Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product
thehackernews.com/2021/01/exclusive-sonicwall-hacked-using-0-day.html SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. “Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products, ” the company exclusively told The Hacker News. Also:
Varo! Suomalaisten WhatsApp-tilejä kaapataan uusin keinoin tee tämä muutos heti
www.is.fi/digitoday/tietoturva/art-2000007758396.html WhatsApp-tilien vahvistuskoodeja ongitaan uusilla koukuilla. Käyttäjien tulee harkita vakavasti kaksivaiheista tunnistusta.
Huijarit iskivät Anne-Marin nettikaupan asiakkaisiin Instagram ja Facebook eivät tee mitään
www.is.fi/digitoday/tietoturva/art-2000007757220.html Väärät käyttäjätilit onnistuivat erehdyttämään ainakin yhden Ihanaiset-verkkokaupan asiakkaan.
Experts Detail A Recent Remotely Exploitable Windows Vulnerability
thehackernews.com/2021/01/experts-detail-recent-remotely.html More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager (NTLM) that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 (CVSS score 4.3), was described as a “remotely exploitable” flaw found in a vulnerable component bound to the network stack, although exact details of the flaw remained unknown. Now according to researchers from Crowdstrike, the security bug, if left unpatched, could allow a bad actor to achieve remote code execution via an NTLM relay.
DreamBus Botnet – Technical Analysis
www.zscaler.com/blogs/security-research/dreambus-botnet-technical-analysis
Security Advisory: MSRPC Printer Spooler Relay (CVE-2021-1678)
www.crowdstrike.com/blog/cve-2021-1678-printer-spooler-relay-security-advisory/ On Patch Tuesday, January 12, 2021, Microsoft released a patch for CVE-2021-1678, an important vulnerability discovered by CrowdStrike® researchers. This vulnerability allows an attacker to relay NTLM authentication sessions to an attacked machine, and use a printer spooler MSRPC interface to remotely execute code on the attacked machine. A similar MSRPC relay first appeared in “Relaying NTLM authentication over RPC” by Sylvain Heiniger from Compass Security. In his blog, Sylvain describes how he was able to take advantage of an insecure authentication level on an MSRPC interface to achieve remote code execution via NTLM relay.
Beware! Fully-Functional Released Online for SAP Solution Manager Flaw
thehackernews.com/2021/01/beware-fully-functional-released-online.html Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2
The Week in Ransomware – January 22nd 2021 – Calm before the storm
www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-22nd-2021-calm-before-the-storm/ This week’s biggest news is threat actors hacking the IObit forums to host malware for an IObit phishing scam that infected numerous people with the DeroHE ransomware.
Threat Roundup for January 15 to January 22
blogs.cisco.com/security/talos/threat-roundup-0115-0122 Also:
blog.talosintelligence.com/2021/01/threat-roundup-0115-0122.html
Bonobos clothing store suffers a data breach, hacker leaks 70GB database
Malware found on laptops given out by government
www.bbc.com/news/technology-55749959 Some of the laptops given out in England to support vulnerable children home-schooling during lockdown contain malware, BBC News has learned.
www.mas.gov.sg/-/media/MAS/Regulations-and-Financial-Stability/Regulatory-and-Supervisory-Framework/Risk-Management/TRM-Guidelines-18-January-2021.pdf
www.zdnet.com/article/fsb-warns-of-us-cyberattacks-after-biden-administration-comments/
As Bitcoin price surges, DDoS extortion gangs return in force
www.zdnet.com/article/as-bitcoin-price-surges-ddos-extortion-gangs-return-in-force/ Companies are receiving emails from cyber-criminals threatening large DDoS attacks unless a ransom is paid. Some groups are delivering on their threats.
FSB warns of US cyberattacks after Biden administration comments. Unclear if political trolling or actual fear. The Russian government has issued a security alert on Thursday evening warning Russian businesses of potential cyberattacks launched by the United States in response to the SolarWinds incident.
www.zdnet.com/article/fsb-warns-of-us-cyberattacks-after-biden-administration-comments/
Toimittajalta: Usean päivän nettikatkos oli hyvä muistutus siitä, miten suuri osa maailman ihmisistä edelleen elää
yle.fi/uutiset/3-11750707 Uganda sulki internetin viideksi päiväksi presidentinvaalien aikana.
Why do we fall for SMS phishing scams so easily?
www.welivesecurity.com/2021/01/22/why-do-we-fall-sms-phishing-scams-so-easily/ There’s one thing in particular that fraudsters are good at manipulation. Also, they constantly reform their craft, adopting new techniques in order to tempt people to do what they would otherwise “hopefully” think twice about. Many of us have become accustomed to classic phishing emails, and more and more people share best practices and awareness advice.
