiguration Privilege Escalation
• Oracle Fatwire 6.3 Cross Site Scripting / SQL Injection
• Longjing Technology BEMS API 1.21 Remote Arbitrary File Download
• Denver IP Camera SHO-110 Snapshot Disclosure
• ObjectPlanet Opinio 7.12 Cross Site Scripting
• CloverDX 5.9.0 Code Execution / Cross Site Request Forgery
• Care2x Integrated Hospital Info System 2.7 SQL Injection
• IntelliChoice eFORCE Software Suite 2.5.9 Username Enumeration
• Backdoor.Win32.WinShell.40 Code Execution
• Event Registration System With QR Code 1.0 Shell Upload
• Denver Smart Wifi Camera SHC-150 Remote Code Execution
• eGain Chat 15.5.5 Cross Site Scripting
• TripSpark VEO Transportation SQL Injection
• PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection
• WordPress Social Warfare 3.5.2 Remote Code Execution
• WordPress SP Project And Document Remote Code Execution
• Backdoor.Win32.Nbdd.bgz Buffer Overflow
• Backdoor.Win32.Bifrose.acci Buffer Overflow
• WordPress Modern Events Calendar Remote Code Execution
• Backdoor.Win32.PsyRat.b Code Execution

• [webapps] Oracle Fatwire 6.3 - Multiple Vulnerabilities
• [webapps] CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE)
• [webapps] Care2x Integrated Hospital Info System 2.7 - 'Multiple' SQL Injection
• [webapps] IntelliChoice eFORCE Software Suite 2.5.9 - Username Enumeration
• [webapps] Longjing Technology BEMS API 1.21 - Remote Arbitrary File Download
• [webapps] Denver IP Camera SHO-110 - Unauthenticated Snapshot
• [webapps] TripSpark VEO Transportation - Blind SQL Injection
• [remote] Denver Smart Wifi Camera SHC-150 - 'Telnet' Remote Code Execution (RCE)
• [webapps] Event Registration System with QR Code 1.0 - Authentication Bypass & RCE
• [webapps] Customer Relationship Management System (CRM) 1.0 - Sql Injection Authentication Bypass
• [webapps] PHP 7.3.15-3 - 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection
• [webapps] XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion (Authenticated)
• [webapps] NoteBurner 2.35 - Denial Of Service (DoS) (PoC)
• [dos] Leawo Prof. Media 11.0.0.1 - Denial of Service (DoS) (PoC)
• [webapps] Elasticsearch ECE 7.13.3 - Anonymous Database Dump
• [webapps] Microsoft SharePoint Server 2019 - Remote Code Execution (2)
• [webapps] WordPress Plugin Simple Post 1.1 - 'Text field' Stored Cross-Site Scripting (XSS)
• [webapps] ElasticSearch 7.13.3 - Memory disclosure
• [webapps] CSZ CMS 1.2.9 - 'Multiple' Arbitrary File Deletion
• [webapps] KevinLAB BEMS 1.0 - File Path Traversal Information Disclosure (Authenticated)
• [webapps] KevinLAB BEMS 1.0 - Unauthenticated SQL Injection / Authentication Bypass
• [remote] KevinLAB BEMS 1.0 - Undocumented Backdoor Account
• [webapps] Webmin 1.973 - 'run.cgi' Cross-Site Request Forgery (CSRF)
• [webapps] WordPress Plugin KN Fix Your Title 1.0.1 - 'Separator' Stored Cross-Site Scripting (XSS)
• [webapps] PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection
• [webapps] Dolibarr ERP/CRM 10.0.6 - Login Brute Force
• [webapps] WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting (XSS)
• [webapps] WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation
• [webapps] WordPress Plugin LearnPress 3.2.6.7 - 'current_items' SQL Injection (Authenticated)
• [remote] Aruba Instant (IAP) - Remote Code Execution
• [local] Linux Kernel 2.6.19 < 5.9 - 'Netfilter Local Privilege Escalation
• [remote] Aruba Instant 8.7.1.0 - Arbitrary File Modification
• [webapps] Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection
• [webapps] ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
• [local] Argus Surveillance DVR 4.0 - Weak Password Encryption
• [webapps] WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution (RCE) (Authenticated)
• [webapps] osCommerce 2.3.4.1 - Remote Code Execution (2)
• [webapps] WordPress Plugin Current Book 1.0.1 - 'Book Title and Author field' Stored Cross-Site Scripting (XSS)
• [webapps] Webmin 1.973 - 'save_user.cgi' Cross-Site Request Forgery (CSRF)
• [webapps] Garbage Collection Management System 1.0 - SQL Injection + Arbitrary File Upload
• [webapps] OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated) (2)
• [webapps] Invoice System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
• [webapps] WordPress Plugin WPFront Notification Bar 1.9.1.04012 - Stored Cross-Site Scripting (XSS)
• [webapps] Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)
• [webapps] Apache Tomcat 9.0.0.M1 - Open Redirect
• [webapps] Zoo Management System 1.0 - 'Multiple' Stored Cross-Site-Scripting (XSS)

Last 20 Website Defacements - Zone-h