From securityaffairs.co
At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform.
BU-CERT News
Cyberspies use IP cameras to deploy backdoors, steal Exchange emails
From bleepingcomputer.com
A newly discovered and uncommonly stealthy Advanced Persistent Threat (APT) group is breaching corporate networks to steal Exchange (on-premise and online) emails from employees involved in corporate transactions such as mergers and acquisitions.
Mandiant researchers, who discovered the threat actor and now track it as UNC3524, say the group has demonstrated its “advanced” capabilities as it maintained access to its victims’ environments for more than 18 months (in some cases).
OSINT: The privacy risks of sharing too much information
From tripwire.com
In the past, I’ve written about digital privacy and how much data we leak through our day to day interactions. I think this is an important topic to consider and really focus on and it is an element of cybersecurity at both the enterprise and personal level that isn’t discussed enough. One of the reasons is that demonstrating this can definitely have elements of “being creepy.” With software vulnerabilities, we can obtain the software ourselves and demonstrate the vulnerability. That’s more difficult to do with privacy related information as anyone who could consent is someone that you likely know a lot about already.
Fake Windows 10 updates infect you with Magniber ransomware
From bleepingcomputer.com
Fake Windows 10 updates are being used to distribute the Magniber ransomware in a massive campaign that started earlier this month.
LastPass investigated recent reports of blocked login attempts
From securityafairs.co
Password manager app LastPass confirmed that threat actors have launched a credential stuffing attack against its users.
While LastPass says that it is not aware that some of its accounts were compromised in the recent credential stuffing attacks that started on Monday, numerous LastPass users claim that their master passwords have been compromised after receiving emails warning them that someone tried to use them to access their accounts.
Day 10: where we are with log4j from honeypot’s perspective
From netlab.360.com
Netlab 360 have setup honeypots to study the impact of the latest log4j critical vulnerability. They established that the number of attack sessions rose rapidly in the next few days after the vulnerability was exposed. On December 18, the day with the highest number of attack sessions so fare, there were over 28,000 attack sessions in one day. starting on December 13, there were also combined attacks of this vulnerability with other vulnerabilities (Apache Flink, Hadoop, Apache Struts2 vulnerability, etc.).
Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
From Census Labs
CENSUS has been investigating for some time now the exploitation potential of Man-in-the-Disk (MitD) [01] vulnerabilities in Android. Recently, CENSUS identified two such vulnerabilities in the popular WhatsApp messenger app for Android [34]. The first of these was possibly independently reported to Facebook and was found to be patched in recent versions, while the second one was communicated by CENSUS to Facebook and was tracked as CVE-2021-24027 [33]. As both vulnerabilities have now been patched, we would like to share our discoveries regarding the exploitation potential of such vulnerabilities with the rest of the community.