Volexity recently identified a breach to the website of a well regarded media outlet in the country of Georgia. As part of this breach, the media organization’s website was being leveraged as a component of a malware campaign targeting select visitors who view it website in Georgian. The targets were then further narrowed to those that were running the Mac OS X operating system, had...
Read More
The “Tick” group has conducted cyber espionage attacks against organizations in the Republic of Korea and Japan for several years. The group focuses on companies that have intellectual property or sensitive information like those in the Defense and High-Tech industries. The group is known to use custom malware called Daserf, but also employs multiple commodity and custom tools, exploit vulnerabilities, and use social engineering techniques.
Description: Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus’ Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in ‘enc_part’ instead of the unencrypted version stored in ‘ticket’. Use of the unencrypted version provides an opportunity for successful server impersonation...
Read More
Description: A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. Impact: Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Mitigation: Updates are available....
Read More
Description: glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and...
Read More
Cyber criminals are sending emails to unsuspecting users pretending to be representatives of the Bank of America. In the email, the sender is informing users that for their security, the bank has put limits on their account and the only way to get rid of limits is to confirm that they own the account. Whoever has sent the email has a terrible grammar, but it’s...
Read More
Spring Dragon is a long running APT actor that operates on a massive scale. The group has been running campaigns, mostly in countries and territories around the South China Sea, since as early as 2012. The main targets of Spring Dragon attacks are high profile governmental organizations and political parties, education institutions such as universities, as well as companies from the telecommunications sector.
In case you were wondering why a fish tank needs to be connected to the Internet, it’s because the casino wanted to do everything remotely, with employees using a remote connection to feed the fish and get all the information instantly, such as water temperature. But it was this connection that exposed the fish tank, and eventually, the entire casino, to hackers, as an unnamed...
Read More
Description: Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the “Broadpwn” issue. Impact: Broadcom Wi-Fi chips embedded in Android and iOS devices are vulnerable to a bug that allows an attacker to execute code on their devices, without any interaction needed from the user. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s:...
Read More
Do you value your Facebook account? Have you linked your phone number to your Facebook account? You could lose access to it if you aren’t careful, according to James Martindale, who discovered a worrisome Facebook authentication vulnerability. Facebook encourages you to give it your phone number “to help secure your account”, and you can link multiple numbers to your account. That means that you –...
Read More
