Cyber Security

Network Configuration Audit – Why its More Important Than Ever Now?

Network Configuration Audit – Why its More Important Than Ever Now?

Network Configuration Audit is more important than ever now. To best visualize how an enterprise network has changed over the past few months, all a network administrator must do is open their network monitoring system (MNS) and view the shift in data flows across the LAN, WAN, and network edge. While a significant part of these data flow shifts have occurred due to modified work-from-home policies over the past 2 years, other changes came about through planned cloud and edge computing migrations. These changes highlight the importance of network configuration audit after some defined time period. What is Network Configuration…
Read More
New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email

New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email

Cybersecurity researchers of SonarSource have discovered multiple security vulnerabilities in Zimbra Email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious email message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. The flaws which tracked as CVE-2021-35208 and CVE-2021-35208 were discovered and reported in Zimbra 8.8.15 by researchers from code quality and security solutions provider SonarSource in May 2021. Mitigations for these bugs have since been released in Zimbra versions 8.8.15 Patch 23 and 9.0.0 Patch 16. CVE-2021-35208 - Stored XSS Vulnerability in ZmMailMsgView.java CVE-2021-35209 - Proxy Servlet Open…
Read More
Zoom Phishing Scam Aims To Steal Login Credentials

Zoom Phishing Scam Aims To Steal Login Credentials

As individuals and businesses become increasingly dependent on video conferencing to stay connected during the Covid-19 outbreak, fraudsters have used the opportunity to target users with a malicious Zoom phishing scam. The Zoom phishing scam begins with an email that impersonates a notification from the video conferencing platform. The email informs the recipient in different tricky ways like you have recently missed a scheduled meeting. It encourages the user to click the link for more details and access a recording of the meeting. your account has been suspended (but can be reactivated by clicking on the attached link), or you…
Read More
Microsoft issues Guidance for DNS Cache Poisoning Vulnerability

Microsoft issues Guidance for DNS Cache Poisoning Vulnerability

Microsoft issued guidance on how to mitigate a DNS cache poisoning vulnerability reported by security researchers from the University of California and Tsinghua University. Successfully exploiting the vulnerability could allow attackers to use modified DNS records to redirect a target to a malicious website under their control as part of DNS spoofing (also known as DNS cache poisoning) attacks. The end goal of such attacks is to either exploit device or software vulnerabilities to infect the target with malware or to harvest sensitive information via a phishing landing page. Impacts multiple Windows server platforms The addressing spoofing vulnerability - tracked as CVE-2020-25705 and nicknamed…
Read More
Github Code Scanning – Vulnerability Scanner by Justin Hutchings

Github Code Scanning – Vulnerability Scanner by Justin Hutchings

GitHub code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. We’re thrilled to announce the general availability of code scanning. You can enable it on your public repository today! One year ago, GitHub welcomed Semmle. We’ve since worked to bring the revolutionary code analysis capabilities of its CodeQL technology to GitHub users as a native capability. At GitHub Satellite in May, we released the first beta of our native integration: code scanning. Now, thanks to the thousands of developers in the community who tested and gave feedback, we’re proud to announce that code scanning is generally available. Code scanning…
Read More
Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices

Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices

A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called "Gitpaste-12," which used GitHub to host malicious code containing as many as 12 known attack modules that are executed via commands downloaded from a Pastebin URL. The attacks occurred during a 12-day period starting from October 15, 2020, before both the Pastebin URL and repository were shut down on October 30, 2020. Now according to…
Read More
PgMiner botnet attacks weakly secured PostgreSQL databases

PgMiner botnet attacks weakly secured PostgreSQL databases

Security researchers have discovered this week a botnet operation that targets PostgreSQL databases to install a cryptocurrency miner. Codenamed by researchers as PgMiner, the botnet is just the latest in a long list of recent cybercrime operations that target web-tech for monetary profits. According to researchers at Palo Alto Networks' Unit 42, the botnet operates by performing brute-force attacks against internet-accessible PostgreSQL databases. The attacks follow a simple pattern. The botnet randomly picks a public network range (e.g., 18.xxx.xxx.xxx) and then iterates through all IP addresses part of that range, searching for systems that have the PostgreSQL port (port 5432) exposed…
Read More
Microsoft exposes Adrozek, a malware that hijacks Chrome, Edge, and Firefox

Microsoft exposes Adrozek, a malware that hijacks Chrome, Edge, and Firefox

Microsoft has raised the alarm today about a new malware strain that infects users' devices and then proceeds to modify browsers and their settings in order to inject ads into search results pages. Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers - Microsoft 365 Defender Research Team Named Adrozek, the malware has been active since at least May 2020 and reached its absolute peak in August this year when it controlled more than 30,000 browsers each day. Such a sustained, far-reaching campaign requires an expansive, dynamic attacker infrastructure. We tracked 159 unique domains, each hosting…
Read More
Tinfoleak – The most complete Open-source tool for Twitter Intelligence Analysis

Tinfoleak – The most complete Open-source tool for Twitter Intelligence Analysis

tinfoleak is an open-source tool within the OSINT (Open Source Intelligence) and SOCMINT (Social Media Intelligence) disciplines, that automates the extraction of information on Twitter and facilitates subsequent analysis for the generation of intelligence. Taking a user identifier, geographic coordinates or keywords, tinfoleak analyzes the Twitter timeline to extract great volumes of data and show useful and structured information to the intelligence analyst. tinfoleak is included in several Linux Distros: Kali, CAINE, BlackArch and Buscador. It is currently the most comprehensive open-source tool for intelligence analysis on Twitter. tinfoleak can extract the following information: Account info / User Activity / Protected Accounts / User Relations Source Applications / User Devices…
Read More

Hackers are actively probing millions of WordPress sites

As of Nov 22, 2020, Unknown threat actors are scanning for WordPress websites with Epsilon Framework based themes installed on over 150,000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers. "So far today, we have seen a surge of more than 7.5 million attacks against more than 1.5 million sites targeting these vulnerabilities, coming from over 18,000 IP addresses," Wordfence QA engineer and threat analyst Ram Gall said. The ongoing large-scale wave of attacks against potentially vulnerable WordPress websites is targeting recently patched vulnerabilities. While the security flaws found during the last few months in themes using…
Read More