News – Page 6 – BU-CERT

OSINT: The privacy risks of sharing too much information

Posted on 4 May 2022

From tripwire.com

OSINT The privacy risks of sharing too much information

In the past, I’ve written about digital privacy and how much data we leak through our day to day interactions. I think this is an important topic to consider and really focus on and it is an element of cybersecurity at both the enterprise and personal level that isn’t discussed enough. One of the reasons is that demonstrating this can definitely have elements of “being creepy.” With software vulnerabilities, we can obtain the software ourselves and demonstrate the vulnerability. That’s more difficult to do with privacy related information as anyone who could consent is someone that you likely know a lot about already.

Fake Windows 10 updates infect you with Magniber ransomware

Posted on 2 May 2022

From bleepingcomputer.com

Fake Windows 10 updates are being used to distribute the Magniber ransomware in a massive campaign that started earlier this month.

LastPass investigated recent reports of blocked login attempts

Posted on 29 December 2021

From securityafairs.co

Password manager app LastPass confirmed that threat actors have launched a credential stuffing attack against its users.

While LastPass says that it is not aware that some of its accounts were compromised in the recent credential stuffing attacks that started on Monday, numerous LastPass users claim that their master passwords have been compromised after receiving emails warning them that someone tried to use them to access their accounts.

Someone tried my @LastPass master password earlier yesterday and then someone just tried it again a few hours ago after I changed it. What the hell is going on?
— Valcrist (@Valcristerra) December 28, 2021

Day 10: where we are with log4j from honeypot’s perspective

Posted on 29 December 2021

From netlab.360.com

Netlab 360 have setup honeypots to study the impact of the latest log4j critical vulnerability. They established that the number of attack sessions rose rapidly in the next few days after the vulnerability was exposed. On December 18, the day with the highest number of attack sessions so fare, there were over 28,000 attack sessions in one day. starting on December 13, there were also combined attacks of this vulnerability with other vulnerabilities (Apache Flink, Hadoop, Apache Struts2 vulnerability, etc.).

The University of Hertfordshire hit by a cyber attack in latest attack against the Educational Sector

Posted on 19 April 2021

On Wednesday 14th April, the University of Hertfordshire was hit by a cyber attack that has taken down its entire IT network and has also blocked access to cloud-based services.

With all its systems affected by the attack, the university halted its online teaching on both Thursday and Friday, and said other classes may go ahead, but “students will have no on-site or remote access to computer facilities in the LRCs (learning resources centres), labs or the university wi-fi”

Further information about this can be found here and on the BBC News.

Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)

Posted on 15 April 2021

From Census Labs

CENSUS has been investigating for some time now the exploitation potential of Man-in-the-Disk (MitD) [01] vulnerabilities in Android. Recently, CENSUS identified two such vulnerabilities in the popular WhatsApp messenger app for Android [34]. The first of these was possibly independently reported to Facebook and was found to be patched in recent versions, while the second one was communicated by CENSUS to Facebook and was tracked as CVE-2021-24027 [33]. As both vulnerabilities have now been patched, we would like to share our discoveries regarding the exploitation potential of such vulnerabilities with the rest of the community.

Vulnerability: Est. Millions of Users of Popular Educational Platform Exposed to Account Takeover Threats And More

Posted on 9 April 2021

From wizcase.com

At the beginning of October 2020, the Wizcase cyber research team, led by Ata Hakcil, discovered a security vulnerability in the open-source learning platform Moodle. Anyone who had an account on a given school’s Moodle (with TeX filter enabled) could then take over students’ accounts, professors, and even the accounts managed by the platform administrators.