- Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover
July 17, 2020
About 8,000 users of F5 Networks’ BIG-IP family of networking devices are still vulnerable to full system access and remote code-execution (RCE), despite a patch for a critical flaw being available for two weeks.
The BIG-IP family consists of application delivery controllers, Local Traffic Managers (LTMs) and domain name system (DNS) managers, together offering built-in security, ...
- Caught in the Crossfire: Defending Devices From Battling Botnets
July 15, 2020
Strength in numbers is the main principle behind botnets, networks of devices that have been infected and turned into bots to be used in performing attacks and other malicious activities. With the dawn of the internet of things (IoT), botnet developers have found a new domain to conquer, but there they must compete with one ...
- Critical DNS Bug Opens Windows Servers to Infrastructure Hijacking
July 14, 2020
A critical Microsoft Windows Server bug opens company networks to hackers, allowing them to potentially seize control of IT infrastructures. Microsoft issued a patch for the bug on Tuesday as part of its July Patch Tuesday roundup.
It turns out that the bug is 17 years old. Impacted are Windows Server versions from 2003-2019. The bug, ...
- Patch Now: F5 Vulnerability with CVSS 10 Severity Score
July 7, 2020
F5 Networks, a provider of networking devices and services, urges users to patch their BIG-IP networking systems as soon as possible, after the provider disclosed two vulnerabilities. First of these is CVE-2020-5902, a critical remote code execution (RCE) vulnerability found in BIG-IP device’s Traffic Management User Interface (TMUI).
CVE-2020-5902 received a 10 out of 10 score on the Common ...
- CISA: Nation-State Attackers Likely to Take Aim at Palo Alto Networks Bug
June 30, 2020
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that foreign hackers are likely to exploit a newly disclosed, critical vulnerability in a raft of Palo Alto Networks firewalls and enterprise VPN appliances, which allows for device takeover without authentication.
The Department of Defense (DoD) arm that oversees cyberspace operations has advised all devices affected ...
- Black Kingdom ransomware hacks networks with Pulse VPN flaws
June 13, 2020
Operators of Black Kingdom ransomware are targeting enterprises with unpatched Pulse Secure VPN software or initial access on the network, security researchers have found.
The malware got caught in a honeypot, allowing researchers to analyze and document the tactics used by the threat actors.
They’re exploiting CVE-2019-11510, a critical vulnerability affecting earlier versions of Pulse Secure VPN ...
- 6 New Vulnerabilities Found on D-Link Home Routers
June 12, 2020
On February 28, 2020, Palo Alto Networks’ Unit 42 researchers discovered six new vulnerabilities in D-Link wireless cloud routers running their latest firmware.
The vulnerabilities were found in the DIR-865L model of D-Link routers, which is meant for home network use. The current trend towards working from home increases the likelihood of malicious attacks against home ...
- NXNSAttack technique can be abused for large-scale DDoS attacks
May 19, 2020
A team of academics from Israel has disclosed today details about NXNSAttack, a vulnerability in DNS servers that can be abused to launch DDoS attacks of massive proportions.
According to the research team, NXNSAttack impacts recursive DNS servers and the process of DNS delegation.
Recursive DNS servers are DNS systems that pass DNS queries upstream in order to ...
- Remote spring: the rise of RDP bruteforce attacks
April 29, 2020
With the spread of COVID-19, organizations worldwide have introduced remote working, which is having a direct impact on cybersecurity and the threat landscape.
Alongside the higher volume of corporate traffic, the use of third-party services for data exchange, and employees working on home computers (and potentially insecure Wi-Fi networks), another headache for infosec teams is the ...
- DHS CISA: Companies are getting hacked even after patching Pulse Secure VPNs
April 17, 2020
Companies that run Pulse Secure VPN servers are still at risk of getting hacked, despite patching vulnerable systems, cyber-security agencies from the US and Japan have warned this month.
Pulse Secure VPN servers are enterprise-grade VPN gateways that companies use to let workers connect to internal company networks from across the internet.
Last year, a major vulnerability ...
- “Twin Flower” Campaign Jacks Up Network Traffic, Downloads Files, Steals Data
April 13, 2020
A campaign dubbed as “Twin Flower” (rough translation from Chinese) has been detected by Jinshan security researchers in a report published in Chinese. Trend Micro also analyzed related samples, which are detected as PUA.Win32.BoxMini.A, Trojan.JS.TWINFLOWER.A, and TrojanSpy.JS.TWINFLOWER.A. The files are believed to be downloaded unknowingly by users when visiting malicious sites or dropped into the system by ...
- DarkHotel hackers use VPN zero-day to breach Chinese government agencies
April 6, 2020
Foreign state-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees.
Attacks began last month, in March, and are believed to be related to the current coronavirus (COVID-19) outbreak.
Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, used to provide ...
- The remote-working rush is creating a playground for spies and cybercrooks
April 5, 2020
Hundreds of millions of people are now working from home as a result of the ongoing COVID-19 coronavirus outbreak.
Most organisations have a disaster recovery plan and a business continuity strategy in place to cope with the more predictable catastrophes, like a main office being unavailable for weeks or months. Far fewer are prepared for a crisis requiring ...
- FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG
April 2, 2020
As developers of the network simulation tool FakeNet-NG, reverse engineers on the FireEye FLARE team, and malware analysis instructors, we get to see how different analysts use FakeNet-NG and the challenges they face. We have learned that FakeNet-NG provides many useful features and solutions of which our users are often unaware. In this blog post, ...
- A mysterious hacker group is eavesdropping on corporate email and FTP traffic
March 28, 2020
Since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks, Chinese security firm Qihoo 360 said today.
In a report published on the blog of its network security division Netlab, Qihoo said its researchers detected two different threat actors, each exploiting ...
- New Mirai Variant Targets Zyxel Network-Attached Storage Devices
March 19, 2020
As soon as the proof-of-concept (PoC) for CVE-2020-9054 was made publicly available last month, this vulnerability was promptly abused to infect vulnerable versions of Zyxel network-attached storage (NAS) devices with a new Mirai variant – Mukashi.
Mukashi brute forces the logins using different combinations of default credentials, while informing its command and control (C2) server of the successful ...
- Wormable, Unpatched Microsoft Bug Threatens Corporate LANs
March 11, 2020
Microsoft is warning on a wormable, unpatched remote code-execution vulnerability in the Microsoft Server Message Block protocol – the same protocol that was targeted by the infamous WannaCry ransomware in 2017.
The critical bug (CVE-2020-0796) affects Windows 10 and Windows Server 2019, and was not included in Microsoft’s Patch Tuesday release this week.
The bug can be found in ...
- Billions of Devices Open to Wi-Fi Eavesdropping Attacks
February 26, 2020
A serious vulnerability in Wi-Fi chips has been discovered that affects billions of devices worldwide, according to researchers. It allows attackers to eavesdrop on Wi-Fi communications.
The bug (CVE-2019-15126) stems from the use of an all-zero encryption key in chips made by Broadcom and Cypress, according to researchers at ESET, which results in data decryption. This ...
- How to Identify and Control DoH On Your Network
February 25, 2020
Along with bandwidth, privacy and security are the major concerns shared by everybody and everything on the Internet. Engaging in man-in-the-middle style attacks, today hackers from cyber criminal organizations, state sponsored or masse surveillance interception, can intercept clear-text DNS lookups, track and monitor users’ activities or interfere with commerce and undermine confidence in the platform. ...
- Emotet Now Spreads via Wi-Fi
February 13, 2020
A new strain of Emotet was found spreading through wireless internet connections, deviating from the email spam campaigns that the malware commonly utilizes as a means of propagation. According to researchers from Binary Defense, this new loader type takes advantage of the wlanAPI interface to spread from an infected device to an unsecure Wi-Fi network.
Emotet was discovered by Trend ...