From bleepingcomputer.com
Fake Windows 10 updates are being used to distribute the Magniber ransomware in a massive campaign that started earlier this month.
BU-CERT News
LastPass investigated recent reports of blocked login attempts
From securityafairs.co
Password manager app LastPass confirmed that threat actors have launched a credential stuffing attack against its users.
While LastPass says that it is not aware that some of its accounts were compromised in the recent credential stuffing attacks that started on Monday, numerous LastPass users claim that their master passwords have been compromised after receiving emails warning them that someone tried to use them to access their accounts.
Day 10: where we are with log4j from honeypot’s perspective
From netlab.360.com
Netlab 360 have setup honeypots to study the impact of the latest log4j critical vulnerability. They established that the number of attack sessions rose rapidly in the next few days after the vulnerability was exposed. On December 18, the day with the highest number of attack sessions so fare, there were over 28,000 attack sessions in one day. starting on December 13, there were also combined attacks of this vulnerability with other vulnerabilities (Apache Flink, Hadoop, Apache Struts2 vulnerability, etc.).
Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
From Census Labs
CENSUS has been investigating for some time now the exploitation potential of Man-in-the-Disk (MitD) [01] vulnerabilities in Android. Recently, CENSUS identified two such vulnerabilities in the popular WhatsApp messenger app for Android [34]. The first of these was possibly independently reported to Facebook and was found to be patched in recent versions, while the second one was communicated by CENSUS to Facebook and was tracked as CVE-2021-24027 [33]. As both vulnerabilities have now been patched, we would like to share our discoveries regarding the exploitation potential of such vulnerabilities with the rest of the community.
Vulnerability: Est. Millions of Users of Popular Educational Platform Exposed to Account Takeover Threats And More
From wizcase.com
At the beginning of October 2020, the Wizcase cyber research team, led by Ata Hakcil, discovered a security vulnerability in the open-source learning platform Moodle. Anyone who had an account on a given school’s Moodle (with TeX filter enabled) could then take over students’ accounts, professors, and even the accounts managed by the platform administrators.
Analysis of the Emotet campaign – Fall 2020
From neurosoft.gr
Emotet is considered to be among the top malware threats, primarily spreading through emails and specifically using the email thread hijacking approach. In this latest report, researchers from University of Piraeus, Athena Research Center and Neurosoft have dissected the malware and conducted an in depth analysis of the Emotet campaign.
7,500 educational organizations hacked, access being sold on Russian hacker forums
From cybernews.com
Network access to 7,500 organizations is being sold by a threat actor on multiple Russian hacker forums. According to the listings posted on October 3 and October 26, these mainly include educational organizations. However, the package also appears to include access to corporate networks from other verticals, such as entertainment and the bar industry.