by CIRT Team
Hacker Can Steal Data from Air-Gapped Computers [source: thehackernews]
Do you think it is possible to extract data from a computer using its power cables? If no, then you should definitely read about this technique. Researchers from Israel’s Ben Gurion University of the Negev—who majorly focus on finding clever ways to exfiltrate data from an isolated or air-gapped computer—have now shown how fluctuations in the current flow “propagated through the power lines” could be...
Read More
by CIRT Team
CCleaner Attack Timeline—Here’s How Hackers Infected 2.3 Million PCs [source: thehackernews]
Last year, the popular system cleanup software CCleaner suffered a massive supply-chain malware attack of all times, wherein hackers compromised the company’s servers for more than a month and replaced the original version of the software with the malicious one. The malware attack infected over 2.3 million users who downloaded or updated their CCleaner app between August and September last year from the official website with the...
Read More
by CIRT Team
iOS Trustjacking Attack Exposes iPhones to Remote Hacking [source: bleepingcomputer]
Symantec researchers have found a loophole in how iPhone users pair devices with Mac workstations and laptops. They say attackers can exploit this flaw —which they named Trustjacking— to take over devices without the phone owner’s knowledge. At the technical level, the Trustjacking security issue is rooted in the “iTunes Wi-Fi sync” feature included with iTunes. If this option is enabled in the iTunes settings...
Read More
by CIRT Team
Microsoft Outlook retrieves remote OLE content without prompting[source: kb.cert]
Overview When a Rich Text (RTF) email is previewed in Microsoft Outlook, remotely-hosted OLE content is retrieved without requiring any additional user interaction. This can leak private information including the user’s password hash, which may be cracked by an attacker. Description Microsoft Outlook will automatically retrieve remote OLE content when an RTF email is previewed. When remote OLE content is hosted on a SMB/CIFS server,...
Read More
by CIRT Team
Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution[cisecurity]
Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for arbitrary code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution within the context of a privileged process....
Read More
by CIRT Team
Critical vulnerability opens Cisco switches to remote attack [source: helpnetsecurity]
A critical vulnerability affecting many of Cisco’s networking devices could be exploited by unauthenticated, remote attackers to take over vulnerable devices or trigger a reload and crash. The company says that the vulnerability is not actively exploited in the wild, but as information about it and Proof-of-Concept code has now been published network administrators would do well to install the released security updates as soon...
Read More
by CIRT Team
How to Determine If You Need a SOC Team, CSIRT Team or Both [source: infosecinstitute]
SOC and CSIRT teams have distinctive roles and responsibilities. In this article we describe the differences between a SOC and CSIRT to help you determine which team will fill your organization’s needs. SOC? A SOC stands for security operations center. Obviously, the term SOC bears the connotation of an environment designed specifically to defend corporate data and networks, and it can be used to describe...
Read More
by CIRT Team
PHP Weathermap Vulnerability to Install Cryptocurrency Miner on Linux Servers[gbhackers]
An active cryptocurrency mining campaign targeting Linux servers via PHP Weathermap Vulnerability to deploy cryptocurrency mining malware. The campaign uses an outdated security flaw with “Network Weathermap” that allow a remote attacker to inject arbitrary codes in the server. In the current campaign, cybercriminals deploy the XMRig miner as final payload in the target server. The attack primarily focuses on Japan, Taiwan, China, the U.S.,...
Read More
by CIRT Team
Telegram Bot API Abused by TeleRAT Android Malware [source: gbhackers]
A Newly Discovered Andoird Malware called TeleRAT are abused Telegram Bot API that used to command and control the malicious Android applications. TeleRAT is a Dubbed IRRAT Malware that steal information ranging from SMS and call history to file listings from infected Android devices. “Telegram Bots are special accounts that do not require an additional phone number to set up and are generally used to...
Read More
by CIRT Team
Hardcoded Password Found in Cisco Software [source: bleepingcomputer]
Cisco released 22 security advisories yesterday, including two alerts for critical fixes, one of them for a hardcoded password that can give attackers full control over a vulnerable system. The hardcoded password issue affects Cisco’s Prime Collaboration Provisioning (PCP), a software application that can be used for the remote installation and maintenance of other Cisco voice and video products. Cisco PCP is often installed on...
Read More