Cyber Security Informer

CakePHP Application Cybersecurity Research – The Impact of a PHP Vulnerability: Exploring the Password Confirmation Bypass in MISP

Zigrin Security

APRIL 26, 2023

An attacker can change the “ Accept ” header to “application/json ” enabling them to modify sensitive data like a user’s password, email address, or API key without the confirmation of the correct password. This can lead to unauthorized access to sensitive information and data breaches. How Exactly?

Passwords

Passwords Cybersecurity Penetration Testing Data breaches

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

Most often, the attacker will use lists of email addresses and passwords stolen en masse from hacked sites and then try those same credentials to see if they permit online access to accounts at a range of banks. Only after verifying those exact amounts will the account-linking request be granted.

Banking

Banking Passwords Risk Password Management

Operation Falcon: Group-IB helps INTERPOL identify Nigerian BEC ring members

Security Affairs

NOVEMBER 25, 2020

As part of BEC, phishing emails can target particular people within an organization or sent out en masse. Often disguised as money transfer requests, HR-communications or business proposals they aim to steal confidential data. 4 The example of the compromised data from the cybercriminals’ logs. 1 Courtesy of INTERPOL.

Cybercrime

Cybercrime Phishing Social Engineering Spyware

Assess Your Database Security With This 4-Step Checklist

SiteLock

AUGUST 27, 2021

Any time a site visitor clicks an image, fills out a contact form, or makes a purchase on your website, that information is stored in the database. This database security assessment checklist can be your go-to list for ensuring your data stays protected: 1. This is where your customers’ information is stored. Sanitize input fields.

Backups

Backups Encryption Firewall Small Business

Lab Walkthrough?—?Moodle SpellChecker Path Authenticated RCE [CVE-2021–21809]

Pentester Academy

MARCH 23, 2023

or sign up for a 7-day, risk-free trial with INE and access this lab and a robust library covering the latest in Cyber Security, Networking, Cloud, and Data Science! A specially crafted series of HTTP requests can lead to command execution. Step 9: Intercept the moodle page request in the burp suite. Moodle version 3.10

Authentication

Authentication Mobile Passwords Penetration Testing

Let’s Go Phishing

Approachable Cyber Threats

MARCH 22, 2021

People aren’t taking the time to verify the authenticity of email senders and often click on links, open attachments, or even fill out forms without a second of thought. In an attempt to gain personal data. Malicious links, attachments, and forms expose personal information and stop your company’s business in its tracks.

Phishing

Phishing Authentication Education Passwords

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

Security Affairs

OCTOBER 20, 2018

But is it secure enough to protect your companies data? The vulnerabilities allow hackers, governments, or anyone with malicious intention to read files, add/remove users, add/modify existing data, or execute commands with highest privileges on all of the devices. An example request is given below. DOCTYPE requests [. <!ELEMENT

Firmware

Firmware IoT VPN Authentication

A cascade of compromise: unveiling Lazarus’ new campaign

SecureList

OCTOBER 26, 2023

tmp and uses this data as an AES decryption key to decrypt the remaining contents. The first 32 characters of this string serve as the AES decryption key, while the subsequent data contains configuration information used by the malware. After creating this 24-byte value, the malware generates an additional 24 bytes of random data.

Malware

Malware Software Cryptocurrency Technology

Domain of Thrones: Part I

Security Boulevard

OCTOBER 24, 2023

This innovation manifests in the form of evolving tradecraft and tooling, and defenders must stand ready to reclaim and fortify their domain’s sovereignty. This concept is important in maintaining your organization’s operational efficiency and making sure that client and proprietary data are secure. PsExec.exe -s accepteula dc1.asgard.corp

Backups

Backups Passwords Authentication Accountability

Satellites are critical infrastructure and need to be cybersecured

Malwarebytes

MARCH 29, 2022

Today, a majority of the satellites in orbit are used in some form of communication. In answer to a request for Starlink support from Ukraine digital minister Mykhailo Fedorov, SpaceX’s CEO Elon Musk was quick to respond and promise help. More terminals en route. This requires more satellites, but provides higher speeds.

Cybersecurity

Cybersecurity Internet Internet Technology

Return of the Evilnum APT with updated TTPs and new targets

Security Boulevard

JUNE 27, 2022

PE header format (+ Section header format + Section data)*Number of sections. # Figure 10: PE header, Section header and Section data. f) Request methods + Library names (These will be loaded during further execution) + Network communication key generation seed bytes + Mutex name. Encrypted data item format.

Encryption

Encryption Media Engineering Phishing

Top Trending CVEs of January 2023

NopSec

JANUARY 31, 2023

The vulnerability arises due to the order in which SAML data is verified. Crafted requests that contain shell metacharacters injected into the vulnerable parameter results in the remote command execution. The issue is related to the presence of an outdated Apache Santuario dependency, which is used for SAML validation. Host: 10.13.37.10:2031

Authentication

Authentication Passwords Password Management Risk

Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"

Troy Hunt

APRIL 5, 2023

That's the short version, here's the whole story: Ever heard that saying about how "data is the new oil"? Or that "data is the currency of the digital economy"? Like any valuable commodity, marketplaces selling data inevitably emerge, some operating as legal businesses and others, well, not so much.

Marketing

Marketing Passwords Authentication Accountability

Meet the GoldenJackal APT group. Don’t expect any howls

SecureList

MAY 23, 2023

The malware communicates using HTTP POST requests where data arguments will be carried in encoded form as part of the request’s body. The overall request structure will then appear as follows: POST /wp-includes/class-wp-network-statistics.php HTTP/1.1 User-Agent: Mozilla/5.0 Windows NT 6.1; Win64; x64; rv:68.0)

Malware

Malware Encryption Government Technology

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

SecureList

AUGUST 10, 2022

Should the target reply and continue with the conversation, the fake persona would at some point and upon request provide a link to a malicious file hosted on Google Drive (a Windows shortcut file masquerading as a PDF or in a ZIP archive), as identification documents. xml version="1.0" encoding="UTF-8" standalone="yes"?>

Cryptocurrency

Cryptocurrency Encryption Social Engineering Passwords

Main phishing and scamming trends and techniques

SecureList

DECEMBER 6, 2022

There are two main types of online fraud aimed at stealing user data and money: phishing and scams. This method of phishing for personal data is still in use today, because, unfortunately, it continues to yield results. Form for collecting personal data to send the bogus prize. The history of scams and phishing.

Scams

Scams Phishing Social Engineering Banking

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Security Affairs

APRIL 10, 2019

EMOTET has evolved in its delivery, however, this wave was conducted with the most prominent form: inserting malicious documents or URL links inside the body of an email sometimes disguised as an invoice or PDF attachment. El detalle se encuentra en el siguiente enlace: [link] — CSIRT GOB CL (@CSIRTGOB) March 23, 2019.

Banking

Banking Malware Antivirus Cyber threats

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Cisco Security

MAY 27, 2022

In this case, we have two different workflows: one to handle slash commands and another for interactive elements such as forms (more on the workflows later). After the workflow is finished, the results are passed back to Slack using either an API request (for slash commands) or webhook (for interactive elements).

Malware

Malware Accountability DNS Technology

Detecting Credential Stealing Attacks Through Active In-Network Defense

McAfee

SEPTEMBER 22, 2021

Post initial compromise, to be able to execute meaningful attacks, attackers would need to steal credentials to move laterally inside the network, access critical network assets and eventually exfiltrate data. Seed a target system with credentials (such as username/password, browser tokens, and other forms of authentication data).

Authentication

Authentication Accountability Encryption Passwords

IoT Secure Development Guide

Pen Test Partners

OCTOBER 9, 2023

By identifying all entry and exit points, data flows, and external dependencies this can help identify areas that are potentially susceptible to an attacker. Steal keys or data to make counterfeit pods. An attacker threatens to release the data but the vulnerability is quickly fixed. Protect personal data (GDPR).

IoT

IoT Firmware Mobile Manufacturing

We Must Condemn, Not Celebrate, The Download of Parler’s Data: Hacker Vigilantism May Even Help Criminals More Than Law Enforcement

Joseph Steinberg

JANUARY 19, 2021

Last week, shortly before Amazon took the Parler social network offline by terminating the latter’s hosting services, a hacker allegedly facilitated a download of the social media site’s data. A subsequent piece published by Gizmodo even referred to the data as having been “obtained by a computer hacker through legal means.”.

Media

Media Government DDOS Engineering

Large-Scale AiTM Attack targeting enterprise users of Microsoft email services

Security Boulevard

AUGUST 2, 2022

Based on our cloud data telemetry, the majority of the targeted organizations were in the FinTech, Lending, Finance, Insurance, Accounting, Energy and Federal Credit Union industries. Figure 7: Client fingerprint data sent to the server over websocket. registration-forms[.]us. Domain translation. Phishing domains. 10311landex[.]com.

Phishing

Phishing Energy and Utilities Authentication Accountability

Gab Has Been Breached

Troy Hunt

MARCH 3, 2021

I've investigated hundreds of data breaches over the years (there are 514 of them in Have I Been Pwned as I write this), and for the most part, the situation with Gab is just another day on the internet. More specifically, I care about the data that's been exposed in the breach, especially when that data may include my own (I'm very serious).

Passwords

Passwords Data breaches InfoSec Risk

Cyber Security Informer

CakePHP Application Cybersecurity Research – The Impact of a PHP Vulnerability: Exploring the Password Confirmation Bypass in MISP

The Risk of Weak Online Banking Passwords

Trending Sources

Operation Falcon: Group-IB helps INTERPOL identify Nigerian BEC ring members

Assess Your Database Security With This 4-Step Checklist

Lab Walkthrough?—?Moodle SpellChecker Path Authenticated RCE [CVE-2021–21809]

Let’s Go Phishing

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

A cascade of compromise: unveiling Lazarus’ new campaign

Domain of Thrones: Part I

Satellites are critical infrastructure and need to be cybersecured

Return of the Evilnum APT with updated TTPs and new targets

Top Trending CVEs of January 2023

Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"

Meet the GoldenJackal APT group. Don’t expect any howls

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

Main phishing and scamming trends and techniques

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Detecting Credential Stealing Attacks Through Active In-Network Defense

IoT Secure Development Guide

We Must Condemn, Not Celebrate, The Download of Parler’s Data: Hacker Vigilantism May Even Help Criminals More Than Law Enforcement

Large-Scale AiTM Attack targeting enterprise users of Microsoft email services

Gab Has Been Breached

Stay Connected