Critical vulnerability security incident alert and mitigation firmware update
support.zyxel.eu/hc/en-us/articles/4402786248466-Security-Incident-Alert-Firewall-Series Zyxel devices with remote management are being targeted and there is active exploitation of the vulnerability. No CVE has been issued. Hotfix is being worked on. Mitigation is to separate remote management from other functions and restrict access to the remote management port. Mitigation firmware and instructions are available.
Proof of Concept exploit released for Cisco ASA vulnerability
therecord.media/cisco-devices-come-under-new-attacks-including-a-hacktivist-campaign/ After PoC for cross-site scripting vulnerability (CVE-2020-3580) was posted on Twitter, bug hunters as well as criminals started searching for vulnerable devices. The bug requires tricking a user with an account on the device’s admin interface to click a malicious link. Exploiting the bug allows the attacker to execute malicious code on the ASA and FTD management panel with admin privileges. PoC: https://twitter.com/ptswarm/status/1408050644460650502
Spear phishing campaign with new techniques aimed at aviation companies
www.fortinet.com/blog/threat-research/spear-phishing-campaign-with-new-techniques-aimed-at-aviation-companies FortiGuard Labs Threat Research Report goes through spear phishing campaign technical details ending with final payload of AsyncRAT, a tool to steal credentials and other sensitive data
Ransomware gangs now creating websites to recruit affiliates
www.bleepingcomputer.com/news/security/ransomware-gangs-now-creating-websites-to-recruit-affiliates/ Some Ransomware as a Service have been having to adapt to getting new affiliates to distribute the ransomware, after the topic was banned on Russian-speaking cybercrime forums. One of the RaaS providers, Himalaya, prohibits using the provided ransomare against healthcare, public, and non-profit organizations.
New ransomware variant uses Golang packer
www.crowdstrike.com/blog/new-ransomware-variant-uses-golang-packer/ CrowdStrike recently observed a ransomware sample borrowing implementations from previous HelloKitty and FiveHands variants and using a Golang packer compiled with the most recent version of Golang (Go1.16, released mid-February 2021). Golang-written malware and packers are not new, compiling it with the latest Golang (Go1.16) makes it challenging to debug for malware researchers. That’s because all necessary libraries are statically linked and included in the compiler binary and the function name recovery is difficult.
EA ignored domain vulnerabilities for months despite warnings and breaches
www.zdnet.com/article/ea-ignored-domain-vulnerabilities-for-months-despite-warnings-and-breaches/ Gaming giant Electronic Arts is facing even more criticism from the cybersecurity industry after ignoring warnings from cybersecurity researchers in December 2020 that multiple vulnerabilities left the company severely exposed to hackers.
One billion dollars lost by over-60s through online fraud in 2020
hotforsecurity.bitdefender.com/blog/one-billion-dollars-lost-by-over-60s-through-online-fraud-in-2020-says-fbi-26049.html According to a newly-published report by the FBI’s Internet Crime Complaint Center (IC3), the elderly are more at risk from falling victim to online fraud and internet scammers than ever before. In the IC3’s Elder Fraud Report, the FBI detailed that approximately 28% of all fraud losses are sustained by victims who are over 60 years old with losses totalling approaching US $1 billion.
What is the WireGuard VPN protocol?
blog.malwarebytes.com/101/2021/06/what-is-the-wireguard-vpn-protocol/ WireGuard is the newest player in the VPN protocol world and has many advantages over older types of protocols. Many experts are excited about WireGuard because it trims the fat to be faster and lighter than protocols like OpenVPN.