Vulnerability: CVE-2018-0228 – Cisco ASA DOS Vulnerability
A vulnerability has been discovered in the ingress flow creation functionality of the Cisco Adaptive Security Appliance (ASA). This vulnerability could potentially allow an unauthenticated, remote attacker to send a steady stream of malicious IP packets to DoS (denial of service) and infect the system by maxing out CPU usage. A DoS of this type […]
Method: Roaming Mantis Malware
Kaspersky Labs has detailed Android malware mainly targeting Chinese and Korean users. The malware is designed to steal two-factor authentication codes for Google accounts sent via SMS/MMS. Kaspersky Labs has detailed a lot of the interesting technical elements of the malware. For example, command and control for samples analyzed were found to lookup strings of […]
Target: Ikea TaskRabbit – Security Breach
The Ikea owned application TaskRabbit announced a security breach had occurred that could have left user account credentials vulnerable. Unauthorized attackers gained access to the system exposing account details such as usernames and passwords. It is still unclear if any user personal payment information had been exploited. The application was taken offline and the situation […]
Attacker: Grizzly Steppe
Russian state-sponsored cyber actors appear to be performing worldwide cyber exploitation of enterprise-class and SOHO/residential network infrastructure devices (e.g., router, switch, firewall, Network-based Intrusion Detection System (NIDS) devices). This campaign, particularly the choice of protocols and devices appears to have some overlap with earlier reports detailing the vulnerability CVE-2018-0171, as well as, reports detailing cyber-attacks […]
Vulnerability: Trustjacking
A new iPhone vulnerability was disclosed at the RSA Conference in San Francisco. The vulnerability allows persistent control over an iPhone device without it being physically connected to a computer. With just a simple tap by the iOS device owner when connected to the same network as the attacker, the network link grants permanent control […]
Method: PyRoMine Malware
In early April, Fortinet’s FortiGuard Labs discovered a cryptocurrency mining malware that leverages EternalRomance, a remote code execution attack, that was coined, PyRoMine. The EternalRomance exploit was initially discovered in the giant “treasure trove” that was the NSA data leak last year thanks to the ShadowBrokers. The malware can be found in the form of […]
Vulnerability: CVE-2018-0171 – Cisco IOS and IOS XE Software Smart Install – Remote Code Execution
Cisco has disclosed a vulnerability in the Smart Install feature of the Cisco IOS Software and Cisco IOS XE Software. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on affected switches as well as leverage this vulnerability to cause the devices to reload, which will result in a temporary DoS while […]
Vulnerability: CVE-2018-7600 – Drupal core – Remote Code Execution
A vulnerability has been discovered that could allow criminals to execute code remotely on websites that are running Drupal. Drupal is a Content Management System (CMS) that is used by more than 1 million websites worldwide. According to W3techs.com, Drupal is third most popular CMS, only behind Joomla and WordPress. The discovered vulnerability can be […]
Attacker: Actor – Mabna Institute / Silent Librarian
The Mabna Institute, also known as the threat actor “Silent Librarian” (Phishlabs), is a group of nine Iranian citizens that have been charged in a computer hacking campaign. The campaign compromised various targets, such as US and foreign universities, private companies, and US government entities. Several specific targets were identified by PhishLabs and the FBI, […]
Target: Expedia Orbitz – 880K data breach
Travel giant Expedia Orbitz, has disclosed a security data breach that’s affected at least 880,000 customer payment cards. It appears that the attackers had potential access to the data between the Oct. 1, 2017 and Dec. 22, 2017. The investigation revealed that the attackers had potentially exposed customer names, addresses, payment card information and email […]
Method: TA 18-086A: Brute Force Attacks / Password Spraying
In March 2018, the Department of Justice indicted nine Iranian nationals for conducting brute force style attacks against organizations in the United States utilizing a technique referred to as “Password Spraying”. Characteristically, brute force attacks attempt to authenticate credentials by guessing the password of a single user account, however accounts now will typically lock out […]
MyFitnessPal Hack – 150 million users were affected
Athletic Apparel & Footwear mogul Under Armour announced that their popular fitness app, MyFitnessPal, has suffered from a massive data breach. Investigation has revealed that somewhere close to 150 million accounts have been compromised. The account information exposed includes: usernames, email addresses and hashed passwords. Under Armour revealed that no credit card information or other […]