Architecture, Authentication, Hacking and Information Security

Building a Ransomware Resilient Architecture

eSecurity Planet

DECEMBER 2, 2022

While security teams layer essential preventative measures, resilience measures also need to be implemented in an architecture to reduce the impact of ransomware attacks on your backups. Threat actors cannot hack what they cannot see. Figure 1: Typical VLAN architecture. Figure 2: Resilient VLAN architecture.

Architecture

Architecture Ransomware Backups Firewall

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

Security Affairs

APRIL 28, 2024

The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 These switches are running Linux and are powerful. They are ideal to host implants.”

Firewall

Firewall Authentication Architecture Backups

Cybersecurity: CASB vs SASE

Security Affairs

AUGUST 20, 2023

Control: With CASBs, organizations can enforce security policies across various cloud services. They can dictate access controls, require multi-factor authentication, and implement encryption and data loss prevention measures. Zero Trust Architecture: SASE embodies the principles of zero-trust security.

Cybersecurity

Cybersecurity Architecture Authentication Cyber threats

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. Cuttlefish has a modular structure, it was designed to primarily steal authentication data from web requests passing through the router from the local area network (LAN).

Malware

Malware DNS Authentication Telecommunications

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware

Ransomware Encryption Antivirus VPN

PACMAN, a new attack technique against Apple M1 CPUs

Security Affairs

JUNE 11, 2022

PACMAN is a new attack technique demonstrated against Apple M1 processor chipsets that could be used to hack macOS systems. PACMAN is a novel hardware attack technique that can allow attackers to bypass Pointer Authentication (PAC) on the Apple M1 CPU. ” reads the research paper published by the researchers.

Authentication

Authentication Artificial Intelligence Architecture Hacking

Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now!

Security Affairs

OCTOBER 23, 2021

Cisco SD-WAN is a cloud-delivered overlay WAN architecture that enables digital and cloud transformation at enterprises, it allows to connect disparate office locations via the cloud. An authenticated, local attacker can exploit the CVE-2021-1529 vulnerability to execute arbitrary commands with root privileges. Pierluigi Paganini.

Architecture

Architecture Authentication Hacking Software

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Security Affairs

DECEMBER 9, 2021

TPLINK #cybersecurity #rce #cve #hacking #routerhacking #kpmghungary I found an RCE vulnerability in a TP-Link TL-WR840N EU V5 router (CVE-2021-41653). Below are the two requests sent to the devices to compromise them: The researchers pointed out that successful exploitation requires authentication of the routers. Pierluigi Paganini.

Firmware

Firmware Architecture Malware Hacking

Experts found a macOS version of the sophisticated LightSpy spyware

Security Affairs

MAY 30, 2024

” The plugins for the macOS version are different from those for other platforms, reflecting the architecture of the target systems. Initial analysis revealed that the panel’s code had a critical mistake: it checked for authorization only after loading all scripts, briefly displaying the authenticated view to unauthorized users.

Spyware

Spyware Malware Surveillance Mobile

EvilProxy used in massive cloud account takeover scheme

Security Affairs

AUGUST 9, 2023

. “Threat actors utilized EvilProxy – a phishing tool based on a reverse proxy architecture, which allows attackers to steal MFA-protected credentials and session cookies.” EvilProxy actors use Reverse Proxy and Cookie Injection methods to bypass 2FA authentication – proxyfying victim’s session.

Accountability

Accountability Phishing Authentication Architecture

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. SecurityAffairs – hacking, ZeroLogon). Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security Intelligence

Security Intelligence Authentication Advertising Passwords

GitHub addressed two major vulnerabilities in the NPM package manager

Security Affairs

NOVEMBER 16, 2021

In this architecture, the authorization service was properly validating user authorization to packages based on data passed in request URL paths. SecurityAffairs – hacking, npm). The post GitHub addressed two major vulnerabilities in the NPM package manager appeared first on Security Affairs. Read on to learn more.”

Authentication

Authentication Architecture Hacking Accountability

The Misaligned Incentives for Cloud Security

Schneier on Security

MAY 28, 2021

The hackers stole security certificates to create their own identities, which allowed them to bypass safeguards such as multifactor authentication and gain access to Office 365 accounts, impacting thousands of users at the affected companies and government agencies.

Government

Government Risk Architecture Accountability

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. ” The hacking group initially compromised one of the telecommunication companies by leveraging external DNS (eDNS) servers which are part of the General Packet Radio Service (GPRS) network.

Telecommunications

Telecommunications Mobile Hacking Architecture

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Security Affairs

SEPTEMBER 23, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. “An SecurityAffairs – hacking, ZeroLogon). Pierluigi Paganini.

Authentication

Authentication Advertising Architecture Passwords

New Linux botnet RapperBot brute-forces SSH servers

Security Affairs

AUGUST 5, 2022

RapperBot has limited DDoS capabilities, it was designed to target ARM, MIPS, SPARC, and x86 architectures. “Unlike the majority of Mirai variants, which natively brute force Telnet servers using default or weak passwords, RapperBot exclusively scans and attempts to brute force SSH servers configured to accept password authentication.

IoT

IoT Malware Passwords Authentication

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Pierluigi Paganini.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

CISA and FBI warn of potential data wiping attacks spillover

Security Affairs

MARCH 1, 2022

This joint Cybersecurity Advisory (CSA) provides information on the two wipers as well as indicators of compromise (IOCs) that could be used by defenders to detect and prevent infections. Require multifactor authentication. SecurityAffairs – hacking, data wiping attacks). Update software. Pierluigi Paganini.

Antivirus

Antivirus Architecture Malware Cybersecurity

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

ViperSoftX uses more sophisticated encryption and anti-analysis techniques Atomic macOS Stealer is advertised on Telegram for $1,000 per month CISA warns of a critical flaw affecting Illumina medical devices OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands Cisco discloses a bug in the Prime Collaboration Deployment (..)

Cybercrime

Cybercrime Malware Hacking Accountability

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. SecurityAffairs – hacking, Windows). ” reads a post published by MSRC VP of Engineering Aanchal Gupta.

Authentication

Authentication Advertising Architecture Cybercrime

Golang-Based Botnet GoBruteforcer targets web servers

Security Affairs

MARCH 13, 2023

The botnet targets x86, x64 and ARM processor architectures, experts noticed that it relies on an internet relay chat (IRC) bot on the victim server to communicate with the attacker’s server. “Once a host is found, GoBruteforcer tries to get access to the server via brute force. ” Palo Alto Networks concludes.

Passwords

Passwords Malware Architecture Authentication

Five Eyes agencies warn of attacks on MSPs

Security Affairs

MAY 12, 2022

Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. Ensure MSP-customer contracts transparently identify ownership of information and communications technology (ICT) security roles and responsibilities. Enforce multifactor authentication (MFA). Apply updates.

Authentication

Authentication Accountability Architecture Backups

#IdentityManagementDay – Best Practices to Help Keep Your Organization Secure

CyberSecurity Insiders

APRIL 11, 2023

An element of NIST SP 800-63 , Digital Identity Guidelines and ISO 27001 and 27002 are customized and applied as one framework in the Integrated Information Security Management System (ISMS) of my organization. The authorization process must only apply after the identification and authentication processes respectively and not before.

Authentication

Authentication Passwords Accountability Government

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Security Affairs

MAY 29, 2023

The recipients can read the encrypted messages only after being authenticated with their Microsoft account or obtaining a one-time passcode. Once authenticated with the Microsoft service, the recipients are redirected to a page displaying the attackers’ phishing email. “These phishing attacks are challenging to counter.

Encryption

Encryption Phishing Accountability Authentication

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. Pierluigi Paganini.

Firmware

Firmware Spyware Surveillance Hacking

CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

Security Affairs

SEPTEMBER 17, 2021

“We recently discovered a critical information disclosure vulnerability that affected the AMD Platform Security Processor (PSP) chipset driver for multiple CPU architectures.” ” reads the security advisory. ” reads the advisory published by the security firm. Pierluigi Paganini.

Architecture

Architecture Authentication Hacking Information Security

Erbium info-stealing malware, a new option in the threat landscape

Security Affairs

SEPTEMBER 27, 2022

Ability to obtain information from various installed applications. Ability to obtain cryptocurrency wallet information [log-in credentials and stored funds]. Ability to collect data of Authentication (2FA) and password-managing software. SecurityAffairs – hacking, Erbium stealer). ” states CYFIRMA.

Malware

Malware Password Management Authentication Passwords

The popularity of Dark Utilities ‘C2-as-a-Service’ rapidly increases

Security Affairs

AUGUST 5, 2022

It allows threat actors to target multiple architectures without requiring technical skills. “The platform currently supports Windows, Linux and Python-based payloads, allowing adversaries to target multiple architectures without requiring significant development resources.” SecurityAffairs – hacking, c2-as-a-service).

Architecture

Architecture DDOS Internet Internet

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. SecurityAffairs – hacking, Zerologon). ” reads the report. ” continues the alert. .

VPN

VPN Government Authentication Advertising

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

Security Affairs

JULY 20, 2022

million vehicles can allow hackers to remotely hack them. Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn of multiple security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers which are used by over 1.5 SecurityAffairs – hacking, MiCODUS). million vehicles.

Manufacturing

Manufacturing Passwords Mobile Authentication

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

Security Affairs

NOVEMBER 14, 2022

Akamai Security Research discovered a new evasive Golang-based malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak login credentials. KmsdBot supports multiple architectures, including as Winx86, Arm64, and mips64, x86_64, and does not stay persistent to avoid detection. ” Pierluigi Paganini.

DDOS

DDOS Malware Cryptocurrency Architecture

Zerologon attack lets hackers to completely compromise a Windows domain

Security Affairs

SEPTEMBER 14, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. SecurityAffairs – hacking, ZeroLogon attack). published a detailed analysis of the flaw. Pierluigi Paganini.

Authentication

Authentication Passwords Advertising Architecture

Taiwanese vendor QNAP issues advisory on Zerologon flaw

Security Affairs

OCTOBER 22, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. SecurityAffairs – hacking, QNap). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Authentication

Authentication Advertising Architecture Cybercrime

New GTPDOOR backdoor is designed to target telecom carrier networks

Security Affairs

MARCH 4, 2024

In October 2021, CrowdStrike uncovered a campaign after the investigation of a series of security incidents in multiple countries. The cybersecurity firm added that the threat actors show an in-depth knowledge of telecommunication network architectures. GTPDOOR also supports authentication and encryption mechanisms.

Telecommunications

Telecommunications Firewall Mobile Malware

Bitwarden vs LastPass: Compare Top Password Managers

eSecurity Planet

SEPTEMBER 24, 2021

Both vendors will help you and your employees store access credentials, improve password health, and share sensitive information securely. To help you determine which one is the best fit, we’ve compared Bitwarden and LastPass in each of the following categories: Features Supported platforms Security Cost.

Password Management

Password Management Passwords Encryption Authentication

Microsoft: Russia-linked SolarWinds hackers breached three new entities

Security Affairs

JUNE 26, 2021

Microsoft highlights the importance of best practices such as Zero-trust architecture and multi-factor authentication to prevent these attacks. Below the additional information on best practices shared by the IT giant: . SecurityAffairs – hacking, Nobelium). Follow me on Twitter: @securityaffairs and Facebook.

Financial Services

Financial Services Architecture Cyber Attacks Accountability

CloudMensis spyware went undetected for many years

Security Affairs

JULY 19, 2022

CloudMensis was developed in Objective-C, the samples analyzed by ESET are compiled for both Intel and Apple architectures. Experts noticed that the malware communicates with C2 infrastructure using authentication tokens to multiple cloud service providers (Dropbox, pCloud, and Yandex Disk) that were stored into the CloudMensis configuration.

Spyware

Spyware Malware Authentication Architecture

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

According to the advisory that was issued with the help of leading cybersecurity firms (Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric), nation-state hacking groups were able to hack multiple industrial systems using a new ICS-focused malware toolkit dubbed PIPEDREAM that was discovered in early 2022.

Passwords

Passwords Architecture Backups Cyber Attacks

Iran-linked APT is exploiting the Zerologon flaw in attacks

Security Affairs

OCTOBER 6, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. SecurityAffairs – hacking, Zerologon). Pierluigi Paganini.

Authentication

Authentication Advertising Architecture Security Intelligence

Importance of Securing Software with a Zero Trust Mindset

Security Boulevard

MARCH 22, 2022

Zero Trust can improve security, reduce risks, and give organizations greater confidence in the integrity of their IT infrastructure and applications. To correctly set up a Zero Trust architecture, you need to understand what it actually takes to make systems Zero Trust. Zero Trust Definition and Guiding Principles.

Software

Software Architecture Energy and Utilities Risk

Advancing Trust in a Digital World

Thales Cloud Protection & Licensing

JUNE 16, 2022

With cloud and mobile computing becoming the norm, identity-based and strong authentication are the crucial steps in advancing trust in the digital world. Humans, machines, and APIs should all be authenticated using this method based on their identities, purposes, and usage context. Advance Trust with Awareness and Culture.

Encryption

Encryption Artificial Intelligence Architecture Digital transformation

Open database leaves major Chinese ports exposed to shipping chaos?

Security Affairs

MARCH 11, 2022

ElasticSearch lacks a default authentication and authorization system – meaning the data must be put behind a firewall, or else run the risk of being freely accessed, modified or deleted by threat actors. SecurityAffairs – hacking, Chinese ports). Original Post @CyberNews. About the author Damien Black. Pierluigi Paganini.

Authentication

Authentication Architecture Firewall Risk

Cisco addresses flaws in Small Business Routers and Switches

Security Affairs

JULY 2, 2020

. “A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface.” SecurityAffairs – hacking, routers). Pierluigi Paganini.

Small Business

Small Business Engineering Authentication Architecture

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” “For instance, Intel CSME interacts with CPU microcode to authenticate UEFI BIOS firmware using BootGuard. “Unfortunately, no security system is perfect.

Firmware

Firmware Technology Advertising Authentication

Building a Ransomware Resilient Architecture

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

Webinars

Trending Sources

Cybersecurity: CASB vs SASE

Webinars

Cuttlefish malware targets enterprise-grade SOHO routers

Akira ransomware received $42M in ransom payments from over 250 victims

PACMAN, a new attack technique against Apple M1 CPUs

Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now!

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Experts found a macOS version of the sophisticated LightSpy spyware

EvilProxy used in massive cloud account takeover scheme

Hackers are using Zerologon exploits in attacks in the wild

GitHub addressed two major vulnerabilities in the NPM package manager

The Misaligned Incentives for Cloud Security

China-linked LightBasin group accessed calling records from telcos worldwide

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

New Linux botnet RapperBot brute-forces SSH servers

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

CISA and FBI warn of potential data wiping attacks spillover

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Golang-Based Botnet GoBruteforcer targets web servers

Five Eyes agencies warn of attacks on MSPs

#IdentityManagementDay – Best Practices to Help Keep Your Organization Secure

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Second-ever UEFI rootkit used in North Korea-themed attacks

CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

Erbium info-stealing malware, a new option in the threat landscape

The popularity of Dark Utilities ‘C2-as-a-Service’ rapidly increases

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

Zerologon attack lets hackers to completely compromise a Windows domain

Taiwanese vendor QNAP issues advisory on Zerologon flaw

New GTPDOOR backdoor is designed to target telecom carrier networks

Bitwarden vs LastPass: Compare Top Password Managers

Microsoft: Russia-linked SolarWinds hackers breached three new entities

CloudMensis spyware went undetected for many years

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Iran-linked APT is exploiting the Zerologon flaw in attacks

Importance of Securing Software with a Zero Trust Mindset

Advancing Trust in a Digital World

Open database leaves major Chinese ports exposed to shipping chaos?

Cisco addresses flaws in Small Business Routers and Switches

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Stay Connected