Search Results for “ZDNet”


April 15, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Chrome Bans Forty-Nine Malicious Chrome Extensions Which Posed as Legitimate Cryptocurrency Wallet Apps But Stole Keys, Phrases and Secrets

Google has removed 49 Chrome extensions from its web store, which posed as legitimate cryptocurrency wallet apps but contained malicious code that stole crypto-wallet private keys, mnemonic phrases, and other raw secrets. Google took this action after the extensions were discovered and reported by Harry Denley, Director of Security at the MyCrypto platform. The extensions, which pose as known crypto-wallets apps such as Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey, appear to have been put together by the same person or group, believed to be a Russian-based threat actor. The extensions appear to work like the legit ones, but any data a victim enters during the configuration steps are sent to one of the attacker’s servers or a Google Form. Denley has tied some publicly reported thefts to the faux extensions.

April 17, 2020
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
New PoetRAT Trojan Targets Azerbaijan Public and Private Sector Victims, Particularly Energy Sector Organizations, Gives Attackers Full Control Over Compromised Systems

A new campaign that uses Word documents to drop malware based on a previously unknown family dubbed “PoetRAT” is targeting the Azerbaijan public and private sectors, especially the energy sector, using coronavirus lures, researchers at Cisco Talos report. The researchers say that the threat actor is unknown but uses URLs that mimic some Azerbaijan government domains. PoetRAT has all the standard features of a Python-based remote access trojan (RAT) and is capable of giving the attacker full control over the compromised system.

June 8, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Security Vulnerabilities in Top Open Source Projects Doubled in 2019, Jenkins Automation Server and MySQL Database Server Had Most Weaponized Vulnerabilities

According to a study conducted by RiskSense entitled “The Dark Reality of Open Source,” security vulnerabilities in the top 54 open source projects doubled in 2019, going from 421 bugs reported in 2018 to 968 last year. The company found 2,694 bugs reported in popular open-source projects between 2015 and March 2020. Of all the 54 projects the firm analyzed, the Jenkins automation server and the MySQL database server had the most weaponized vulnerabilities since 2015, both with 15.

June 9, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Microsoft Pushes Out Patches for 120 Vulnerabilities Across Its Product Lines, Biggest Patch Tuesday in Company’s History

Microsoft released its June 2020 Patch Tuesday that contained patches for 120 vulnerabilities across its product lines, the largest Patch Tuesday in the company’s history. Despite the numerous fixes, none of the flaws were exploited in the wild before Microsoft released the patches.

Related: Bleeping Computer, Qualys Blog, The Hacker News, Threatpost, Microsoft, The Register, Zero Day Initiative – Blog, Reddit – cybersecurity, gHacks, US-CERT Current Activity, Chemical Facility Security News, Krebs on Security

Tweets:@LindseyOD123 @jorgeorchilles


May 22, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Hackers Switched Up Tactics After Sophos Fixed Vulnerability In Firewall Product, Tried to Deploy Ransomware Instead of Stealing Data

UK cybersecurity company Sophos said that following fixes it applied after a series of attacks aimed to exploit a zero-day vulnerability in its XG firewall product, the attackers panicked and modified their attack routine. They switched up tactics and replaced their original data-stealing payload and tried to deploy ransomware on corporate networks protected by Sophos firewalls. The initial attacks occurred on April 22 and April 26. The new attacks, which failed, included a payload chain encompassing EternalBlue, DoublePulsar and Ragnarok exploits, implants, and malware.

June 25, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Sony Launches Bug Bounty Program for PlayStation Console, System Accessories and Network, Payouts Go Up to $50,000 or More

Sony launched a bug bounty program for the PlayStation Network and the PlayStation 4 gaming console. Relying on the HackerOne bug bounty platform, Sony will pay between $100 and up to $50,000 (or even higher) for vulnerabilities reported in the company’s products. Eligible services include the Sony PlayStation 4 gaming console, its operating system, official PS4 accessories, but also the PlayStation Network and related websites.

Related: Security News | Tech Times, WCCFtech, MobileSyrup.com, CNET News, HackerOne, TechCrunch, Game Rant – Feed, Engadget, Digital Trends, Bleeping Computer

Tweets:@Hacker0x01


April 6, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Popular Hacking Forum OGUsers Experiences Second Data Breach in a Year, Data for All 200,000 Users Posted on Rival Hacking Forum

One of the most popular forums on the Internet for hackers, OGUsers, experienced its second data breach in a year when someone was able to breach the server through a shell in avatar uploading in the forum software and get access to the current database dated April 2, 2020. As was true of the previous breach, the OGUsers data was leaked on a rival hacking forum. The attacker is believed to have stolen the details of more than 200,000 users, the total number of users on the forum.  The breach was spotted by data breach monitoring service Under the Breach before the forum was put into maintenance mode by its administrators. Administrators said they reset passwords and urged users to enable two-factor authentication (2FA) for their accounts, so any of the data taken in the hack can’t be used to hijack accounts.

June 30, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Google Removed Twenty-Five Android Apps From Play Store That Were Caught Stealing Facebook Credentials

Google has removed 25 Android applications from the Google Play Store that were caught stealing Facebook credentials, according to French cybersecurity firm Evina. Before they were taken down, the apps, which masqueraded as step counters, image editors, video editors, wallpaper apps, flashlight applications, file managers, and mobile games. were collectively downloaded more than 2.34 million times. Google removed the apps earlier this month, after verifying the French security firm’s findings.

Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
US Cyber Command Urges Patch for Highly Severe Security Bug in PAN-OS, Operating System Running on Palo Alto Networks’ Firewalls, Enterprise VPNs

US Cyber Command warned that foreign state-sponsored hacking groups are likely to exploit a significant security bug disclosed in PAN-OS, the operating system running on firewalls and enterprise VPN appliances from Palo Alto Networks. The CVE-2020-2021 vulnerability is one of those rare security bugs that received a 10 out of 10 score on the CVSSv3 severity scale, meaning it’s easy-to-exploit, and it’s remotely exploitable. Palo Alto Networks said the bug is only exploitable if the ‘Validate Identity Provider Certificate’ option is disabled and if SAML (Security Assertion Markup Language) is enabled.

Related: Rapid7, iTnews – Security, Bleeping Computer, Tenable Blog, US-CERT Current ActivityPalo Alto Networks, Decipher, Cyberscoop, IT Pro, Threatpost, Security Affairs, CyberSecurity Help s.r.o., TechNadu, TechCrunch, Computer Business Review, isssource.com, Computer Business Review, Cyberscoop, TechCrunch, CRN, Security Affairs, Infosecurity Magazine, Ars Technica, Threatpost, Dark Reading

Tweets:@CNMF_CyberAlert @wdormann @deciphersec @iancoldwater @kpyke @GossiTheDog @WylieNewmark @jfslowik @RGB_Lights

Rapid7: CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed
iTnews – Security: Monash Uni infosec staff find gaping security hole in Palo Alto Networks gear
Bleeping Computer: Palo Alto Networks patches critical vulnerability in firewall OS
Tenable Blog: CVE-2020-2021: Palo Alto Networks PAN-OS Vulnerable to Critical Authentication Bypass Vulnerability
US-CERT Current Activity: Palo Alto Releases Security Updates for PAN-OS
Palo Alto Networks: CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication
Decipher: Palo Alto Fixes Critical Authentication Bypass Flaw
Cyberscoop : US Cyber Command highlights Palo Alto Networks security patch, citing foreign espionage
IT Pro: Hackers primed to exploit CVSS 10-rated flaw in Palo Alto’s PAN-OS | IT PRO
Threatpost: CISA: Nation-State Attackers Likely to Exploit Palo Alto Networks Bug
Security Affairs: Palo Alto Networks fixes a critical flaw in firewall PAN-OS
CyberSecurity Help s.r.o.: Palo Alto Networks fixes major bag in firewall PAN-OS
TechNadu: US Cyber Command Warns About Imminent PAN-OS Bug Exploit Wave
TechCrunch: US government agency warns of fresh Palo Alto VPN security flaw
Computer Business Review: Urgent Call to Patch New Palo Alto Vulnerability: “Foreign APTs will Attempt Exploit Soon”
isssource.com: Palo Alto Networks Fixes PAN-OS Vulnerability
Computer Business Review: Urgent Call to Patch New Palo Alto Vulnerability: “Foreign APTs will Attempt Exploit Soon”
Cyberscoop : US Cyber Command highlights Palo Alto Networks security patch, citing foreign espionage
TechCrunch: US government agency warns of fresh Palo Alto VPN security flaw
CRN: Palo Alto Networks Vulnerability Could Be Exploited By Foreign Hackers: Feds
Security Affairs : APTs will exploit Palo Alto Networks’s PAN-OS flaw soon, US Cyber Command says
Infosecurity Magazine: US Government Warns of Palo Alto Vulnerability
Ars Technica: Foreign adversaries likely to exploit critical networking bug, US says
Threatpost: CISA: Nation-State Attackers Likely to Exploit Palo Alto Networks Bug
Dark Reading: Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn

@CNMF_CyberAlert: Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use. Foreign APTs will likely attempt exploit soon. We appreciate @PaloAltoNtwks ’ proactive response to this vulnerability.
@wdormann: Palo Alto users with SAML authentication enabled take note: https://security.paloaltonetworks.com/CVE-2020-2021 This one is a CVSS 10.0, if that's your thing.
@deciphersec: Palo Alto Fixes Critical Authentication Bypass Flaw https://decipher.sc/palo-alto-fixes-critical-authentication-bypass-flaw #decipher #deciphersec
@iancoldwater: If you use Palo-Alto firewalls with SAML -- particularly with GlobalProtect VPN -- you should patch this now, because it's going to get wild out there.
@kpyke: Given the demonstrated desire by multiple actors to compromise VPN endpoints and other gateways over the past two years, I strongly advise you prioritize patching this.
@GossiTheDog: If you use Palo-Alto firewalls with SAML -- particularly with GlobalProtect VPN -- you probably want to urgently patch this. Also researchers should probably avoid disclosing details publicly for a window to give orgs time to mitigate.
@WylieNewmark: CVE-2020-2021: shit is about to get real raw for awhile
@jfslowik: #CVE20202021 #PatchYoShit
@RGB_Lights: Critical authentication bypass on Palo Alto Networks firewalls and corporate VPNs. Need to update to latest OS. There are not many vulnerabilities assigned a 10 out of 10 scores (CVE-2020-2021)


April 6, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Russian Telco Rostelecom Redirected Traffic for More than 200 of the World’s Largest CDNs in BGP Hijack Incident

Last week traffic meant for more than 200 of the world’s largest content delivery networks (CDNs) and cloud hosting providers was suspiciously redirected through Rostelecom, Russia’s state-owned telecommunications provider in a BGP (border gateway protocol) hijack incident that affected more than 8,800 internet traffic routes from 200+ networks, and lasted for about an hour. Among the companies impacted were giants, including Google, Amazon, Facebook, Akamai, Cloudflare, GoDaddy, Digital Ocean, Joyent, LeaseWeb, Hetzner, and Linode. Although some experts believe the hijack was an accident, it was exacerbated when Rostelecom’s upstream providers took the newly announced BGP routes and re-broadcast them all over the internet, amplifying the BGP hijack within seconds.

Related: Reddit – cybersecurity, Security Affairs, MANRS

Tweets:@James_inthe_box @atoonk @SilentCircle