Wednesday, April 21, 2021
Internet Storm Center Infocon Status

LATEST

The Hacker News

3 Zero-Day Exploits Hit SonicWall Enterprises Email Security Appliances

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidiary...
The Hacker News

WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations

If the Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there...
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…

Tool links email addresses to Facebook accounts at scale

Enlarge (credit: Getty Images) Still smarting from last month’s dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale,...
Security Now

SN 815: Homogeneity Attacks – Is FLoC All That Bad?, Humble Bundle For Programmers, Chrome 90

Club TWiT details. Picture of the Week. The Vivaldi Project's take on FLoC. Chrome continues to be THE high-value target. We're at Chrome v90. Exchange Server Web Shells removed, with DOJ Permission. WordPress joins the "FLoC No!" chorus. It's Humble Bundle Book Time. Closing the Loop. A quick...
SC Magazine

With details sparse, vendors scramble to make sense of Biden 100-day grid security plan

The Biden administration launched what it called a “bold” 100-day sprint to improve the cybersecurity of electric utilities on Tuesday. The plan was not released in full to the public, or to many vendors who might be instrumental in...
The Register

China broke into govt, defense, finance networks via zero-day in Pulse Secure VPN gateways? No way

Crucial flaw won't be fixed until next month Dozens of defense companies, government agencies, and financial organizations in America and abroad appear to have been compromised via vulnerabilities in their Pulse Connect Secure VPN appliances – including a zero-day...
CERT

VU#567764: MySQL for Windows is vulnerable to privilege escalation due to OPENSSLDIR location

Overview MySQL for Windows contains a privilege escalation vulnerability due to the use of an OPENSSLDIR...
SecurityWeek

Google Chrome Hit in Another Mysterious Zero-Day Attack

Google late Tuesday shipped another urgent security patch for its dominant Chrome browser and warned that attackers are exploiting one of the zero-days in active attacks. read more
DtSR Podcast

DtSR Episode 443 – TPA Addressing AppSec Tech Debt

Prologue Chris Eng has been elbows deep in software security for a very long time. Times have changed over the last 20 years, as have tools, methods, and outcomes - what hasn't changed is how much security debt we...
CERT

VU#213092: Pulse Connect Secure vulnerable to authentication bypass that could allow for remote code execution

Overview Pulse Connect Secure (PCS) gateway contains a vulnerability that can allow an unauthenticated remote attacker...

Pulse Secure VPN Flaws Exploited to Target US Defense Sector

China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks.
Brian Krebs

Note to Self: Create Non-Exhaustive List of Competitors

What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. — a $4 billion technology goliath whose analyst reports can move markets and...
SC Magazine

Hackers exploit unpatched vulnerabilities, zero day to attack governments and contractors

While the cybersecurity community pumps out a seemingly unending list of newly discovered software and hardware vulnerabilities each day, many organizations are far more likely to be compromised in part or in whole by older flaws that have yet...
Security Weekly

Codecov Attack, Major BGP Leak, Lazarus APT, Discord Ransomware, & GEICO Breach – SWN #115

This week, Dr. Doug talks naughty vaccines, Air frying is not frying, BGP is leaking, Codecov, Lazarus, Google Alerts, Nitro Ransomware, & we're joined once more for expert commentary by Jason Wood!   Show Notes: https://securityweekly.com/swn115 Visit https://www.securityweekly.com/swn for...
SecurityWeek

Pulse Secure Zero-Day Flaw Actively Exploited in Attacks

Multiple threat actors are actively engaged in the targeting of four vulnerabilities in Pulse Secure VPN appliances, including a zero-day identified this month that won't be patched until next month. read more

Foreign Spies Target British Nationals With Fake Social Media Profiles

British security agency MI5 has launched a new education campaign to warn potential victims of the attacks.
FireEye

Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise

In March 2021, Mandiant Managed Defense identified three zero-day vulnerabilities in SonicWall’s Email Security (ES) product that were being exploited in the wild. These vulnerabilities were executed in conjunction to obtain administrative access and code execution...

Attackers Compromised Code-Checking Vendor's Tool for Two Months

A script used to upload sensitive reports-with access to credentials and datastores-likely sent information on hundreds, possibly thousands, of companies to attackers.

Spy groups hack into companies using zero-day flaw in Pulse Secure VPN

Over the past few months, several cyberespionage groups, including one believed to be tied to the Chinese government, have been breaking into the networks of organizations from the United States and Europe by exploiting vulnerabilities in VPN appliances from...
SecureMac

What is Google’s FLoC (and does it harm privacy)?

What is Google’s FLoC? In this article, we'll explain what FLoC is, why it may be a privacy threat, and how to check for it in your browser. The post What is Google’s FLoC (and does it harm privacy)? appeared...
SC Magazine

Foreign threat actors used fake LinkedIn profiles to lure 10,000 UK nationals

Some 10,000 U.K. nationals have been lured on LinkedIn over the past five years by fake profiles tied to hostile nation-state threat actors The story was first reported by BBC, which attributed the news to MI5, the British spy agency...
771FollowersFollow

LEADERS

Brian Krebs

Note to Self: Create Non-Exhaustive List of Competitors

What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. — a $4 billion technology goliath whose analyst reports can move markets and...
Graham Cluley

Facebook suffers a data breach about how it’s hoping to stop the media talking about its last data breach

The social network has goofed again. But this time it's Facebook's PR team's handling of a data breach rather than its users who have been left exposed.
Graham Cluley

Cluley and Cisco: Preparing for cybersecurity threats in a permanently hybrid world

Thanks to the folks at Cisco who have invited me to participate in an online chat on Monday April 26. Learn more and register your interest to ensure you don't miss it.
Bruce Schneier

Biden Administration Imposes Sanctions on Russia for SolarWinds

On April 15, the Biden administration both formally attributed the SolarWinds espionage campaign to the Russian Foreign Intelligence Service (SVR), and imposed a series of sanctions designed to punish the country for the attack and deter future attacks. I will...
Graham Cluley

Six million male members may have been exposed after hack of gay dating service

Manhunt, a popular gay dating service, has suffered a data breach which may have put members at risk of exposure.