Share

RSS

More Articles…

• Procedural Security Analysis – Thank you for contacting us!
• Zombie phishing: beware of emails, it could be zombies
• Social engineering: how hackers scam their victims
• What is phishing? Understanding and identifying social engineering attacks
• Avoid Ransomware: That’s why it’s best not to take any risks
• Double extortion ransomware: What they are and how to defend yourself
• Zero-Day attack: what they are and how to defend yourself with SOCaaS
• Monitoring system, an overview

Categories …

• Backup as a Service (2)
  • Acronis Cloud Backup (10)
  • Veeam Cloud Connect (4)
• Cloud Conference (3)
• Cloud CRM (1)
• Cloud Server/VPS (20)
• Conferenza Cloud (4)
• ICT Monitoring (4)
• Log Management (2)
• News (17)
• ownCloud (4)
• Privacy (6)
• Secure Online Desktop (14)
• Security (6)
  • Ethical Phishing (2)
  • SOCaaS (11)
    • SIEM (3)
    • UEBA (3)
  • Vulnerabilities (83)
• Web Hosting (12)

Tags

Dark Reading:

• Kia Denies Ransomware Attack as IT Outage Continues February 19, 2021
  Kia Motors America states there is no evidence its recent systems outage was caused by a ransomware attack.
• Attackers Already Targeting Apple's M1 Chip with Custom Malware February 19, 2021
  A proof-of-concept program infects systems with ARM64-compiled binaries and then reaches out to download additional functionality.
• Omdia's On-Demand Webinars February 19, 2021
• How to Fine-Tune Vendor Risk Management in a Virtual World February 19, 2021
  Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.
• Microsoft Concludes Internal Investigation into Solorigate Breach February 18, 2021
  The software giant found no evidence that attackers gained extensive access to services or customer data.
• CrowdStrike Buys Log Management Startup Humio for $400M February 18, 2021
  CrowdStrike plans to use Humio's technology to continue building out its extended detection and response platform.
• Apple Offers Closer Look at Its Platform Security Technologies, Features February 18, 2021
  In a nearly 200-page document, company offers a detailed overview of Secure Enclave and multiple other security controls in Apple silicon-based Macs and other platforms.
• Microsoft Azure Front Door Gets a Security Upgrade February 18, 2021
  New SKUs in Standard and Premium preview beef up the security of the content delivery network platform.
• Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy February 18, 2021
  Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.
• Data Security Accountability in an Age of Regular Breaches February 18, 2021
  As the number of vendors impacted by supply chain breaches grows, one constant question remains: Where exactly does accountability for data security lie, and what part do end users play in their own data breach protection?

Full Disclosure

• [KIS-2021-02] docsify <= 4.11.6 DOM-based Cross-Site Scripting Vulnerability February 20, 2021
  Posted by research on Feb 19-------------------------------------------------------------- docsify
• Backdoor.Win32.Bionet.10 / Anonymous Logon February 19, 2021
  Posted by malvuln on Feb 19Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/be559307f5cd055f123a637b1135c8d3.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Bionet.10 Vulnerability: Anonymous Logon Description: The backdoor listens on TCP port 12348 and allows anonymous logon credentials to be used to access an infected host. Type: PE32 MD5: be559307f5cd055f123a637b1135c8d3 Vuln ID:...
• Backdoor.Win32.DarkKomet.apcc / Insecure Permissions February 19, 2021
  Posted by malvuln on Feb 19Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/8c82de32ab2b407451b9fc054c09f717.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkKomet.apcc Vulnerability: Insecure Permissions Description: DarkKomet.apcc creates an insecure directory under c:\ drive granting change (C) permissions to the authenticated user group and drops an EXE named...
• Backdoor.Win32.DarkKomet.bhfh / Insecure Permissions February 19, 2021
  Posted by malvuln on Feb 19Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/2e507b75c0df0fcb2f9a85f4a0c1bc04.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkKomet.bhfh Vulnerability: Insecure Permissions Description: DarkKomet.bhfh creates a hidden insecure directory under c:\ drive granting change (C) permissions to the authenticated user group. The backdoor also drops an EXE named...
• Multiple remote memory corruptions in Telegram's handling of animated stickers February 19, 2021
  Posted by polict of Shielder on Feb 19I have recently found and reported 13 memory corruptions to Telegram (https://telegram.org), you can find the just-published technical blog post at https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/ and advisories at https://www.shielder.it/advisories/ The vulnerable official clients for android, ios and macos have already been patched on september 30 and october 2, have a look […]
• [CSA-2021-001] Cross-Site Request Forgery in Apache MyFaces February 19, 2021
  Posted by Certitude - Advisories on Feb 19~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ Ceritude Securiy Advisory - CSA-2021-001 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ PRODUCT […]
• Backdoor.Win32.Agent.aak / Remote Buffer Overflow February 19, 2021
  Posted by malvuln on Feb 18Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a_C.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Remote Buffer Overflow Description: The HTTP backdoor server HBKDR v0.3 listens on TCP port 8080 and accepts HTTP POST requests, by sending a specially crafted HTTP HEAD request payload […]
• Backdoor.Win32.Agent.aak / Cross Site Request Forgery (CSRF) - Code Execution February 19, 2021
  Posted by malvuln on Feb 18Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a_B.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Cross Site Request Forgery (CSRF) - Code Execution Description: Backdoor HTTP server HBKDR v0.3 executes commands on the infected host using an HTML form with POST method. The HTML […]
• Backdoor.Win32.Agent.aak / Weak Hardcoded Credentials February 19, 2021
  Posted by malvuln on Feb 18Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Weak Hardcoded Credentials Description: The HTTP backdoor server HBKDR v0.3 listens on TCP port 8080 and accepts HTTP POST requests in order to execute commands on the infected system. […]
• Rigged Race Against Firejail for Local Root: Using pipes/ptys to win races February 19, 2021
  Posted by Roman Fiedler on Feb 18Hello List, 100% reliable exploitation of file system time races (TOCTOU vulnerabilities) may be hard as the timing depends on numerous target system parameters (CPU cores, load, memory pressure, file system type, ...). Instead of optimizing the exploit to win the real race, the timing of Firejail stderr and […]