Ειδοποιήσεις

A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers.

Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called “Gitpaste-12,” which used GitHub to host malicious code containing as many as 12 known attack modules that are executed via commands downloaded from a Pastebin URL.

The attacks occurred during a 12-day period starting from October 15, 2020, before both the Pastebin URL and repository were shut down on October 30, 2020.

Now according to Juniper, the second wave of attacks began on November 10 using payloads from a different GitHub repository, which, among others, contains a Linux crypto-miner (“ls”), a file with a list of passwords for brute-force attempts (“pass”), and a local privilege escalation exploit for x86_64 Linux systems.

Read more »

Trojanized versions of SolarWinds’ Orion IT monitoring and management software have been used in a supply chain attack leading to the breach of government and high-profile companies after attackers deployed a backdoor dubbed SUNBURST or Solorigate.

The list of victims of this large scale attack, coordinated by what Microsoft and FireEye consider to be nation-state hackers, include several federal agencies such as the US Treasury and the US National Telecommunications and Information Administration (NTIA), as first reported by Reuters.

SolarWinds’ customer listing (with over 300,000 customers worldwide) includes over 425 of the US Fortune 500, all top ten US telecom companies, hundreds of universities and colleges, all five branches of the US Military, the US Pentagon, the State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States.

Read more »

Sophos has deployed a hotfix for their line of Cyberoam firewalls and routers to fix a SQL injection vulnerability. Sophos purchased firewall and router maker Cyberoam Technologies in 2014 and has been offering free upgrades to their XG Firewall OS since 2019.

Today, Sophos disclosed that a SQL injection vulnerability was fixed in the Cyberoam (CROS) operating system that could remotely add accounts to a CROS device.

“A pre-authentication SQL injection vulnerability was recently discovered and fixed on Cyberoam operating system (CROS) devices. This type of vulnerability could allow SQL statements to be executed remotely, but only if the administration interface (HTTPS admin service) was exposed on the WAN zone,” the Sophos advisory explains.

Read more »

Την Τετάρτη 9 Δεκεμβρίου 2020, ο Ευρωπαϊκός Οργανισμός Φαρμάκων, που βρίσκεται στο Άμστερνταμ, δέχτηκε επιτυχή κυβερνοεπίθεση. Οι επιτιθέμενοι απέκτησαν πρόσβαση σε έγγραφα που σχετίζονται με το εμβόλιο κατά της νόσου COVID-19.

Read more »

VMware has released security updates to address a zero-day vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.

The vulnerability is a command injection bug tracked as CVE-2020-4006 and publicly disclosed two weeks ago.

While it did not issue any security updates at the time it disclosed the zero-day, VMware provided a workaround to help admins mitigate the bug on affected devices.

If successfully exploited, the vulnerability enables attackers to escalate privileges and execute commands on the host Linux and Windows operating systems.

Read more »