- Network Attack Trends: Attackers Leveraging High Severity and Critical Exploits
September 15, 2020
From May 1-July 21, 2020, Unit 42 researchers captured global network traffic from firewalls around the world and then analyzed the data to examine the latest network attack trends. The majority of attacks we observed were classified as high severity (56.7%), and nearly one quarter (23%) were classified as critical. The most common vulnerabilities exploited ...
- Upgraded Agent Tesla malware steals passwords from browsers, VPNs
August 10, 2020
New variants of Agent Tesla remote access Trojan now come with modules dedicated to stealing credentials from applications including popular web browsers, VPN software, as well as FTP and email clients.
Agent Tesla is a commercially available .Net-based infostealer with both remote access Trojan (RAT) and with keylogging capabilities active since at least 2014.
This malware is ...
- Cisco alert: Four high-severity flaws in routers, switches and AnyConnect VPN for Windows
August 6, 2020
Cisco is urging customers to update small business switches, its DNA Center software, routers with its StarOS software, and its AnyConnect Secure Mobility VPN client for Windows.
Cisco has disclosed a bug in the IPv6 packet processing engine of several Cisco Small Business Smart and Managed Switches that could allow a remote attacker without credentials to ...
- Hacker leaks passwords for 900+ enterprise VPN servers
August 5, 2020
A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers.
ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community.
According to a review, the list ...
- Iranian hacker group becomes first known APT to weaponize DNS-over-HTTPS (DoH)
August 4, 2020
An Iranian hacking group known as Oilrig has become the first publicly known threat actor to incorporate the DNS-over-HTTPS (DoH) protocol in its attacks.
Speaking in a webinar last week, Vincente Diaz, a malware analyst for antivirus maker Kaspersky, said the change happened in May this year when Oilrig added a new tool to its hacking ...
- Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns
July 27, 2020
Cisco is warning that a high-severity flaw in its network security software is being actively exploited – allowing remote, unauthenticated attackers to access sensitive data.
Patches for the vulnerability (CVE-2020-3452) in question, which ranks 7.5 out of 10 on the CVSS scale, were released last Wednesday. However, attackers have since been targeting vulnerable versions of the software, ...
- Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-1350
July 21, 2020
In July 2020, Microsoft released a security update, CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability, for a new remote code execution (RCE) vulnerability.
This vulnerability exists within the Microsoft Windows Domain Name System (DNS) Server due to the improper handling of certain types of requests, specifically over port 53/TCP. Exploitation of this vulnerability is ...
- Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover
July 17, 2020
About 8,000 users of F5 Networks’ BIG-IP family of networking devices are still vulnerable to full system access and remote code-execution (RCE), despite a patch for a critical flaw being available for two weeks.
The BIG-IP family consists of application delivery controllers, Local Traffic Managers (LTMs) and domain name system (DNS) managers, together offering built-in security, ...
- Caught in the Crossfire: Defending Devices From Battling Botnets
July 15, 2020
Strength in numbers is the main principle behind botnets, networks of devices that have been infected and turned into bots to be used in performing attacks and other malicious activities. With the dawn of the internet of things (IoT), botnet developers have found a new domain to conquer, but there they must compete with one ...
- Critical DNS Bug Opens Windows Servers to Infrastructure Hijacking
July 14, 2020
A critical Microsoft Windows Server bug opens company networks to hackers, allowing them to potentially seize control of IT infrastructures. Microsoft issued a patch for the bug on Tuesday as part of its July Patch Tuesday roundup.
It turns out that the bug is 17 years old. Impacted are Windows Server versions from 2003-2019. The bug, ...
- Patch Now: F5 Vulnerability with CVSS 10 Severity Score
July 7, 2020
F5 Networks, a provider of networking devices and services, urges users to patch their BIG-IP networking systems as soon as possible, after the provider disclosed two vulnerabilities. First of these is CVE-2020-5902, a critical remote code execution (RCE) vulnerability found in BIG-IP device’s Traffic Management User Interface (TMUI).
CVE-2020-5902 received a 10 out of 10 score on the Common ...
- CISA: Nation-State Attackers Likely to Take Aim at Palo Alto Networks Bug
June 30, 2020
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that foreign hackers are likely to exploit a newly disclosed, critical vulnerability in a raft of Palo Alto Networks firewalls and enterprise VPN appliances, which allows for device takeover without authentication.
The Department of Defense (DoD) arm that oversees cyberspace operations has advised all devices affected ...
- Black Kingdom ransomware hacks networks with Pulse VPN flaws
June 13, 2020
Operators of Black Kingdom ransomware are targeting enterprises with unpatched Pulse Secure VPN software or initial access on the network, security researchers have found.
The malware got caught in a honeypot, allowing researchers to analyze and document the tactics used by the threat actors.
They’re exploiting CVE-2019-11510, a critical vulnerability affecting earlier versions of Pulse Secure VPN ...
- 6 New Vulnerabilities Found on D-Link Home Routers
June 12, 2020
On February 28, 2020, Palo Alto Networks’ Unit 42 researchers discovered six new vulnerabilities in D-Link wireless cloud routers running their latest firmware.
The vulnerabilities were found in the DIR-865L model of D-Link routers, which is meant for home network use. The current trend towards working from home increases the likelihood of malicious attacks against home ...
- NXNSAttack technique can be abused for large-scale DDoS attacks
May 19, 2020
A team of academics from Israel has disclosed today details about NXNSAttack, a vulnerability in DNS servers that can be abused to launch DDoS attacks of massive proportions.
According to the research team, NXNSAttack impacts recursive DNS servers and the process of DNS delegation.
Recursive DNS servers are DNS systems that pass DNS queries upstream in order to ...
- Remote spring: the rise of RDP bruteforce attacks
April 29, 2020
With the spread of COVID-19, organizations worldwide have introduced remote working, which is having a direct impact on cybersecurity and the threat landscape.
Alongside the higher volume of corporate traffic, the use of third-party services for data exchange, and employees working on home computers (and potentially insecure Wi-Fi networks), another headache for infosec teams is the ...
- DHS CISA: Companies are getting hacked even after patching Pulse Secure VPNs
April 17, 2020
Companies that run Pulse Secure VPN servers are still at risk of getting hacked, despite patching vulnerable systems, cyber-security agencies from the US and Japan have warned this month.
Pulse Secure VPN servers are enterprise-grade VPN gateways that companies use to let workers connect to internal company networks from across the internet.
Last year, a major vulnerability ...
- “Twin Flower” Campaign Jacks Up Network Traffic, Downloads Files, Steals Data
April 13, 2020
A campaign dubbed as “Twin Flower” (rough translation from Chinese) has been detected by Jinshan security researchers in a report published in Chinese. Trend Micro also analyzed related samples, which are detected as PUA.Win32.BoxMini.A, Trojan.JS.TWINFLOWER.A, and TrojanSpy.JS.TWINFLOWER.A. The files are believed to be downloaded unknowingly by users when visiting malicious sites or dropped into the system by ...
- DarkHotel hackers use VPN zero-day to breach Chinese government agencies
April 6, 2020
Foreign state-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees.
Attacks began last month, in March, and are believed to be related to the current coronavirus (COVID-19) outbreak.
Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, used to provide ...
- The remote-working rush is creating a playground for spies and cybercrooks
April 5, 2020
Hundreds of millions of people are now working from home as a result of the ongoing COVID-19 coronavirus outbreak.
Most organisations have a disaster recovery plan and a business continuity strategy in place to cope with the more predictable catastrophes, like a main office being unavailable for weeks or months. Far fewer are prepared for a crisis requiring ...