Security Affairs

SEPTEMBER 24, 2020

Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. — Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020. We strongly recommend customers to immediately apply security updates for CVE-2020-1472.

Security Intelligence 125

Security Intelligence Authentication Advertising Passwords 125

Schneier on Security

OCTOBER 13, 2020

Here’s an arson case where the FBI asked Google who searched for a particular street address: Homeland Security special agent Sylvette Reynoso testified that her team began by asking Google to produce a list of public IP addresses used to google the home of the victim in the run-up to the arson.

Surveillance 343

Surveillance Wireless Accountability Architecture 343

Security Affairs

APRIL 21, 2024

The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269. “Tools like SoftPerfect and Advanced IP Scanner are often used for network device discovery (reconnaissance) purposes and net Windows commands are used to identify domain controllers and gather information on domain trust relationships.

Ransomware 99

Ransomware Encryption Antivirus VPN 99

SC Magazine

MARCH 29, 2021

CRISC Company: ISACA Noteworthy: Nearly 30,000 professionals have earned CRISC (Certified in Risk and Information Systems Control) since it was established in 2010, and the certification was fourth on Global Knowledge’s list of top-paying IT certifications for 2020. FINALIST | BEST PROFESSIONAL CERTIFICATION PROGRAM.

Penetration Testing 89

Penetration Testing Architecture Education Technology 89

Security Affairs

JUNE 22, 2020

AMD recently announced that it was preparing patches for an SMM Callout Privilege Escalation vulnerability, tracked as CVE-2020-12890 , that affects the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). ” reads the AMD’s announcement. ” reads the AMD’s announcement.

Firmware 92

Firmware Architecture Advertising Manufacturing 92

Security Affairs

MARCH 2, 2024

from April 29, 2018, to May 10, 2020). The Judge, however, decided that NSO Group would not be forced to reveal the names of its clients or information about its server architecture. In October 2019, WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users.

Spyware 115

Spyware Surveillance Architecture Software 115

Security Affairs

OCTOBER 10, 2020

We’re seeing more activity leveraging the CVE-2020-1472 exploit (ZeroLogon). — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. The fake updates lead to UAC bypass and use of wscript.exe to run malicious scripts.

Cybercrime 110

Cybercrime Security Intelligence Authentication Banking 110

Security Affairs

NOVEMBER 1, 2021

The number of infected devices is impressive, on 2019-11-30 a trusted security partner in the US informed Qihoo 360’s Netlab Cybersecurity reported to have observed 1,962,308 unique daily active IPs from the Pink botnet targeting its systems.

Architecture 117

Architecture DDOS Advertising Firmware 117

Security Affairs

MAY 24, 2021

Below the full vulnerabilities list: CVE-2020-28903 – XSS in Nagios XI when attacker has control over fused server. CVE-2020-28905 – Nagios Fusion authenticated remote code execution (from the context of low-privileges user). CVE-2020-28910 – Nagios XI getprofile.sh and modification of proxy config.

Software 101

Software Risk Authentication Architecture 101

Security Affairs

OCTOBER 12, 2020

According to the Alert (AA20-283A), advanced persistent threat (APT) actors are exploiting multiple legacy vulnerabilities in combination with a the recently discovered Zerologon vulnerability (CVE-2020-1472). The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. ” reads the report.

VPN 136

VPN Government Authentication Advertising 136

Security Affairs

JUNE 21, 2022

Researchers linked a new APT group, tracked as ToddyCat, to a series of attacks targeting entities in Europe and Asia since at least December 2020. Researchers from Kaspersky have linked a new APT group, tracked as ToddyCat, to a series of attacks aimed at high-profile entities in Europe and Asia since at least December 2020.

Architecture 108

Architecture Malware Hacking Cybersecurity 108

McAfee

NOVEMBER 3, 2020

Women in Cloud and Security – A Panel with McAfee, AWS, and Our Customers. Thursday, November 5, 2020. Join McAfee in our Women in Cloud and Security Panel. Please join McAfee, AWS, and our customers to discuss the impact women are having on information security in the cloud. 10am PT | 12pm CT | 1pm ET.

Cybersecurity 93

Cybersecurity Architecture Cloud Migration Retail 93

Security Affairs

OCTOBER 6, 2020

Using a WordPress flaw (File-Manager plugin–CVE-2020-25213) to leverage Zerologon (CVE-2020-1472) and attack companies’ Domain Controllers. Recently, a critical vulnerability called Zerologon – CVE-2020-1472 – has become a trending subject around the globe. w4fz5uck5) September 8, 2020. Figure 2: PoC – CVE-2020-25213.

Social Engineering 101

Social Engineering Passwords Advertising Accountability 101

Security Affairs

SEPTEMBER 20, 2020

DHS CISA issued an emergency directive to tells government agencies to address the Zerologon vulnerability (CVE-2020-1472) by Monday. The Department of Homeland Security’s CISA issued an emergency directive to order government agencies to address the Zerologon vulnerability (CVE-2020-1472) by Monday.

Authentication 104

Authentication Passwords Advertising Government 104

eSecurity Planet

JUNE 17, 2022

See the Top Zero Trust Security Solutions. Forrester Research developed the formal concept of zero trust more than a decade ago: Zero Trust is an information security model that denies access to applications and data by default. Also read: Most Security Product Buyers Aren’t Getting Promised Results: RSA Panel.

Architecture 122

Architecture Firewall Technology VPN 122

eSecurity Planet

JULY 22, 2021

According to a pair of recent reports from cloud security vendor Zscaler, cybercriminals picked up on this, with the result being a significant surge in malware attacks against these devices. IoT device security has also been the target of a broad federal effort in recent months. Remote Work and Security.

IoT 145

IoT Risk Architecture Manufacturing 145

Security Affairs

DECEMBER 22, 2022

includes several new flaws, including: Vulnerability Affected software CVE-2017-17105 Zivif PR115-204-P-RS CVE-2019-10655 Grandstream CVE-2020-25223 WebAdmin of Sophos SG UTM CVE-2021-42013 Apache CVE-2022-31137 Roxy-WI CVE-2022-33891 Apache Spark ZSL-2022-5717 MiniDVBLinux. “Since the release of Zerobot 1.1,

IoT 112

IoT DDOS Malware Firmware 112

Lenny Zeltser

FEBRUARY 13, 2020

As of this writing, I’ve spent six months in the role of Chief Information Security Officer (CISO) at Axonius , a rapidly growing technology company. Our IT infrastructure is consistent zero-trust architecture principles , so it made sense to treat identity as the focal point of many security decisions.

CISO 79

CISO Information Security Architecture Technology 79

Security Affairs

OCTOBER 11, 2023

Below is the list of exploit payloads added to the bot: D-Link: CVE-2015-1187 , CVE-2016-20017 , CVE-2020-25506 , and CVE-2021-45382. Upon executing the script, it deletes logs and downloads and executes various bot clients to target specific Linux architectures. ” reads the analysis published by Fortinet.

DDOS 111

DDOS Wireless Architecture IoT 111

Security Affairs

APRIL 17, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. Then the script downloads the actual Enemybot binary which is compiled for the target device’s architecture. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion.

DDOS 129

DDOS Architecture Malware Cybercrime 129

Security Affairs

OCTOBER 6, 2020

The Zerologon vulnerability, tracked as CVE-2020-1472 , is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers.

Authentication 95

Authentication Advertising Architecture Security Intelligence 95

Security Affairs

JUNE 15, 2021

Researchers from AT&T Alien Lab have spotted a new variant of the Mirai botnet, tracked asu Moobot, which was scanning the Internet for the CVE-2020-10987 remote code-execution (RCE) issue in Tenda routers. cc, further investigations allowed the researchers to date some of the campaigns back at least to May 2020.

Malware 111

Malware Internet Internet DDOS 111

Security Affairs

OCTOBER 28, 2020

Steelcase is a US-based furniture company that produces office furniture, architectural and technology products for office environments and the education, health care and retail industries. billion in 2020. “On October 22, 2020, Steelcase Inc. . “On October 22, 2020, Steelcase Inc. ” reads the 8-K form.

Ransomware 93

Ransomware Computers and Electronics Manufacturing Advertising 93

Security Affairs

MAY 30, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. RCE CVE-2020-5902 F5 BigIP RCE No CVE (vulnerability published on 2019) ThinkPHP 5.X RCE CVE-2020-5902 F5 BigIP RCE No CVE (vulnerability published on 2019) ThinkPHP 5.X RCE CVE-2020-5902 F5 BigIP RCE No CVE (vulnerability published on 2019) ThinkPHP 5.X

Malware 138

Malware DDOS IoT Cybercrime 138

Security Affairs

JULY 2, 2020

Cisco announced that it has patched several vulnerabilities affecting its products, including security issues in Small Business routers and switches. The most severe flaw, tracked as CVE-2020-3297, affects Small Business and managed switches, it has been rated by Cisco as high severity. ” reads the advisory published by Cisco.

Small Business 100

Small Business Engineering Authentication Architecture 100

Security Affairs

SEPTEMBER 14, 2020

Zerologon attack allows threat actors to take over enterprise networks by exploiting the CVE-2020-1472 patched in the August 2020 Patch Tuesday. Administrators of enterprise Windows Servers have to install the August 2020 Patch Tuesday as soon as possible to protect their systems from Zerologon attack that exploits the CVE-2020-1472.

Authentication 85

Authentication Passwords Advertising Architecture 85

Security Affairs

FEBRUARY 23, 2021

IBM has released security updates to address several high- and medium-severity flaws affecting some of its enterprise products, including IBM Java Runtime, IBM Planning Analytics Workspace, and IBM Kenexa LMS On Premise. . The most severe issue, tracked as CVE-2020-27221, is a stack-based buffer overflow that resides in Eclipse OpenJ9.

Architecture 73

Architecture Hacking Information Security Malware 73

Security Affairs

APRIL 19, 2021

XCSSET is a Mac malware that was discovered by Trend Micro in August 2020, it was spreading through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware attacks. The new variant also implements new features for data-stealing focused on cryptocurrency apps.

Malware 104

Malware Cryptocurrency Architecture Engineering 104

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. The Mozi botnet was spotted by security experts from 360 Netlab, at the time of its discovered it was actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them.

IoT 119

IoT DDOS Architecture Passwords 119

Security Affairs

JULY 19, 2021

.” ZeroX claims to have exploited a zero-day flaw to steal the data from the infrastructure of Saudi Aramco back in 2020. The seller published multiple ads in multiple hacking forums and also offered access to a sample of the stolen info, including blueprints and PII.

Engineering 133

Engineering Telecommunications Wireless Data breaches 133

Security Affairs

MARCH 13, 2021

XCSSET is a Mac malware that was discovered by Trend Micro in August 2020, it was spreading through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware attacks. ” states the report published by Kaspersky. ” Kaspersky concludes.

Malware 98

Malware Adware Architecture Antivirus 98

Security Affairs

MAY 15, 2022

— Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022. The botnet has been active since at least the end of 2020, but its activity was documented in April 2021 by multiple security researchers. The new variant, which we call Sysrv-K, sports additional exploits and can gain control of web servers.

Security Intelligence 78

Security Intelligence Malware Architecture Backups 78

Security Affairs

DECEMBER 6, 2020

Cyber Command (@US_CYBERCOM) December 4, 2020. ” The PCTE platform was launched in February 2020 as a component of the U.S. military’s Joint Cyber Warfighting Architecture, it allows multiple independent cyber training operations to run simultaneously. Persistent Cyber Training Environment allows U.S. &

Architecture 107

Architecture Hacking Technology Information Security 107

Security Affairs

NOVEMBER 9, 2021

Threat actors also scan the web for ports 2375, 2376, 2377, 4243, 4244, and attempt to gather server info such as the OS type, container registry, architecture, number of CPU cores, and the current swarm participation status. Experts noticed that the IP address 45[.]9[.]148[.]182 ” continues the analysis.

Cryptocurrency 94

Cryptocurrency Malware Cybercrime Architecture 94

Security Affairs

OCTOBER 22, 2020

The Taiwanese vendor QNAP has published an advisory to warn customers that certain versions of the operating system for its network-attached storage (NAS) devices, also known as of QTS, are affected by the Zerologon vulnerability ( CVE-2020-1472 ). The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon.

Authentication 78

Authentication Advertising Architecture Cybercrime 78

Security Affairs

JULY 21, 2022

The first one took place in 2020, threat actors were dropping this backdoor after the compromise of a network by exploiting the CVE-2020-5902 vulnerability in F5 BIG-IP. Agents can be deployed on a variety of operating systems (OS) or architectures (amd64, arm, etc.). ” reads the analysis published by Talos.

Software 98

Software Malware Architecture Firewall 98

Security Affairs

MARCH 21, 2020

A new variant of the infamous Mirai malware, tracked as Mukashi, targets Zyxel network-attached storage (NAS) devices exploiting recently patched CVE-2020-9054 issue. According to Palo Alto researchers, threat actors exploited the recently patched CVE-2020-9054 vulnerability in Zyxel NAS. The vendor advisory is also available.

DDOS 102

DDOS Authentication Advertising Firmware 102