Clubhouse denies it was ‘breached’ and says the data is out there for anyone to grab.
Read More
The post 1.3M Clubhouse Users’ Data Dumped in Hacker Forum for Free appeared first on Malware Devil.
Microsoft has warned organizations of a new attack campaign that uses legitimate website contact forms to deliver malicious links to businesses via emails containing fake legal threats.
Websites typically have contact forms to give visitors a means of communicating with site owners. In this campaign, Microsoft noticed attackers targeting businesses by abusing their corporate contact forms. Analysts believe the influx of emails stemming from contact forms indicates the attackers may have automated the process by bypassing CAPTCHA protections.
This contact form submission leads to a malicious email landing in a recipient’s mailbox that appears legitimate because it came from the same email marketing system that delivers messages and questions from other website visitors. The attackers’ message contains urgent language – “download it right now and check this out for yourself” – pushing the recipient to act quickly.
A legitimate Google URL is included. If clicked, it brings the reader to a Google page that requires logging in with Google credentials. Signing in will automatically download a malicious ZIP file that ultimately downloads the IcedID payload.
When launched, IcedID connects to a command-and-control server to download modules that conduct functions like exfiltrating banking credentials and other data. It achieves persistence and downloads additional tools that let remote attackers pursue other malicious actions on a target system, including credential theft, lateral movement, and delivery of additional payloads.
“While this specific campaign delivers the IcedID malware, the delivery method can be used to distribute a wide range of other malware, which can in turn introduce other threats to the enterprise,” officials note in a writeup of their findings. Microsoft has alerted Google to this campaign since it takes advantage of legitimate Google URLs.
This campaign is successful for a number of reasons, Microsoft notes. It uses legitimate contact forms and delivers a message that a recipient would want to learn more about. The legal threat is a “scare tactic,” claiming the recipient used images or illustrations without consent. Because everything else about the transaction seems genuine, a recipient may be more likely to trust it.
Read Microsoft’s full blog post for more information.
Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
Recommended Reading:
Comment |
Print |
More Insights
The post Microsoft Warns of Malware Delivery via Google URLs appeared first on Malware Devil.
A man caught in an FBI sting allegedly said he wanted to destroy “70 percent of the internet” by going after the tech giant’s data centers.
Read More
The post Man Arrested for AWS Bomb Plot appeared first on Malware Devil.
White Papers
Video
Current Issue
2021 Top Enterprise IT TrendsWe’ve identified the key trends that are poised to impact the IT landscape in 2021. Find out why they’re important and how they will affect you today!
Flash Poll
Twitter Feed
Bug Report
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identif…
CVE-2021-22497
PUBLISHED: 2021-04-12
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.
CVE-2021-3163
PUBLISHED: 2021-04-12
A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field.
CVE-2019-15059
PUBLISHED: 2021-04-12
In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. These configuration files have all PBX information including extension numbers, contacts, and passwords.
CVE-2021-21524
PUBLISHED: 2021-04-12
Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Cr…
The post Federal Reserve Chairman Says Cyber-Risk a Top Threat to National Economy appeared first on Malware Devil.
A while ago I wrote about jaywalk laws being racist by design. Also it’s well-known that white nationalist groups try to promote the idea that killing people with cars has a higher chance of avoiding conviction (not to mention “kill bill” laws around America that criminalize pedestrians and allow drivers to hit them without consequence). … Continue reading American Pedestrians Killed Disproportionately by Race
The post American Pedestrians Killed Disproportionately by Race appeared first on Security Boulevard.
The post American Pedestrians Killed Disproportionately by Race appeared first on Malware Devil.
We answer your submitted questions from the recent (March 2021) Tradecraft Training: How to Use the Dark Web for Your Investigations.
The post Tradecraft Training Q&A: How to Use the Dark Web for Your Investigations appeared first on Security Boulevard.
The post Tradecraft Training Q&A: How to Use the Dark Web for Your Investigations appeared first on Malware Devil.
The post Apple Inc. Whitepaper: A Day In The Life Of Your Data appeared first on Security Boulevard.
The post Apple Inc. Whitepaper: A Day In The Life Of Your Data appeared first on Malware Devil.
Tripwire’s March 2021 Patch Priority Index (PPI) brings together important vulnerabilities from SaltStack, VWware, BIG-IP and Microsoft. First on the patch priority list this month are patches for vulnerabilities in Microsoft Exchange (CVE-2021-27065, CVE-2021-26855), SaltStack (CVE-2021-25282, CVE-2021-25281), BIG-IP (CVE-2021-22986) and VMware vCenter (CVE-2021-21972). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit […]… Read More
The post Tripwire Patch Priority Index for March 2021 appeared first on The State of Security.
The post Tripwire Patch Priority Index for March 2021 appeared first on Security Boulevard.
The post Tripwire Patch Priority Index for March 2021 appeared first on Malware Devil.
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we speak to Point3 Security chief strategist Chloe Messdaghi, HaveIBeenPwned founder Troy Hunt, and We Hack Purple founder and CEO Tanya Janca about security fatigue.
Security fatigue is exactly what it sounds like. It’s the limit we all reach when security best practices become overbearing. It’s what prevents us from making a strong password for a new online account. It’s why we may not update our software despite repeated notifications.
And, importantly, it probably isn’t your fault.
Tune in to learn about security fatigue from the experts–how does it manifest in their professions, what have they seen, and what are the unforeseen outcomes to it–on the latest episode of Lock and Code, with host David Ruiz.
You can also find us on the Apple iTunes store, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.
Stay safe!
The post Beating security fatigue with Troy Hunt, Chloe Messdaghi, and Tanya Janca: Lock and Code S02E06 appeared first on Malware Devil.
Tenable.io is one of K2’s technology partners, and K2’s vulnerability detection can enhance the testing results generated by a Tenable.io WAS test. K2’s Security Platform is a complementary addition to Tenable.io WAS that offers 3 significant benefits to a standalone Tenable.io WAS scan.
The post Enhancing Tenable.io Web Application Scanner Results appeared first on K2io.
The post Enhancing Tenable.io Web Application Scanner Results appeared first on Security Boulevard.
The post Enhancing Tenable.io Web Application Scanner Results appeared first on Malware Devil.
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we speak to Point3 Security chief strategist Chloe Messdaghi, HaveIBeenPwned founder Troy Hunt, and We Hack Purple founder and CEO Tanya Janca about security fatigue.
Security fatigue is exactly what it sounds like. It’s the limit we all reach when security best practices become overbearing. It’s what prevents us from making a strong password for a new online account. It’s why we may not update our software despite repeated notifications.
And, importantly, it probably isn’t your fault.
Tune in to learn about security fatigue from the experts–how does it manifest in their professions, what have they seen, and what are the unforeseen outcomes to it–on the latest episode of Lock and Code, with host David Ruiz.
You can also find us on the Apple iTunes store, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.
Stay safe!
The post Beating security fatigue with Troy Hunt, Chloe Messdaghi, and Tanya Janca: Lock and Code S02E06 appeared first on Malware Devil.
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we speak to Point3 Security chief strategist Chloe Messdaghi, HaveIBeenPwned founder Troy Hunt, and We Hack Purple founder and CEO Tanya Janca about security fatigue.
Security fatigue is exactly what it sounds like. It’s the limit we all reach when security best practices become overbearing. It’s what prevents us from making a strong password for a new online account. It’s why we may not update our software despite repeated notifications.
And, importantly, it probably isn’t your fault.
Tune in to learn about security fatigue from the experts–how does it manifest in their professions, what have they seen, and what are the unforeseen outcomes to it–on the latest episode of Lock and Code, with host David Ruiz.
You can also find us on the Apple iTunes store, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.
Stay safe!
The post Beating security fatigue with Troy Hunt, Chloe Messdaghi, and Tanya Janca: Lock and Code S02E06 appeared first on Malware Devil.
Remote work is now ingrained into the fabric of how companies operate. Many have already realized this new working paradigm optimizes productivity. So much so, that an ever-growing list of companies – Salesforce, Facebook, Dropbox and more – have converted offices into “work studios,” allowing permanent remote work for 50% or more of their workforces…
The post Visibility, Context, Automation are Key to Security Control appeared first on Security Boulevard.
The post Visibility, Context, Automation are Key to Security Control appeared first on Malware Devil.
We are often told how particular threats were the responsibility of a certain nation-state, and that there was difference between those nations and cybercriminals. While it made good copy, the cybersecurity domain has always been crowded, and the collaboration between nation-states and criminal elements continues, with China and Russia the most glaring examples. The use..
The post Nation-State Cyberthreats Persist appeared first on Security Boulevard.
The post Nation-State Cyberthreats Persist appeared first on Malware Devil.
In our previous post, we reviewed the basics of the Azure RBAC mechanism, which lets users define and enforce fine-grained access to the resources in their Azure tenant. In this post, we’ll review the main Azure mechanisms that help you govern identities in your environment and provide access permissions in a way that lowers the […]
The post The Azure Identity Governance Tools appeared first on Ermetic.
The post The Azure Identity Governance Tools appeared first on Security Boulevard.
The post The Azure Identity Governance Tools appeared first on Malware Devil.
Cyber attackers can just as easily trick or fool you in messaging apps as they can in email. Be on the look-out for scams or attacks via apps such as Slack, Skype, WhatsApp or event simple text messaging. The most common clues are tremendous sense of urgency or curiosity.
Read More
The post Messaging / Smishing Attacks appeared first on Malware Devil.
This week is another best of episode with the man, the myth, the legend, Jayson E. Street! In this episode Jayson shares with us several of his greatest hacking and social engineering adventures. This is one classic episode you don’t want to miss! ** Links mentioned on the show ** Follow Jayson on Twitter https://twitter.com/jaysonstreet […]
The post Best of Episode: Interview with Jayson E. Street appeared first on The Shared Security Show.
The post Best of Episode: Interview with Jayson E. Street appeared first on Security Boulevard.
The post Best of Episode: Interview with Jayson E. Street appeared first on Malware Devil.
Digital attackers are increasingly launching sophisticated campaigns in an effort to target U.S. federal agencies and other organizations. Two recent examples demonstrate this reality. These are the SolarWinds supply chain attack and the HAFNIUM Exchange exploit campaign. The SolarWinds Supply Chain Attack In mid-December 2020, the security community learned that an advanced persistent threat (APT) […]… Read More
The post How Tripwire Can Help U.S. Federal Agencies Implement the CIS Controls appeared first on The State of Security.
The post How Tripwire Can Help U.S. Federal Agencies Implement the CIS Controls appeared first on Security Boulevard.
The post How Tripwire Can Help U.S. Federal Agencies Implement the CIS Controls appeared first on Malware Devil.
A skyrocketing number of alerts, limited security talent, and millions of new malware strains daily have made security a seemingly insurmountable task.
The post Five Clear Steps to Enhance SecOps with MITRE ATT@CK appeared first on Security Boulevard.
The post Five Clear Steps to Enhance SecOps with MITRE ATT@CK appeared first on Malware Devil.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1209
Vulnerability in IBM Runtime Environment Java Technology
Edition affects WebSphere eXtreme Scale
12 April 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: WebSphere eXtreme Scale
Publisher: IBM
Operating System: Linux variants
Windows
AIX
HP-UX
Solaris
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-27221
Reference: ESB-2021.1139
ESB-2021.0811
Original Bulletin:
https://www.ibm.com/support/pages/node/6441721
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: Vulnerability in IBM(R) Runtime Environment Java(TM) Technology
Edition affects WebSphere eXtreme Scale
Document Information
More support for:
WebSphere eXtreme Scale
Software version:
8.6
Operating system(s):
AIX, HP-UX, Linux, Solaris, Windows
Document number:
6441721
Modified date:
09 April 2021
UID
ibm16441721
Summary
There is a vulnerability in IBM Runtime Environment Java Technology Edition
Version 7 and 8 used by WebSphere eXtreme Scale. The issues were disclosed as
part of the IBM SDK, Java Technology Edition updates in February 2021.
Vulnerability Details
CVEID: CVE-2020-27221
DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow
when the virtual machine or JNI natives are converting from UTF-8 characters to
platform encoding. By sending an overly long string, a remote attacker could
overflow a buffer and execute arbitrary code on the system or cause the
application to crash.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
195353 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
+-----------------------+----------+
|Affected Product(s) |Version(s)|
+-----------------------+----------+
|WebSphere Extreme Scale|8.6.1 |
+-----------------------+----------+
|WebSphere Extreme Scale|8.6.0 |
+-----------------------+----------+
Remediation/Fixes
+-------------+---------+---------+-------------------------------------------+
| Product | VRMF | APAR | Remediation/First Fix |
+-------------+---------+---------+-------------------------------------------+
| WebSphere | | | Refer to the Version 8.6 table in the |
| eXtreme | 8.6.0.8 | PH34473 | Recommended Fixes page for WebSphere |
| Scale | | | eXtreme Scale. |
+-------------+---------+---------+-------------------------------------------+
| WebSphere | | | Refer to the Version 8.6.1 table in the |
| eXtreme | 8.6.1.4 | PH34473 | Recommended Fixes page for WebSphere |
| Scale | | | eXtreme Scale. |
+-------------+---------+---------+-------------------------------------------+
Workarounds and Mitigations
None
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
08 Apr 2021: Initial Publication
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Document Location
Worldwide
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYHOhu+NLKJtyKPYoAQhXnw//fnhJSZByXP821pco5iJtCfi7QQ/qCMUV
5pE2eKljbMeKBzJV4FAAi96jm/txH/gqo9VzUqyAMjfzdveeuDMvBWtxGL+HEiFM
eyDw1m+Vg0aM3E/J8p8LYM60PUzNTLb07pDBrcErZ1aBscXRnPxeOC6gtchDMzsl
z908P9QyWyjx5dYh3Y0tQJrFD13poPiAbGfzS4H65nBhh9DkauLwPrvOBvWQWKXf
QxVfGe+qpyzFDtymCrN/+mspGviN8PPYrAC/GDNT2/K7+99gKtKP3GoNtCxg5S+q
Vwv8QeYqwuRQPEAPx5R28yi4IeWkxvVf4LcyiZs6Pe5nWuP/WHXrhM6650Sm3dhz
8lmVRMcgJn25OKosDQCCEzJoZ9vxVPpYKs2mMO/NGVXDNylNMPH8DaFuK126Swfh
LMuTDdaIPBrDt9QElIZEX15mnVh/Bd5xC8UOWmZ7WzenaLDOdQwj9fcAmjiZRhX4
rJ30CGcmxpuh2ESl7BRd3fhFXLHSCNbVLfAkFbt+g89HH5R1vccSpf/JO2MlGxv7
n8yIYf4TWDcITkP2oeDdukC1gAvVkDNazDEdlHrce4qprHfng2cGRi2z6ZULZSkp
0lPRsI9exhI5dSmonKWODCrytg1UUJxxz0RzW1Ok25iuJGta9K+VEw/6dGUjPCu9
oSGaSJ1pg/Y=
=EZLQ
-----END PGP SIGNATURE-----
The post ESB-2021.1209 – [Win][Linux][HP-UX][Solaris][AIX] WebSphere eXtreme Scale: Multiple vulnerabilities appeared first on Malware Devil.
In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...
