Architecture, Authentication, Hacking and Information Security

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

Security Affairs

APRIL 28, 2024

The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 These switches are running Linux and are powerful. They are ideal to host implants.”

Firewall

Firewall Authentication Architecture Backups

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. Cuttlefish has a modular structure, it was designed to primarily steal authentication data from web requests passing through the router from the local area network (LAN).

Malware

Malware DNS Authentication Telecommunications

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware

Ransomware Encryption Antivirus VPN

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

PACMAN, a new attack technique against Apple M1 CPUs

Security Affairs

JUNE 11, 2022

PACMAN is a new attack technique demonstrated against Apple M1 processor chipsets that could be used to hack macOS systems. PACMAN is a novel hardware attack technique that can allow attackers to bypass Pointer Authentication (PAC) on the Apple M1 CPU. ” reads the research paper published by the researchers.

Authentication

Authentication Artificial Intelligence Architecture Hacking

Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now!

Security Affairs

OCTOBER 23, 2021

Cisco SD-WAN is a cloud-delivered overlay WAN architecture that enables digital and cloud transformation at enterprises, it allows to connect disparate office locations via the cloud. An authenticated, local attacker can exploit the CVE-2021-1529 vulnerability to execute arbitrary commands with root privileges. Pierluigi Paganini.

Architecture

Architecture Authentication Hacking Software

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Security Affairs

DECEMBER 9, 2021

TPLINK #cybersecurity #rce #cve #hacking #routerhacking #kpmghungary I found an RCE vulnerability in a TP-Link TL-WR840N EU V5 router (CVE-2021-41653). Below are the two requests sent to the devices to compromise them: The researchers pointed out that successful exploitation requires authentication of the routers. Pierluigi Paganini.

Firmware

Firmware Architecture Malware Hacking

EvilProxy used in massive cloud account takeover scheme

Security Affairs

AUGUST 9, 2023

. “Threat actors utilized EvilProxy – a phishing tool based on a reverse proxy architecture, which allows attackers to steal MFA-protected credentials and session cookies.” EvilProxy actors use Reverse Proxy and Cookie Injection methods to bypass 2FA authentication – proxyfying victim’s session.

Accountability

Accountability Phishing Authentication Architecture

GitHub addressed two major vulnerabilities in the NPM package manager

Security Affairs

NOVEMBER 16, 2021

In this architecture, the authorization service was properly validating user authorization to packages based on data passed in request URL paths. SecurityAffairs – hacking, npm). The post GitHub addressed two major vulnerabilities in the NPM package manager appeared first on Security Affairs. Read on to learn more.”

Authentication

Authentication Architecture Hacking Accountability

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. SecurityAffairs – hacking, ZeroLogon). Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security Intelligence

Security Intelligence Authentication Advertising Passwords

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. ” The hacking group initially compromised one of the telecommunication companies by leveraging external DNS (eDNS) servers which are part of the General Packet Radio Service (GPRS) network.

Telecommunications

Telecommunications Mobile Hacking Architecture

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Security Affairs

SEPTEMBER 23, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. “An SecurityAffairs – hacking, ZeroLogon). Pierluigi Paganini.

Authentication

Authentication Advertising Architecture Passwords

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Pierluigi Paganini.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

New Linux botnet RapperBot brute-forces SSH servers

Security Affairs

AUGUST 5, 2022

RapperBot has limited DDoS capabilities, it was designed to target ARM, MIPS, SPARC, and x86 architectures. “Unlike the majority of Mirai variants, which natively brute force Telnet servers using default or weak passwords, RapperBot exclusively scans and attempts to brute force SSH servers configured to accept password authentication.

IoT

IoT Malware Passwords Authentication

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

ViperSoftX uses more sophisticated encryption and anti-analysis techniques Atomic macOS Stealer is advertised on Telegram for $1,000 per month CISA warns of a critical flaw affecting Illumina medical devices OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands Cisco discloses a bug in the Prime Collaboration Deployment (..)

Cybercrime

Cybercrime Malware Hacking Accountability

CISA and FBI warn of potential data wiping attacks spillover

Security Affairs

MARCH 1, 2022

This joint Cybersecurity Advisory (CSA) provides information on the two wipers as well as indicators of compromise (IOCs) that could be used by defenders to detect and prevent infections. Require multifactor authentication. SecurityAffairs – hacking, data wiping attacks). Update software. Pierluigi Paganini.

Antivirus

Antivirus Architecture Malware Cybersecurity

Five Eyes agencies warn of attacks on MSPs

Security Affairs

MAY 12, 2022

Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. Ensure MSP-customer contracts transparently identify ownership of information and communications technology (ICT) security roles and responsibilities. Enforce multifactor authentication (MFA). Apply updates.

Authentication

Authentication Accountability Architecture Backups

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. SecurityAffairs – hacking, Windows). ” reads a post published by MSRC VP of Engineering Aanchal Gupta.

Authentication

Authentication Advertising Architecture Cybercrime

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Security Affairs

MAY 29, 2023

The recipients can read the encrypted messages only after being authenticated with their Microsoft account or obtaining a one-time passcode. Once authenticated with the Microsoft service, the recipients are redirected to a page displaying the attackers’ phishing email. “These phishing attacks are challenging to counter.

Encryption

Encryption Phishing Accountability Authentication

Golang-Based Botnet GoBruteforcer targets web servers

Security Affairs

MARCH 13, 2023

The botnet targets x86, x64 and ARM processor architectures, experts noticed that it relies on an internet relay chat (IRC) bot on the victim server to communicate with the attacker’s server. “Once a host is found, GoBruteforcer tries to get access to the server via brute force. ” Palo Alto Networks concludes.

Passwords

Passwords Malware Architecture Authentication

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. Pierluigi Paganini.

Firmware

Firmware Spyware Surveillance Hacking

Erbium info-stealing malware, a new option in the threat landscape

Security Affairs

SEPTEMBER 27, 2022

Ability to obtain information from various installed applications. Ability to obtain cryptocurrency wallet information [log-in credentials and stored funds]. Ability to collect data of Authentication (2FA) and password-managing software. SecurityAffairs – hacking, Erbium stealer). ” states CYFIRMA.

Malware

Malware Password Management Authentication Passwords

CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

Security Affairs

SEPTEMBER 17, 2021

“We recently discovered a critical information disclosure vulnerability that affected the AMD Platform Security Processor (PSP) chipset driver for multiple CPU architectures.” ” reads the security advisory. ” reads the advisory published by the security firm. Pierluigi Paganini.

Architecture

Architecture Authentication Hacking Information Security

The popularity of Dark Utilities ‘C2-as-a-Service’ rapidly increases

Security Affairs

AUGUST 5, 2022

It allows threat actors to target multiple architectures without requiring technical skills. “The platform currently supports Windows, Linux and Python-based payloads, allowing adversaries to target multiple architectures without requiring significant development resources.” SecurityAffairs – hacking, c2-as-a-service).

Architecture

Architecture DDOS Internet Internet

Building a Ransomware Resilient Architecture

eSecurity Planet

DECEMBER 2, 2022

While security teams layer essential preventative measures, resilience measures also need to be implemented in an architecture to reduce the impact of ransomware attacks on your backups. Threat actors cannot hack what they cannot see. Figure 1: Typical VLAN architecture. Figure 2: Resilient VLAN architecture.

Architecture

Architecture Ransomware Backups Firewall

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

Security Affairs

NOVEMBER 14, 2022

Akamai Security Research discovered a new evasive Golang-based malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak login credentials. KmsdBot supports multiple architectures, including as Winx86, Arm64, and mips64, x86_64, and does not stay persistent to avoid detection. ” Pierluigi Paganini.

DDOS

DDOS Malware Cryptocurrency Architecture

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

Security Affairs

JULY 20, 2022

million vehicles can allow hackers to remotely hack them. Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn of multiple security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers which are used by over 1.5 SecurityAffairs – hacking, MiCODUS). million vehicles.

Manufacturing

Manufacturing Passwords Mobile Authentication

New GTPDOOR backdoor is designed to target telecom carrier networks

Security Affairs

MARCH 4, 2024

In October 2021, CrowdStrike uncovered a campaign after the investigation of a series of security incidents in multiple countries. The cybersecurity firm added that the threat actors show an in-depth knowledge of telecommunication network architectures. GTPDOOR also supports authentication and encryption mechanisms.

Telecommunications

Telecommunications Firewall Mobile Malware

Zerologon attack lets hackers to completely compromise a Windows domain

Security Affairs

SEPTEMBER 14, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. SecurityAffairs – hacking, ZeroLogon attack). published a detailed analysis of the flaw. Pierluigi Paganini.

Authentication

Authentication Passwords Advertising Architecture

Taiwanese vendor QNAP issues advisory on Zerologon flaw

Security Affairs

OCTOBER 22, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. SecurityAffairs – hacking, QNap). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Authentication

Authentication Advertising Architecture Cybercrime

Microsoft: Russia-linked SolarWinds hackers breached three new entities

Security Affairs

JUNE 26, 2021

Microsoft highlights the importance of best practices such as Zero-trust architecture and multi-factor authentication to prevent these attacks. Below the additional information on best practices shared by the IT giant: . SecurityAffairs – hacking, Nobelium). Follow me on Twitter: @securityaffairs and Facebook.

Financial Services

Financial Services Architecture Cyber Attacks Accountability

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

According to the advisory that was issued with the help of leading cybersecurity firms (Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric), nation-state hacking groups were able to hack multiple industrial systems using a new ICS-focused malware toolkit dubbed PIPEDREAM that was discovered in early 2022.

Passwords

Passwords Architecture Backups Cyber Attacks

CloudMensis spyware went undetected for many years

Security Affairs

JULY 19, 2022

CloudMensis was developed in Objective-C, the samples analyzed by ESET are compiled for both Intel and Apple architectures. Experts noticed that the malware communicates with C2 infrastructure using authentication tokens to multiple cloud service providers (Dropbox, pCloud, and Yandex Disk) that were stored into the CloudMensis configuration.

Spyware

Spyware Malware Authentication Architecture

Open database leaves major Chinese ports exposed to shipping chaos?

Security Affairs

MARCH 11, 2022

ElasticSearch lacks a default authentication and authorization system – meaning the data must be put behind a firewall, or else run the risk of being freely accessed, modified or deleted by threat actors. SecurityAffairs – hacking, Chinese ports). Original Post @CyberNews. About the author Damien Black. Pierluigi Paganini.

Authentication

Authentication Architecture Firewall Risk

Cisco addresses flaws in Small Business Routers and Switches

Security Affairs

JULY 2, 2020

. “A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface.” SecurityAffairs – hacking, routers). Pierluigi Paganini.

Small Business

Small Business Engineering Authentication Architecture

Advancing Trust in a Digital World

Thales Cloud Protection & Licensing

JUNE 16, 2022

With cloud and mobile computing becoming the norm, identity-based and strong authentication are the crucial steps in advancing trust in the digital world. Humans, machines, and APIs should all be authenticated using this method based on their identities, purposes, and usage context. Advance Trust with Awareness and Culture.

Encryption

Encryption Artificial Intelligence Architecture Digital transformation

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” “For instance, Intel CSME interacts with CPU microcode to authenticate UEFI BIOS firmware using BootGuard. “Unfortunately, no security system is perfect.

Firmware

Firmware Technology Advertising Authentication

DHS CISA orders federal agencies to fix Zerologon flaw by Monday

Security Affairs

SEPTEMBER 20, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. SecurityAffairs – hacking, Zerologon). ” reads the emergency directive. Pierluigi Paganini.

Authentication

Authentication Passwords Advertising Government

Myrocket HR platform’s data leak turns into privacy nightmare for employees

Security Affairs

JANUARY 18, 2023

The discovered database was not protected by authentication. The security loophole resulted in millions of private documents being revealed to the public. Rocket was recently acquired [Dutch-owned OLX bought it back in 2019], and enforcement of parent company standards is in progress, along with architectural corrections.

Identity Theft

Identity Theft Insurance Penetration Testing Banking

Crooks leverage Zoom’s popularity in Coronavirus outbreak to serve malware

Security Affairs

MARCH 30, 2020

Ensure you are ordering goods from an authentic source. Prevent zero-day attacks with a holistic, end to end cyber architecture. SecurityAffairs – coronavirus, hacking). The post Crooks leverage Zoom’s popularity in Coronavirus outbreak to serve malware appeared first on Security Affairs. Pierluigi Paganini.

Malware

Malware Advertising Retail Architecture

Alien Android banking Trojan, the powerful successor of the Cerberus malware

Security Affairs

SEPTEMBER 24, 2020

Alien first appeared in the threat landscape early this year, its model of sale is Malware-as-a-Service (MaaS) and is advertised on several underground hacking forums. “In the case of Alien, advanced features such as the authenticator-code stealer and notifications-sniffer aside, the features of the Trojan are quite common. .

Banking

Banking Malware Advertising Architecture

Bizarro banking Trojan targets banks in Brazil and abroad

Security Affairs

MAY 17, 2021

Bizarro has x64 modules, the malicious code allows to trick victims into entering two-factor authentication codes in fake pop-ups. While writing this article, we saw hacked WordPress, Amazon and Azure servers used for storing archives. SecurityAffairs – hacking, Bizarro). ” reads the analysis published by Kaspersky.

Banking

Banking Social Engineering Malware Engineering

Privacy and security in the software designing

Security Affairs

APRIL 22, 2021

Therefore, it’s essential to carry out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy. This will allow the client to verify the specified features and the designer to proceed with the implementation of the software architecture. Pierluigi Paganini.

Software

Software Data privacy Architecture Risk

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. “ DePriMon is an unusually advanced downloader whose developers have put extra effort into setting up the architecture and crafting the critical components,” ESET concludes.

Malware

Malware Telecommunications Advertising Encryption

Biden signed executive order to improve the Nation’s Cybersecurity

Security Affairs

MAY 13, 2021

The Secretary of Homeland Security may invite the participation of others on a case-by-case basis depending on the nature of the incident under review. “ Federal agencies are requested to implement a Zero Trust Architecture, implement multi-factor authentication, and adopt encryption for data at rest and in transit.

Cybersecurity

Cybersecurity Government Software Architecture

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

Cuttlefish malware targets enterprise-grade SOHO routers

Webinars

Trending Sources

Akira ransomware received $42M in ransom payments from over 250 victims

Webinars

PACMAN, a new attack technique against Apple M1 CPUs

Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now!

Dark Mirai botnet spreads targeting RCE on TP-Link routers

EvilProxy used in massive cloud account takeover scheme

GitHub addressed two major vulnerabilities in the NPM package manager

Hackers are using Zerologon exploits in attacks in the wild

China-linked LightBasin group accessed calling records from telcos worldwide

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

New Linux botnet RapperBot brute-forces SSH servers

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

CISA and FBI warn of potential data wiping attacks spillover

Five Eyes agencies warn of attacks on MSPs

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Golang-Based Botnet GoBruteforcer targets web servers

Second-ever UEFI rootkit used in North Korea-themed attacks

Erbium info-stealing malware, a new option in the threat landscape

CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

The popularity of Dark Utilities ‘C2-as-a-Service’ rapidly increases

Building a Ransomware Resilient Architecture

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

New GTPDOOR backdoor is designed to target telecom carrier networks

Zerologon attack lets hackers to completely compromise a Windows domain

Taiwanese vendor QNAP issues advisory on Zerologon flaw

Microsoft: Russia-linked SolarWinds hackers breached three new entities

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

CloudMensis spyware went undetected for many years

Open database leaves major Chinese ports exposed to shipping chaos?

Cisco addresses flaws in Small Business Routers and Switches

Advancing Trust in a Digital World

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

DHS CISA orders federal agencies to fix Zerologon flaw by Monday

Myrocket HR platform’s data leak turns into privacy nightmare for employees

Crooks leverage Zoom’s popularity in Coronavirus outbreak to serve malware

Alien Android banking Trojan, the powerful successor of the Cerberus malware

Bizarro banking Trojan targets banks in Brazil and abroad

Privacy and security in the software designing

DePriMon downloader uses a never seen installation technique

Biden signed executive order to improve the Nation’s Cybersecurity

Stay Connected