Infosec Overnights - Daily Security News Podcast Por Paul Torgersen arte de portada

Infosec Overnights - Daily Security News

Infosec Overnights - Daily Security News

De: Paul Torgersen
Escúchala gratis

Cyber Security moves much too quickly to wait for a weekly news recap. That’s why we’re here each and every weekday bringing you the relevant Information Security stories from overnight.

Make InfoSec Overnights part of your daily routine to ensure you and your team are up to the minute on the threats attacking your organization.Copyright Paul Torgersen Política y Gobierno
Episodios
  • Kimsuky Stealing Emails, NPM Cards Discord, IP Camera Hack, and more.

    Kimsuky Stealing Emails, NPM Cards Discord, IP Camera Hack, and more.
    Jul 29 2022
    A daily look at the relevant information security news from overnight - 29 July, 2022

    Episode 276 - 29 July 2022

    Kimsuky Stealing Emails- https://www.bleepingcomputer.com/news/security/cyberspies-use-google-chrome-extension-to-steal-emails-undetected/

    NPM Cards Discord -
    https://www.infosecurity-magazine.com/news/malicious-npm-packages-steal/

    Trojan Play Store Apps -
    https://thehackernews.com/2022/07/over-dozen-android-apps-on-google-play.html

    Phishing Countdown- https://www.zdnet.com/article/this-phishing-attack-uses-a-countdown-clock-to-panic-you-into-handing-over-passwords/

    IP Camera Hack -
    https://thehackernews.com/2022/07/dahua-ip-camera-vulnerability-could-let.html

    Hi, I’m Paul Torgersen. It’s Friday July 29th, 2022 and this is a look at the information security news from overnight.

    From BleepingComputer.com:
    A North Korean-backed threat group tracked as Kimsuky is using a malicious browser extension to steal emails from Google Chrome or Microsoft Edge users reading their webmail. The malware, called SHARPEXT supports Chrome, Edge and Whale browsers and can steal mail from Gmail and AOL accounts. Details in the article.

    From InfoSecurity-Magazine.com:

    Researchers have discovered a supply chain attack using malicious npm packages, this time targeting Discord users. The purpose of the campaign, named LofyLife, appears to be to steal Discord tokens and users’ credit card data. Kaspersky said it identified four suspicious packages which feature obfuscated Python and JavaScript code. Details and a link to the write up inside.

    From TheHackerNews.com:
    Another 17 so-called productivity apps have been uncovered and removed from the Google Play store. The apps did perform some basic tasks they advertise, but they were also dropping in malicious apps like Octo, Hydra, Ermac, and TeaBot. See the full list of affected apps in the article and make sure you delete those puppies.

    From ZDNet.com:
    A new phishing attack has taken a page out of the ransomware playbook by using a countdown clock to pressure victims into entering their username and password. At the end of the countdown they would be permanently locked out of whatever account is being targeted. Obviously nothing actually changes when the countdown reaches zero, but for some less sophisticated users, this could be very compelling.

    And last, from TheHackerNews.com:
    A security vulnerability in Dahua's Open Network Video Interface Forum standard implementation (ONVIF), can lead to a threat actor seizing control of IP cameras. ONVIF governs an open standard for how IP-based physical security products communicate with one another in a vendor-agnostic manner. I’m sure you can understand how some nation-state bad guys would be very interested in tapping into live video feeds. Get your patch on kids.

    That’s all for me. Have a great weekend. If you like this podcast, please spread the word, and until next time, be safe out there.
    Más Menos
    3 m
  • NetStandard Knocked Offline, Moxa NPort Flaws, Twitter Data Sale, and more.

    NetStandard Knocked Offline, Moxa NPort Flaws, Twitter Data Sale, and more.
    Jul 28 2022
    A daily look at the relevant information security news from overnight - 28 July, 2022

    Episode 275 - 28 July 2022

    NetStandard Knocked Offline- https://www.bleepingcomputer.com/news/security/kansas-msp-shuts-down-cloud-services-to-fend-off-cyberattack/

    Moxa NPort Flaws -
    https://www.securityweek.com/moxa-nport-device-flaws-can-expose-critical-infrastructure-disruptive-attacks

    Post Macro Tactics -
    https://www.infosecurity-magazine.com/news/hackers-change-tactics-for-new/

    Naughty Knotweed- https://thehackernews.com/2022/07/microsoft-uncover-austrian-company.html

    Twitter Data Sale -
    https://www.infosecurity-magazine.com/news/criminal-twitter-users-data/

    Hi, I’m Paul Torgersen. It’s Thursday July 28th, 2022 and this is a look at the information security news from overnight.

    From BleepingComputer.com:
    Managed service provider NetStandard suffered a cyberattack causing the company to shut down its MyAppsAnywhere cloud services. The company said Hosted GP, Hosted CRM, Hosted Exchange, and Hosted Sharepoint will be offline until further notice, but that no other services were impacted. That being said, their main website remains down as well. No word on threat actor or malware involved, but it is assumed to be a ransomware hit.

    From SecurityWeek.com:
    Two high severity flaws have been found in the NPort 5110 device servers from Moxa. The vulnerabilities can be exploited remotely to cause the targeted device to enter a denial of service condition. The only way to regain control of the device is to physically power it down, which might present a challenge as many of these devices are in very remote locations. These things are designed to connect to Ethernet networks and should not be exposed to the internet. However, a Shodan search found at least 5,300 of them that are. Now some of these may be honeypots, but they’re not ALL honeypots. Customers should contact Moxa for a security patch.

    From InfoSecurity-Magazine.com:
    Since Microsoft announced they would disable macros by default, the use of macro-enabled attachments by threat actors decreased by around 66% between October 2021 and June 2022. Awesome. But, where there’s a will there's a way. In that same timeframe, the number of malicious campaigns using container file formats jumped up 176%. These formats include ISO, RAR, ZIP and IMG files that contain macro-enabled docs. Now the ISO and RAR formats will still have the Mark of the Web, meaning they originated from the internet and their macros would be blocked, but the files within them would not. Link to the ProofPoint research in the article.

    From TheHackerNews.com:
    A threat actor tracked as Knotweed, used several Windows and Adobe zero-day exploits in highly-targeted attacks against targets in Europe and Central America. They are actually an Austrian outfit called DSIRF that supposedly sells general security and information analysis services to commercial customers. As a side gig, they created a cyberweapon called Subzero, which can hack phones, computers, and internet-connected devices. Talk about vertical integration.

    And last, from InfoSecurity-Magazine.com:
    A user named devil is selling a database of 5.4 million Twitter users' information on the Breached Forums site. They say it contains the phone numbers and email addresses of users, including celebrities and companies, and is asking for $30,000. Twitter is investigating the issue, which the seller said exploited a vulnerability in its systems that allows someone to find additional user information, even if that user has it hidden in privacy settings.

    That’s all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
    Más Menos
    4 m
  • WordFly Breach, Now IIS See You, No Knock Nuki, and more.

    WordFly Breach, Now IIS See You, No Knock Nuki, and more.
    Jul 28 2022
    A daily look at the relevant information security news from overnight - 27 July, 2022

    Episode 274 - 27 July 2022

    WordFly Breach- https://www.securityweek.com/mailing-list-provider-wordfly-scrambling-recover-following-ransomware-attack

    Now IIS See You -
    https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-servers-increasingly-hacked-with-iis-backdoors/

    Messaging Threats -
    https://threatpost.com/messaging-apps-cybercriminals/180303/

    Robin Banks Phishing Service- https://www.bleepingcomputer.com/news/security/new-robin-banks-phishing-service-targets-bofa-citi-and-wells-fargo/

    No Knock Nuki -
    https://www.securityweek.com/nuki-smart-lock-vulnerabilities-allow-hackers-open-doors

    Hi, I’m Paul Torgersen. It’s Wednesday July 27th, 2022 and this is a look at the information security news from overnight.

    From SecurityWeek.com:
    Mailing list provider WordFly has been offline for more than two weeks after a ransomware attack encrypted data on some of its systems. The attack hit on July 10, and the company hasn’t been able to restore service since. The company confirms data was exfiltrated, but believes it was subsequently deleted. They expect to be down at least another few days before they get systems operational again. No word on the malware or threat actor.

    From BleepingComputer.com:
    Attackers are increasingly using Internet Information Services, IIS, web server extensions to backdoor unpatched Exchange servers. Being installed in the exact location and using the same structure as legitimate modules, they provide attackers' with a perfect and durable persistence mechanism. Details and a link to the Microsoft report in the article.

    From ThreatPost.com:
    Threat actors are tapping the multi-feature nature of messaging apps such as Telegram and Discord as a foundation in persistent campaigns that threaten users. Intel 471 identified three key ways in which threat actors are leveraging the apps: storing stolen data, hosting malware payloads, and using bots that perform the dirty work. Details and a link inside.

    From BleepingComputer.com:
    A new phishing as a service platform has shown up with the name Robin Banks. As you may have guessed, it offers ready-made phishing kits targeting the customers of well-known banks. Companies like Citibank, Bank of America, Capital One, Wells Fargo, etc. Oh, they also offer templates to steal Microsoft, Google, Netflix, and T-Mobile accounts. Pricing from $50 to $200 a month.

    And last, from SecurityWeek.com:
    Security researchers have documented 11 vulnerabilities impacting Nuki smart lock products, you may not be able to see my air quotes. Nuki Smart Lock and Nuki Bridge, allow users to unlock their doors with their smartphones by simply walking in range. Brilliant. Exploiting the found vulnerabilities could result in a fully compromised device, including the ability to open and close the door without the owner even noticing. After being notified of the flaws in April, Nuki has issued patches this month.

    That’s all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
    Más Menos
    3 m
Todavía no hay opiniones