French multinational dairy Lactalis hit by a cyber attack
French multinational dairy products corporation Lactalis discloses cyberattack, but claimed that had no evidence of a data breach. France-based dairy
Read more
Alleged China-linked APT41 group targets Indian critical infrastructures
Recorded Future researchers uncovered a campaign conducted by Chinese APT41 group targeting critical infrastructure in India. Security researchers at Recorded
Read more
Distributor of Asian food JFC International hit by Ransomware
JFC International, a major wholesaler and distributor of Asian food products in the United States, was hit by ransomware. JFC
Read more
Gootkit delivery platform Gootloader used to deliver additional payloads
The Javascript-based infection framework for the Gootkit RAT was enhanced to deliver a wider variety of malware, including ransomware. Experts
Read more
Oxfam – 1,834,006 breached accounts
In January 2021, Oxfam Australia was the victim of a data breach which exposed 1.8M unique email addresses of supporters
Read more
Ticketcounter – 1,921,722 breached accounts
In August 2020, the Dutch ticketing service Ticketcounter inadvertently published a database backup to a publicly accessible location where it
Read more
Defending online anonymity and speech with Eva Galperin: Lock and Code S02E03
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we
Read more
Tether says it is a Victim of a 500 BTC Ransom
Only days after the conclusion of its long-running fight with the Office of the Attorney General of New York,
Read more
Microsoft Lures Populate Half of Credential-Swiping Phishing Emails
According to the sources nearly half of the emails, phishing attacks in the year 2020 aimed to swipe credentials
Read more
Russian Hackers Sabotaging Critical U.S Infrastructure
Among every state-sponsored hacking group that has attacked the U.S power grid, and went beyond to compromise American Electric Utilities,
Read more
US Senate’s Selection Committe Raises Some Serious Concerns Regarding SolarWinds Attack
The US Senate’s select committee has blamed Russia for the massive intelligence operation that infiltrated SolarWinds, a Texas-based software
Read more
Nation States Are Using Cyber Crime Groups to Carry Attacks: States Blackberry Threat Report 2021
Nation-states are employing cybercriminals for hacking activities to perpetrate assaults in order to conceal their own presence. An e-security
Read more
Mobile malware evolution 2020
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. The
Read more
Halogen – Automatically Create YARA Rules From Malicious Documents
Halogen is a tool to automate the creation of yara rules against image files embedded within a malicious document. Halogen
Read more
StandIn – A Small .NET35/45 AD Post-Exploitation Toolkit
StandIn is a small AD post-compromise toolkit. StandIn came about because recently at xforcered we needed a .NET native solution
Read more
How to Achieve and Maintain Continuous Cloud Compliance
This blog is part of an ongoing series sharing key takeaways from Rapid7’s 2020 Cloud Security Executive Summit. Interested in
Read more
Intern caused ‘solarwinds123’ password leak, former SolarWinds CEO says
Top executives of the software firm SolarWinds blamed an intern for having used a weak password for several years, exposing
Read more
ByteDance agreed to pay $92M in US privacy Settlement for TikTok data collection
ByteDance, the company behind TikTok, agreed to pay $92 million in a settlement to U.S. users for illegal data collection.
Read more
NSA embraces the Zero Trust Security Model
The National Security Agency (NSA) published a document to explain the advantages of implementing a zero-trust model. The National Security
Read more
EU leaders aim at boosting defense and security, including cybersecurity
During a video conference of the members of the European Council, EU leaders agreed on a new strategy aimed at boosting
Read more
CVE-2021-21156
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.
Read more
CVE-2021-21157
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Read more
CVE-2021-23336
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.
Read more
CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=”null” (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
Read more