Cyber Security Informer

Weekly Update 256

Troy Hunt

AUGUST 13, 2021

Well this week went on for a bit, an hour and 6 mins in all. The 2 Apple things were particularly interesting due to the way in which both catching CSAM baddies and catching baddies who steal your things involves using technology that can be abused. Is it good tech because it can do good things? Bad tech because it can do bad things?

Technology

Vulnerability Recap 4/29/24 – Cisco, Microsoft, Palo Alto & More

eSecurity Planet

APRIL 29, 2024

It seems that many continue to struggle to keep up with patching and updating backlogs, which suggests that more organizations need outside help from patch management as a service or managed service providers (MSPs) to catch up. The fix: For those with Chrome updates automatically enabled, make sure that all users restart their browsers.

Firewall

Firewall Software Ransomware Penetration Testing

Lazarus APT Targeting Cryptocurrency, CISA Warns

SecureWorld News

APRIL 21, 2022

Within the code is a function that purports to be an 'update,' with a name such as UpdateCheckSync , that downloads and executes a malicious payload. The update function makes an HTTP POST request to a PHP script hosted on the TraderTraitor project's domain at either the endpoint /update/ or /oath/checkupdate.php.

Cryptocurrency

Cryptocurrency Computers and Electronics Social Engineering System Administration

'Downfall' Vulnerability Unveiled as New Security Risk in Intel CPUs

SecureWorld News

AUGUST 8, 2023

In fact, Moghimi demonstrated the ability to steal AES 128-bit and 256-bit cryptographic keys in a controlled environment, emphasizing the vulnerability's potential threat to data security. Moghimi is set to present his research at the annual Black Hat USA cybersecurity conference in Las Vegas this week.

Risk

Risk Architecture Data breaches Encryption

WINTRIAGE: THE TRIAGE TOOL FOR WINDOWS DFIRERS

Security Affairs

MARCH 18, 2021

Sometimes it is interesting (or even mandatory) to take out only one compressed file and obtain its hash SHA-256. Only if you have an account in this service ( [link] ), Wintriage can send the SHA-256 of the compressed file to eGarante and you will receive an email with a signed PDF containing the received SHA-256. Version 4.2.0

Encryption

Encryption Architecture Accountability Malware

Zoom Settles with FTC over Allegations of Deceptive Security Practices

Hot for Security

FEBRUARY 2, 2021

One major allegation brought forth by the FTC is that, since at least 2016, Zoom misled users by claiming it offered ‘end-to-end, 256-bit encryption’ when in fact it provided a lower level of security. Alleged negligence and deception towards end users. 290 million new users in four months.

Encryption

Encryption Consumer Protection Surveillance Data breaches

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

This ransomware encrypts data from victims with AES-256 + RSA-8192 and then demands a ~ 2 BTC ransom to get the files back. “The lack of timely antivirus database updates for the security solution used on attacked systems also played a key role, preventing the solution from detecting and blocking the threat. Pierluigi Paganini.

VPN

VPN Ransomware Antivirus Firmware

Security Affairs newsletter Round 256

Security Affairs

MARCH 22, 2020

A new round of the weekly newsletter arrived! Drupal addresses two XSS flaws by updating the CKEditor. The post Security Affairs newsletter Round 256 appeared first on Security Affairs. The best news of the week with Security Affairs. BlackWater, a malware that uses Cloudflare Workers for C2 Communication. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks Ransomware Advertising Hacking

DoS flaw in several MikroTik Routers exploited in attacks

Security Affairs

APRIL 6, 2019

The reboot was caused by watchdog timer since the device was overloaded and stopped responding” The Latvian vendor already released security updates for the RouterOS that addressed the flaw (CVE-2018-19299), but according to the experts, some of the affected devices continue to be vulnerable. RouterOS v6.45beta23 and RouterOS v6.

Advertising

Advertising Risk Internet Internet

Australian social news platform leaks 80,000 user records

Security Affairs

OCTOBER 5, 2020

Snewpit is a map-based peer-to-peer app that allows users to create, find, and share real-time news updates, as well as receive notifications for news posted within 5 kilometers of their location. To see if your email address has been exposed in this or other security breaches, use our personal data leak checker. What data is in the bucket?

Identity Theft

Identity Theft Passwords Advertising Password Management

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

Files are encrypted with a combination of AES-256 and RSA-4096 via the Microsoft CryptoAPI , as per CrowdStrike. HSE head Paul Reid estimates that the cost of restoring and updating its systems could reach €100m. Install updates/patch operating systems, software, and firmware as soon as they are released.

Healthcare

Healthcare Ransomware Encryption Passwords

Kali Linux 2022.3 Release (Discord & Test Lab)

Kali Linux

AUGUST 8, 2022

With the publishing of this blog post, we have the download links ready for immediate access , or you can update any existing installation. Additionally, we just started to provide weekly builds of our VM images. as a nice surprise for everyone to enjoy! The highlights for Kali’s 2022.3’s Why are you guys not doing it?

Architecture

Architecture Education Media Passwords

Are the clouds in the sky rebooting?!

NopSec

OCTOBER 3, 2014

“These updates must be completed by Oct. “Following security best practices, the details of this update are embargoed until then. “The MSR range specified for APIC use in the x2APIC access model spans 256 MSRs,” according to the Xen advisory.

Software

My Philosophy and Recommendations Around the LastPass Breaches

Daniel Miessler

DECEMBER 24, 2022

These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture. Get a weekly analysis of what's happening in security and tech— and why it matters. My thoughts on the situation.

Password Management

Password Management Passwords Encryption Architecture

Best Enterprise VPN Solutions for 2021

eSecurity Planet

JULY 3, 2021

Established in 2007 by GZ Systems, PureVPN offers the leading tunneling protocols (PPTP, L2TP, SSTP/SSL, and IKEv2) and military-grade data encryption at 256-bit AES. Features include a no-logging assurance, 256-bit encryption, access to servers in 41 countries, and up to 5 devices per user. For coverage, Encrypt.me Server Prowess.

VPN

VPN Encryption Marketing Internet

UNCOVERING OPENWRT REMOTE CODE EXECUTION (CVE-2020-7982)

ForAllSecure

MARCH 24, 2020

To install or update software on an OpenWRT system, a utility called opgk is used. However, the actual decoding, which happens inside the for loop starting on line 256 operates on the s variable, which still points to the very start of the string. By all accounts it is installed on millions of devices across the world.

DNS

DNS Software Architecture Accountability

Uncovering OpenWRT Remote Code Execution (CVE-2020-7982)

ForAllSecure

MARCH 24, 2020

To install or update software on an OpenWRT system, a utility called opgk is used. However, the actual decoding, which happens inside the for loop starting on line 256 operates on the s variable, which still points to the very start of the string. By all accounts it is installed on millions of devices across the world.

DNS

DNS Software Architecture Accountability

Uncovering OpenWRT Remote Code Execution (CVE-2020-7982)

ForAllSecure

MARCH 25, 2020

To install or update software on an OpenWRT system such as an OpenWRT web server, a utility called opgk is used. However, the actual decoding, which happens inside the for loop starting on line 256 operates on the s variable, which still points to the very start of the string. The OpenWRT Package Manager.

DNS

DNS Software Architecture Accountability

Alert: 'Imminent and Increasing Threat' as Wave of Ryuk Ransomware Hits Hospitals

SecureWorld News

OCTOBER 29, 2020

Once dropped, Ryuk uses AES-256 to encrypt files and an RSA public key to encrypt the AES key.". Patch operating systems, software, and firmware as soon as manufacturers release updates. Set antivirus and anti-malware solutions to automatically update; conduct regular scans. hospitals in the last week.

Ransomware

Ransomware Healthcare Backups Cybercrime

Mystic Stealer

Security Boulevard

JUNE 15, 2023

On May 20, the Mystic Stealer seller posted updates that include loader functionality and a persistence capability to forums as shown in Figure 1. update with loader support As previously noted, there are several anti-analysis and evasion features additionally present in Mystic Stealer: Binary expiration. Trojan.Mystic.KV

Cryptocurrency

Cryptocurrency Password Management Malware DNS

10 Ransomware Examples to Stay Away From

Spinone

JANUARY 22, 2020

However, if you use a new Windows OS, you can be at risk as well if you don’t update your OS on time. How Dharma works After Dharma has seeped into the system, it encrypts almost all file types using a strong encryption algorithm (AES-256 combined with RSA-1024 asymmetric encryption). Update your computer regularly.

Ransomware

Ransomware Encryption Backups Phishing

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

It works by decrypting a shellcode BLOB with AES-256 and injecting it to the address space of another process, using the process-hollowing technique. As a safety measure against this attack and similar ones, it is recommended to update the UEFI firmware regularly and verify that BootGuard, where applicable, is enabled.

Firmware

Firmware Malware Encryption Passwords

SolarWinds lawsuit claims private equity owners ‘sacrificed cybersecurity to boost short-term profits’

SC Magazine

JUNE 1, 2021

Thoma Bravo and Silver Lake Partners combined owned approximately 80% of SolarWinds stock during the same time period that a group of hackers – believed to be working on behalf of Russia’s Foreign Intelligence Service (SVR) – compromised Orion’s build server and pushed a malicious software update to more than 18,000 SolarWinds customers.

Cybersecurity

Cybersecurity Hacking Media Software

Cyber Security Informer

Weekly Update 256

Vulnerability Recap 4/29/24 – Cisco, Microsoft, Palo Alto & More

Trending Sources

Lazarus APT Targeting Cryptocurrency, CISA Warns

'Downfall' Vulnerability Unveiled as New Security Risk in Intel CPUs

WINTRIAGE: THE TRIAGE TOOL FOR WINDOWS DFIRERS

Zoom Settles with FTC over Allegations of Deceptive Security Practices

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs newsletter Round 256

DoS flaw in several MikroTik Routers exploited in attacks

Australian social news platform leaks 80,000 user records

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Kali Linux 2022.3 Release (Discord & Test Lab)

Are the clouds in the sky rebooting?!

My Philosophy and Recommendations Around the LastPass Breaches

Best Enterprise VPN Solutions for 2021

UNCOVERING OPENWRT REMOTE CODE EXECUTION (CVE-2020-7982)

Uncovering OpenWRT Remote Code Execution (CVE-2020-7982)

Uncovering OpenWRT Remote Code Execution (CVE-2020-7982)

Alert: 'Imminent and Increasing Threat' as Wave of Ryuk Ransomware Hits Hospitals

Mystic Stealer

10 Ransomware Examples to Stay Away From

MoonBounce: the dark side of UEFI firmware

SolarWinds lawsuit claims private equity owners ‘sacrificed cybersecurity to boost short-term profits’

Stay Connected