Cyber Defense Magazine February 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with over 108 pages of excellent content. 108 PAGESLOADED WITH EXCELLENT CONTENTLearn from the experts, cybersecurity best practicesFind out about upcoming information security related conferences, expos and trade shows. Always free, no strings attached. CLICK HERE AND GRAB THIS VERSION AND […]
CloudSEK has discovered a post on a well-known database sharing forum advertising the PII of 500,000 Indian citizens. While the threat actor does not mention the name of an organization, the data provided in the sample is clearly associated with a police exam conducted on 22 Dec 2019. Discovery of the leak CloudSEK’s proprietary risk […]
ESET experts uncovered a previously undocumented piece of malware that had been observed targeting high-performance computing clusters (HPC). ESET analyzed a new piece of malware, dubbed Kobalos, that was employed in attacks against high-performance computing clusters (HPC). The name Kobalos comes from a small sprite from Greek mythology, a mischievous creature fond of tricking and frightening mortals. Kobalos is a […]
Ransomware operators are exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, to encrypt virtual hard disks. Security experts are warning of ransomware attacks exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, to encrypt virtual hard disks. According to ZDNet, threat actors are using VMWare ESXi exploits to encrypt the disks of virtual machines deployed in […]
The U.S. CISA reveals that many of the victims of the SolarWinds hackers had no direct connection to SolarWinds. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that many of the organizations targeted by SolarWinds hackers had not direct link to the supply chain attack. “While the supply chain compromise of SolarWinds first highlighted […]
Experts spotted a new Trickbot module that is used to scan local networks and make lateral movement inside the target organization. Cybersecurity researchers discovered a new module of the Trickbot malware, dubbed ‘masrv’, that is used to scan a local network and make lateral movement inside the target organization. The masrv module leverage the Masscan open-source utility […]
Experts uncovered a new supply chain attack leveraging the update process of NoxPlayer, a free Android emulator for PCs and Macs. UPDATE (February 3rd, 2021): Following the publication of our research, BigNox have contacted us to say that their initial denial of the compromise was a misunderstanding on their part and that they have since […]
Researchers from the security firm NCC Group warn of the exploitation in the wild of a SonicWall zero-day vulnerability. Security experts from the firm NCC Group have detected “indiscriminate” exploitation of a SonicWall zero-day in attacks in the wild, ZDNet reported. NCC Group first disclosed the attacks on SonicWall devices on Sunday but did not […]
Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. The popular white hat hacker Tavis Ormandy of Google Project Zero discovered a severe heap buffer overflow flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption software could have allowed a remote attacker to write […]
Expert disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited to escape the Docker container hosting them. Cybersecurity researcher Paul Litvak from Intezer Lab disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited by an attacker to escalate privileges and escape the Docker container that hosts them. The experts […]