Author Archives: BGD eGOV CIRT



BGD eGOV CIRT

Microsoft confirms two Exchange Server zero days are being used in cyberattacks
in News, Security Advisories & Alerts

Microsoft confirms two Exchange Server zero days are being used in cyberattacks

Microsoft confirmed it is investigating two zero days affecting its Exchange Server software late Thursday following a report from Vietnamese cybersecurity firm GTSC that the vulnerabilities are being exploited in the wild. GTSC said it discovered the issues in August while doing security incident monitoring and response, then reported the issue to Microsoft’s Zero Day Initiative, which confirmed the bugs. The attacks GTSC reported chain together the two vulnerabilities. ...

Read More

0
01 Oct 2022
Critical Vulnerability in Sophos Firewall
in Security Advisories & Alerts

Critical Vulnerability in Sophos Firewall

Sophos warned today that a critical code injection security vulnerability in the company’s Firewall product is being exploited in the wild. “Sophos has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region,” the security software and hardware vendor warned. “We have informed each of these organizations directly. Sophos will provide further details as we continue...

Read More

0
26 Sep 2022
Researchers Uncover a New Metador APT Targeting Telcos, ISPs, and Universities.
in Security Advisories & Alerts, Uncategorized

Researchers Uncover a New Metador APT Targeting Telcos, ISPs, and Universities.

Executive Summary SentinelLabs researchers uncovered a never-before-seen advanced threat actor we’ve dubbed ‘Metador’. Metador primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa. The operators are highly aware of operations security, managing carefully segmented infrastructure per victim, and quickly deploying intricate countermeasures in the presence of security solutions. Metador’s attack chains are designed to bypass native security...

Read More

0
26 Sep 2022
The North Korean Lazarus Group Hacked Energy Providers Worldwide
in English articles, News

The North Korean Lazarus Group Hacked Energy Providers Worldwide

INTRODUCTION Cisco Talos observed North Korean state-sponsored APT Lazarus Group conducting malicious activity between February and July 2022. Lazarus has been previously attributed to the North Korean government by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The entry vectors involve the successful exploitation of vulnerabilities in VMWare products to establish initial footholds into enterprise networks, followed by the deployment of the group’s custom malware implants, VSingle and YamaBot. In...

Read More

0
13 Sep 2022
High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices
in Security Advisories & Alerts

High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices

A number of firmware security flaws uncovered in HP’s business-oriented high-end notebooks continue to be left unpatched in some devices even months after public disclosure. Binarly, which first revealed details of the issues at the Black Hat USA conference in mid-August 2022, said the vulnerabilities “can’t be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement.” Firmware flaws can have serious implications...

Read More

0
13 Sep 2022
Vice Society: a discreet but steady double extortion ransomware group
in English articles, News

Vice Society: a discreet but steady double extortion ransomware group

What is Vice Society? Vice Society is a little-known double extortion group that joined the cybercrime ecosystem a year ago. Since then, it showed a steady activity, encrypting and exfiltrating its victim’s data and threatening their victims to leak their information to pressure them into paying a ransom. Unlike other RaaS (Ransomware-as-a-Service) double extortion groups, Vice Society focuses on getting into the victim system to deploy ransomware binaries...

Read More

0
13 Sep 2022
Travel Industry Recovering From Covid Turbulence, Grounded By Cyberattacks
in English articles, News, Security Advisories & Alerts

Travel Industry Recovering From Covid Turbulence, Grounded By Cyberattacks

Cybercrime Activities At A Glance  Introduction  The Aviation industry is a critical, strategic, and economically important sector for any nation. The pandemic-struck industry has started showing signs of gradual recovery after two years of volatility, however, attaining the pre-COVID global travel figures seems still farfetched until mid-2023. Amidst epidemic chaos, the Aviation industry steered itself towards embracing technology to reduce human dependence and make a...

Read More

0
05 Sep 2022
Palo Alto Recognizes Vulnerability Impacting PAN-OS® (CVE-2022-0028)
in CVE, Security Advisories & Alerts, Uncategorized

Palo Alto Recognizes Vulnerability Impacting PAN-OS® (CVE-2022-0028)

Global Critical Infrastructure Potentially Vulnerable To Reflected Amplification-Based Denial-Of-Service (RDoS) Attacks Introduction Over the past few weeks, Cyble Research & Intelligence Labs has observed the active exploitation of a recently discovered vulnerability found in the Palo Alto Networks’ PAN-OS operating system that runs the firewalls and could allows a remote Threat Actor (TA) to conduct reflected and amplified TCP denial-of-service (RDoS) attacks against the their...

Read More

0
05 Sep 2022
New Android Banking Trojan Zanubis Spotted In The Wild.
in CVE, English articles, Security Advisories & Alerts

New Android Banking Trojan Zanubis Spotted In The Wild.

Cyble Research and Intelligence Labs (CRIL) has been tracking the activities of various Android Banking Trojans such as Hydra, Ermac, and Amextroll, amongst several others. During a routine threat-hunting exercise, we came across a Twitter post where a researcher mentioned a malware sample. After an in-depth analysis, the malware was identified as a new Android Banking Trojan variant targeting over 40 applications from Peru. The Threat Actor (TA) uses the...

Read More

0
04 Sep 2022
Zeppelin Ransomware
in CVE, English articles, Security Advisories & Alerts

Zeppelin Ransomware

Technical Details Note: this advisory uses the MITRE ATT&CK® for Enterprise framework, version 11. See MITRE ATT&CK for Enterprise for all referenced tactics and techniques. Zeppelin ransomware is a derivative of the Delphi-based Vega malware family and functions as a Ransomware as a Service (RaaS). From 2019 through at least June 2022, actors have used this malware to target a wide range of businesses and critical infrastructure...

Read More

0
01 Sep 2022
Page 3 of 3123