Collaborate Disseminate
A WebLogic server vulnerability fixed by the October CPU has come under active exploitation after a Vietnamese language blog post detailed the steps needed to bypass authentication and achieve remote code execution on unpatched systems. Although there … Continue reading A WebLogic Vulnerability Highlights the Path-Based Authorization Dilemma
Some years ago, during the renaissance of security information and event management (SIEM), security became log crazy. The hope was that by gathering logs from networking and security devices and running them through the SIEM, security events could be… Continue reading A Return to Logs to Unjam the Security Deficit
In our October monthly episode we finish our three part series on targeted attacks. In this episode we discuss the exploit and malware analysis with special guest Tyler Hudak, Incident Response Practice Lead at TrustedSec. Make sure you watch the YouTu… Continue reading Targeted Attacks Part 3 – The Exploit
A mysterious cyber-espionage group, active for nearly a decade but documented in detail by private researchers for the first time Friday, has been hacking into government organizations in Eastern Europe in search of secrets. The hacking group has targeted military organizations, foreign ministries and private firms in Russia, Ukraine, Belarus and the Balkans with pinpoint espionage. Researchers from the anti-virus firm ESET, which claimed the discovery and christened the group “XDSpy,” said the attackers have been scouring a few dozen computers in search of sensitive PDF and Microsoft Word documents. One of the few other public indicators that XDSpy was on the prowl came from a February advisory from the Belarusian government’s National Computer Emergency Response Team. That statement listed four Belarusian government email accounts that had been compromised by the attackers, but warned that various government officials had been targeted. The broader region has long been subject to cyber-espionage activity, as hackers from […]
The post Before targeting Belarus, Eastern Europe-focused hackers flew under the radar appeared first on CyberScoop.
Continue reading Before targeting Belarus, Eastern Europe-focused hackers flew under the radar
For several days, security experts have urged organizations to fix a critical vulnerability in a Microsoft protocol that hackers could use to steal sensitive data. Now, U.S. government agencies don’t have a choice but to act. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency on late Friday evening ordered federal civilian agencies to apply a patch for the vulnerability by the end of the day Monday. The “emergency directive” — only the fourth ever issued by the agency — reflects the “unacceptable risk” the vulnerability poses to federal agencies because the affected software is used throughout the government, officials said. The bug is the latest in a bevy of critical flaws to emerge in popular software this year. In response, CISA has increasingly used its emergency-directive authority to try to keep foreign spies or criminals from burrowing into federal networks. In July, CISA gave agencies 24 hours to address another […]
The post CISA orders agencies to quickly patch critical Netlogon bug appeared first on CyberScoop.
Continue reading CISA orders agencies to quickly patch critical Netlogon bug
Nothing brings urgency to a software vulnerability like an exploit demonstrating its potency. That’s what happened Monday when researchers at Dutch cybersecurity company Secura released a “proof of concept” exploit for a vulnerability in the Netlogon protocol that Microsoft employs to authenticate users and updated passwords within a domain. The vulnerability could allow “an attacker with a foothold on your internal network to essentially become [domain administrator] with one click,” as Secura analysts put it. That means an attacker could “impersonate any computer, including the domain controller itself, and execute remote procedure calls on their behalf.” Within hours of Secura publishing its analysis, U.S. government officials were telling corporations and agencies to pay attention and apply the patch that Microsoft issued last month. The episode highlights how, with thousands of software vulnerabilities released each year, some matter much more than others and prompt influential voices in the industry to sound […]
The post After researchers test Microsoft Netlogon exploit, feds tell users to patch now or suffer later appeared first on CyberScoop.
Unidentified hackers are trying to exploit critical vulnerabilities in router software made by Cisco while the networking giant scrambles to address the issues. The bugs, which Cisco revealed Saturday, could allow an attacker to remotely break into a device running the software and exhaust the memory on the device. That, in turn, could destabilize “interior and exterior routing protocols” on an affected network, Cisco said in an advisory. It’s unclear when a patch will be ready; “as soon as possible” is all a Cisco spokesperson would say. The company made recommendations for mitigating the vulnerability until a patch is available. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency encouraged users to check for “indicators of compromise’ or signs of malicious cyber activity. It’s unclear who is attempting to exploit the vulnerability. With the advisory out, cybersecurity incident responders will be watching for any additional hacking. Justin Elze, a […]
The post Cisco says it will issue patch ‘as soon as possible’ for bugs hackers are trying to exploit appeared first on CyberScoop.
The initial release of yVault contained logic for computing the price of yUSDC that could be manipulated by an attacker to drain most (if not all) of the pool’s assets. Fortunately, Andre, the developer, reacted incredibly quickly and disabled th… Continue reading Accidentally stepping on a DeFi lego
A first-stage malware loader spotted in active campaigns has added additional exploits and a new backdoor capability. Continue reading Golang Worm Widens Scope to Windows, Adds Payload Capacity
A newly discovered software vulnerability could allow hackers to remotely exploit home internet routers, offering a foothold for breaking into the devices running on those networks. Researchers say the flaw in routers made by Netgear — revealed this week by cybersecurity company GRIMM and Trend Micro’s Zero Day Initiative (ZDI) — underscores the long-running challenge of improving security in a market that prizes affordable and functional networking equipment. Netgear told CyberScoop on Wednesday that it was close to releasing a patch for the vulnerability. The flaw affects how Netgear devices handle incoming data and could let hackers who manage to connect to the router to bypass its authentication process using a software exploit. The router could then be a pathway to other devices, such as a laptop housing sensitive work information. (Breaking into the laptop would likely require an additional exploit.) The findings show how the potential impact of a bug can grow as investigations proceed. Researchers initially singled out […]
The post Netgear moves to plug vulnerability in routers after researchers find zero-day appeared first on CyberScoop.
Continue reading Netgear moves to plug vulnerability in routers after researchers find zero-day