Share

RSS

More Articles…

• Event Overload? Our SOCaaS can help!
• Business email compromise (BEC) schemes
• XDR as an approach to security
• What is threat intelligence?
• Data Loss Prevention: definition and uses
• Prevent shoulder surfing and theft of corporate credentials
• HTTP / 3, everything you need to know about the latest version protocol
• Machine learning and cybersecurity: UEBA applications and security

Categories …

• Backup as a Service (2)
  • Acronis Cloud Backup (11)
  • Veeam Cloud Connect (4)
• Cloud Conference (3)
• Cloud CRM (1)
• Cloud Server/VPS (20)
• Conferenza Cloud (4)
• ICT Monitoring (4)
• Log Management (2)
• News (17)
• ownCloud (4)
• Privacy (6)
• Secure Online Desktop (14)
• Security (9)
  • Ethical Phishing (5)
  • SOCaaS (17)
    • SIEM (8)
    • SOAR (2)
    • UEBA (5)
  • Vulnerabilities (83)
• Web Hosting (15)

Tags

Dark Reading:

• How North Korean APT Kimsuky Is Evolving Its Tactics May 7, 2021
  Researchers find differences in Kimsuky's operations that lead them to divide the APT into two groups: CloudDragon and KimDragon.
• Most Organizations Feel More Vulnerable to Breaches Amid Pandemic May 7, 2021
  More than half of business see the need for significant long-term changes to IT due to COVID-19, research finds.
• FBI, NSA, CISA & NCSC Issue Joint Advisory on Russian SVR Activity May 7, 2021
  The report provides additional details on tactics of Russia's Foreign Intelligence Service following public attribution of the group to last year's SolarWinds attack.
• The Edge Pro Quote: Password Empowerment May 7, 2021
  Despite being a pain in the neck, passwords may hold a psychological purpose that security pros should take into account.
• Defending Against Web Scraping Attacks May 7, 2021
  Web scraping attacks, like Facebook's recent data leak, can easily lead to more significant breaches.
• 11 Reasons Why You Sorta Love Passwords May 7, 2021
  We asked you to tell the truth about why you secretly love passwords. From the heartfelt to the hilarious, here's what you had to say.
• Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security May 7, 2021
  Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week.
• Troy Hunt: Organizations Make Security Choices Tough for Users May 6, 2021
  The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges.
• New Techniques Emerge for Abusing Windows Services to Gain System Control May 6, 2021
  Organizations should apply principles of least privilege to mitigate threats, security researcher says.
• Google Plans to Automatically Enable Two-Factor Authentication May 6, 2021
  The company plans to automatically enroll users in two-step verification if their accounts are properly configured.

Full Disclosure

• Backdoor.Win32.NinjaSpy.c / Remote Command Execution May 7, 2021
  Posted by malvuln on May 07Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/6eece319bc108576bd1f4a8364616264_B.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.NinjaSpy.c Vulnerability: Remote Command Execution Description: The malware listens on TCP ports 2003, 2004 and drops a DLL named "cmd.dll" under Windows dir. Connecting to port 2003, you will get back […]
• Packed.Win32.Black.d / Unauthenticated Open Proxy May 7, 2021
  Posted by malvuln on May 07Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/3a36d7ab34b3241aa2a9072700e0cb7c.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Packed.Win32.Black.d Vulnerability: Unauthenticated Open Proxy Description: The malware listens on TCP ports 1080 and 8080 and drops a hidden executable named "Hacker.com.cn.exe" under Windows dir" that runs with SYSTEM integrity....
• Backdoor.Win32.Floder.gqe / Insecure Permissions May 7, 2021
  Posted by malvuln on May 07Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/0629e3b2ab8a973a3e37e4e97cb9cfea.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Floder.gqe Vulnerability: Insecure Permissions Description: The malware creates an hidden insecure dir named "RECYCLER" under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can...
• Trojan.Win32.Siscos.bqe / Insecure Permissions May 7, 2021
  Posted by malvuln on May 07Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/b4a35ae6dcceea6390769829b4e1506f.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Siscos.bqe Vulnerability: Insecure Permissions Description: The malware creates a insecure dir named "Windupdt" under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can rename the...
• Trojan.Win32.Agent.xdtv / Insecure Permissions May 7, 2021
  Posted by malvuln on May 07Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/ffa9b76f9549a2c46415c855a0911e8a.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Agent.xdtv Vulnerability: Insecure Permissions Description: The malware creates an insecure installation dir under "C:\Program Files (x86)" and grants full (F) permissions to the Everyone user group. Standard users can...
• Four vulnerabilities found in MikroTik's RouterOS May 7, 2021
  Posted by Q C on May 07Advisory: four vulnerabilities found in MikroTik's RouterOS Details ======= Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: no fix yet CVE: CVE-2020-20214, CVE-2020-20222, CVE-2020-20236, CVE-2020-20237 Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team Product Description ================== RouterOS is the operating system used on the MikroTik's devices, such as switch, […]
• Re: Four vulnerabilities found in MikroTik's RouterOS May 7, 2021
  Posted by Q C on May 07[Update 2021/05/05] Two CVEs have been assigned to two of these vulnerabilities. CVE-2020-20254: Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). CVE-2020-20253: Mikrotik RouterOs before 6.47 (stable tree) […]
• Re: Two vulnerabilities found in MikroTik's RouterOS May 7, 2021
  Posted by Q C on May 07[Update 2021/05/05] Two CVEs have been assigned to these vulnerabilities. CVE-2020-20267: Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. CVE-2020-20225: Mikrotik RouterOs before 6.47 (stable tree) […]
• Re: Three vulnerabilities found in MikroTik's RouterOS May 7, 2021
  Posted by Q C on May 07[Update 2021/05/04] Three CVEs have been assigned to these vulnerabilities. CVE-2020-20266: Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). CVE-2020-20264: Mikrotik RouterOs before 6.47 (stable tree) in the […]
• Re: Three vulnerabilities found in MikroTik's RouterOS May 7, 2021
  Posted by Q C on May 07[update 2021/05/04] Three CVEs have been assigned to these vulnerabilities. CVE-2020-20215: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. CVE-2020-20216: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from […]