This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users’ Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a watering hole campaign Trend Micro dubbed ‘Operation Earth Kitsune’ that is spying on users’ systems through compromised...

CVE-2020-27620

The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups...

Windows GravityRAT Malware Now Also Targets macOS and Android Devices

A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbe...

Grocy Cross-Site Scripting Vulnerability

Grocy is a web-based self-hosted grocery and home management solution for families by individual developers. The platform is an ERP system for families written in PHP. A cross-site scripting vulnerability exists in Grocy version 2.7.1 and prior versions. The vulnerability is related to a running...

[SECURITY] Fedora 32 Update: dnf-4.4.0-1.fc32

Utility that allows users to manage packages on their systems. It supports RPMs, modules and comps groups & environments...

[SECURITY] Fedora 32 Update: dnf-4.4.0-2.fc32

Utility that allows users to manage packages on their systems. It supports RPMs, modules and comps groups & environments...

Ransomware Attackers Buy Network Access in Cyberattack Shortcut

For prices between $300 and $10,000, ransomware groups have the opportunity to easily buy initial network access to already-compromised companies on underground forums. Researchers warn this opportunity gives groups like Maze or Sodinokibi the ability to more easily kickstart ransomware attacks...

Best practices for defending Azure Virtual Machines

One of the things that our Detection and Response Team DART and Customer Service and Support CSS security teams see frequently during investigation of customer incidents are attacks on virtual machines from the internet. This is one area in the cloud security shared responsibility model where...

Researchers Fingerprint Exploit Developers Who Help Several Malware Authors

Writing advanced malware for a threat actor requires different groups of people with diverse technical expertise to put them all together. But can the code leave enough clues to reveal the person behind it? To this effect, cybersecurity researchers on Friday detailed a new methodology to identify...

Major Global Ransom Denial of Service Campaign Continues Rising Trend in Global DDoS Attacks

Extortionists Claim Connection to Notorious Threat Actor Groups In recent weeks Imperva has become aware of a considerable increase in the number of serious Ransom Denial of Service RDoS threats, with extortion campaigns targeting thousands of large commercial organizations globally, not least th...

Microsoft Warns of Cyberattacks on Trump, Biden Election Campaigns

The U.S. election campaigns of both Donald Trump and Joe Biden have been targeted in a slew of recent cyberattacks, Microsoft said on Thursday. With the U.S. presidential election a mere two months away, in recent weeks cyberattacks targeting people and organizations involved in it have ramped up...

PurpleCloud - An Infrastructure As Code (IaC) Deployment Of A Small Active Directory Pentest Lab In The Cloud

Pentest Cyber Range for a small Active Directory Domain. Automated templates for building your own Pentest/Red Team/Cyber Range in the Azure cloud! Purple Cloud is a small Active Directory enterprise deployment automated with Terraform / Ansible Playbook templates to be deployed in Azure. Purple...

Autovpn - Create On Demand Disposable OpenVPN Endpoints On AWS

Script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done with a single command takes 3 minutes. It will create the proper security groups. It spins up a tagged ec2 instance and configures OpenVPN software. Once instance is configured an OpenVPN...

CVE-2020-3473 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups withi...

Tackling Video Piracy Head-On

We are clearly in a "new" golden age of TV. Audiences around the world have never had so many viewing options available. This has led to a creative surge in new groundbreaking storytelling and entertainment as both broadcasters and digital giants try to maintain the loyalty of their viewers. This...

Cloud firewall management API SNAFU put 500k SonicWall customers at risk

TL;DR I found an IDOR in SonicWalls cloud management platform API Any user could add themselves to any account at any organisation using it Anyone could create a user account to exploit the issue, from the public internet Can be used to change firewall rules, or add rogue VPN users, for example...

New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send...

CVE-2020-23450

Spiceworks Version = 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization...

CVE-2020-23450

Spiceworks Version = 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization...

Cross site scripting

Spiceworks Version = 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization...