Author Archives: Zeljka Zorz

Cisco plugs bucketful of security holes in industrial routers, switches

Cisco has fixed more than two dozen critical and high-severity security vulnerabilities affecting operating systems running on the company’s carrier-grade and industrial routers and switches. About the vulnerabilities OSes affected by various combinations of the now-fixed flaws include: Cisco IOS – a family of network operating systems used on many Cisco Systems routers and network switches IOS XE – installed on a variety of Cisco controllers, switches, edge, branch and virtual routers IOS XR – … More

The post Cisco plugs bucketful of security holes in industrial routers, switches appeared first on Help Net Security.

Zoom to offer end-to-end encryption only to paying customers

As Zoom continues on its path to bring end-to-end encryption (E2EE) to users, the big news is that only paid users will have access to the option. “Free users for sure we don’t want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose,” Zoom CEO Eric Yuan said on a company earnings call on Tuesday. Zoom encryption and … More

The post Zoom to offer end-to-end encryption only to paying customers appeared first on Help Net Security.

Office 365 users: Beware of fake company emails delivering a new VPN configuration

Phishers are impersonating companies’ IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into providing their Office 365 login credentials. Yet another Office 365 phishing campaign “The sender email address is spoofed to impersonate the domain of the targets’ respective organizations. The link provided in the email allegedly directs to a new VPN configuration for home access. Though the link appears to be related to … More

The post Office 365 users: Beware of fake company emails delivering a new VPN configuration appeared first on Help Net Security.

Things to keep in mind when downloading apps from G Suite Marketplace

Security researchers have tested nearly 1,000 enterprise apps offered on Google’s G Suite Marketplace and discovered that many ask for permission to access to user data via Google APIs as well as to communicate with (sometimes undisclosed) external services. “The request to ‘Connect to an external service’ is notable, as it indicates apps can communicate with other online APIs that neither Google nor the app developer might not control,” they pointed out. They also noted … More

The post Things to keep in mind when downloading apps from G Suite Marketplace appeared first on Help Net Security.

The “return” of fraudulent wire transfers

Ransomware gangs targeting businesses are currently getting more public attention, but scammers trying to trick employees into performing fraudulent wire transfers are once again ramping up their efforts, US-headquartered law firm BakerHostetler has warned. BEC scams and fraudulent wire transfers The same tactics have been employed by BEC scammers for years, but businesses of all sizes continue to fall for them. The scam is usually discovered when the accounting department of a company starts seeing … More

The post The “return” of fraudulent wire transfers appeared first on Help Net Security.

VMware Cloud Director vulnerability enables a full cloud infrastructure takeover

A code injection vulnerability (CVE-2020-3956) affecting VMware vCloud Director could be exploited to take over the infrastructure of cloud services, Citadelo researchers have discovered. About VMware vCloud Director and CVE-2020-3956 VMware Cloud Director (formerly known as vCloud Director) is a cloud service delivery platform used by public and private cloud providers to operate and manage cloud infrastructure. CVE-2020-3956 was discovered by Citadelo penetration testers during a security audit of a customer’s VMWare Cloud Director-based cloud … More

The post VMware Cloud Director vulnerability enables a full cloud infrastructure takeover appeared first on Help Net Security.

New propagation module makes Trickbot more stealthy

Trickbot infections of Domain Controller (DC) servers has become more difficult to detect due to a new propagation module that makes the malware run from memory, Palo Alto Networks researchers have found. That also means that the malware infection can’t survive a shutdown or reboot of the system, but the stealth vs persistence tradeoff is likely to work in the attackers’ favor since servers are rarely shut down or rebooted. Trickbot’s evolution Trickbot started as … More

The post New propagation module makes Trickbot more stealthy appeared first on Help Net Security.

Hackers breached six Cisco servers through SaltStack Salt vulnerabilities

Earlier this month, when F-Secure publicly revealed the existence of two vulnerabilities affecting SaltStack Salt and attackers started actively exploiting them, Cisco was among the victims. The revelation was made on Thursday, when Cisco published an advisory saying that, on May 7, 2020, they’ve discovered the compromise of six of their salt-master servers, which are part of the Cisco VIRL-PE (Internet Routing Lab Personal Edition) service infrastructure. About SaltStack Salt, the vulnerabilities, and the problem … More

The post Hackers breached six Cisco servers through SaltStack Salt vulnerabilities appeared first on Help Net Security.

NSA warns about Sandworm APT exploiting Exim flaw

The Russian APT group Sandworm has been exploiting a critical Exim flaw (CVE-2019-10149) to compromise mail servers since August 2019, the NSA has warned in a security advisory published on Thursday. “When CVE-2019-10149 is successfully exploited, an actor is able to execute code of their choosing. When Sandworm exploited CVE-2019-10149, the victim machine would subsequently download and execute a shell script from a Sandworm-controlled domain,” they said. The script would then attempt to add privileged … More

The post NSA warns about Sandworm APT exploiting Exim flaw appeared first on Help Net Security.

New fuzzing tool for USB drivers uncovers bugs in Linux, macOS, Windows

With a new fuzzing tool created specifically for testing the security of USB drivers, researchers have discovered more than two dozen vulnerabilities in a variety of operating systems. “USBFuzz discovered a total of 26 new bugs, including 16 memory bugs of high security impact in various Linux subsystems (USB core, USB sound, and network), one bug in FreeBSD, three in macOS (two resulting in an unplanned reboot and one freezing the system), and four in … More

The post New fuzzing tool for USB drivers uncovers bugs in Linux, macOS, Windows appeared first on Help Net Security.

StrandHogg 2.0: Critical Android flaw allows app hijacking, data theft

Google has released a patch for CVE-2020-0096, a critical escalation of privilege vulnerability in Android that allows attackers to hijack apps (tasks) on the victim’s device and steal data. Dubbed StrandHogg 2.0 because its similar to the StrandHogg vulnerability exploited by hackers in late 2019, it affects all but the latest version of Android. The good news is, though, that there is no indication it is being actively used by attackers. About StrandHogg 2.0 (CVE-2020-0096) … More

The post StrandHogg 2.0: Critical Android flaw allows app hijacking, data theft appeared first on Help Net Security.

Account credentials of 26+ million LiveJournal users leaked online

A data dump containing account information of over 26 million LiveJournal users has been offered for sale on dark web marketplaces and is now being shared for free on underground hacker forums. The data dump, supposedly originating from a 2014 LiveJournal breach, contains email addresses, usernames, profile URLs and plain text passwords of 33+ million users. After removing duplicates, Troy Hunt has added the dump to the Have I Been Pwned? service, which potentially affected … More

The post Account credentials of 26+ million LiveJournal users leaked online appeared first on Help Net Security.

Malware opens RDP backdoor into Windows systems

A new version of the Sarwent malware can open the Remote Desktop Protocol (RDP) port on target Windows computers to make sure that crooks can find their way back into the system through the backdoor. Whether that access is used later by the same crooks or sold to ransomware gangs or cyber espionage groups is unknown, but affected users should know that removing the malware does not close that particular “backdoor”. Sarwent’s new capabilities Sarwent … More

The post Malware opens RDP backdoor into Windows systems appeared first on Help Net Security.

Cisco fixes critical RCE flaw in call center solution

Cisco has patched a critical remote code execution hole (CVE-2020-3280) in Cisco Unified Contact Center Express, its “contact center in a box” solution, and is urging administrators to upgrade to a fixed software version. About the vulnerability (CVE-2020-3280) Flagged by prolific bug hunter Brenden Meeder of Booz Allen Hamilton, CVE-2020-3280 is a vulnerability in the Java Remote Management Interface of the UCCX solution. “The vulnerability is due to insecure deserialization of user-supplied content by the … More

The post Cisco fixes critical RCE flaw in call center solution appeared first on Help Net Security.

Signal fixes location-revealing flaw, introduces Signal PINs

Signal has fixed a vulnerability affecting its popular eponymous secure communications app that allowed bad actors to discover and track a user’s location. The non profit organization has also announced on Tuesday a new mechanism – Signal PINs – that will, eventually, allow users not to use their phone number as their user ID. About the vulnerability The vulnerability, discovered by Tenable researcher David Wells, stems from the fact that the WebRTC fork used by … More

The post Signal fixes location-revealing flaw, introduces Signal PINs appeared first on Help Net Security.

Beware of phishing emails urging for a LogMeIn security update

LogMeIn users are being targeted with fake security update requests, which lead to a spoofed phishing page. “Should recipients fall victim to this attack, their login credentials to their LogMeIn account would be compromised. Additionally, since LogMeIn has SSO with Lastpass as LogMeIn is the parent company, it is possible the attacker may be attempting to obtain access to this user’s password manager,” Abnormal Security noted. The fake LogMeIn security update request The phishing email … More

The post Beware of phishing emails urging for a LogMeIn security update appeared first on Help Net Security.

Chrome 83: Enhanced Safe Browsing, Secure DNS, a Safety Check

Google has released version 83 of it’s popular Chrome web browser, which includes new security and privacy features and fixes for security issues. Chrome 83: New and improved security and privacy features The enhanced Safe Browsing mode will allow users to get a more personalized protection against malicious sites. “Phishing sites rotate domains very quickly to avoid being blocked, and malware campaigns are directly targeting at-risk users,” Google explained. “Turning on Enhanced Safe Browsing will … More

The post Chrome 83: Enhanced Safe Browsing, Secure DNS, a Safety Check appeared first on Help Net Security.

Vulnerability in Qmail mail transport agent allows RCE

Qualys researchers have found a way to exploit an previously known (and very old) vulnerability in Qmail, a secure mail transport agent, to achieve both remote code execution (RCE) and local code execution. The Qmail RCE flaw and other vulnerabilities In 2005, security researcher Georgi Guninski unearthed three vulnerabilities in Qmail, which – due to its simplicity, mutually untrusting modules and other specific development choices made by its creator Daniel J. Bernstein – is still … More

The post Vulnerability in Qmail mail transport agent allows RCE appeared first on Help Net Security.

EasyJet data breach: 9 million customers affected

British low-cost airline group EasyJet has revealed on Tuesday that it “has been the target of an attack from a highly sophisticated source” and that it has suffered a data breach. The result? Email address and travel details of approximately 9 million customers and credit card details (including CVV numbers) of 2,208 customers were accessed. How did the attackers manage to breach EasyJet? EasyJet did not share in their official notice about the incident when … More

The post EasyJet data breach: 9 million customers affected appeared first on Help Net Security.

Money is still the root of most breaches

Verizon has released its annual Data Breach Investigations Report (DBIR), which offers an overview of the cyber security incidents and data breaches that happened in/were discovered in the past year. Based on an analysis of incident and breach reports by 81 contributing organizations – companies, CERTs, law enforcement agencies and cybercrime units, etc. – from around the world, the DBIR offers insight into current cyber attack trends and the threats organizations in various industry verticals … More

The post Money is still the root of most breaches appeared first on Help Net Security.

Criminals boost their schemes with COVID-19 themed phishing templates

Phishers are incessantly pumping out COVID-19 themed phishing campaigns and refining the malicious pages the targets are directed to. “Credential phishing attackers often tailor their email lures with themes they believe will be the most effective and use general websites for actual credential harvesting. The recent move to create custom COVID-19 payment phishing templates indicates that buyers view them as effective enough to warrant custom tactics to harvest credentials,” Proofpoint researchers have noted. The COVID-19 … More

The post Criminals boost their schemes with COVID-19 themed phishing templates appeared first on Help Net Security.

Windows 10 users get protection against PUAs

Windows 10 users who upgrade to v2004 will finally be able to switch on a longstanding Windows Defender feature that protects users against potentially unwanted applications (PUAs). What are PUAs? Also called PUPs (potentially unwanted programs), PUAs are applications that often cannot be outright classified as malware, but still violate users’ security and privacy interests. Some examples of PUAs: Adware and ad-injectors (software that pushes ads onto users without their permission) Software that tracks how … More

The post Windows 10 users get protection against PUAs appeared first on Help Net Security.