by CIRT Team
Nagios CVE-2016-8641 Local Privilege Escalation Vulnerability
Description: A privilege escalation vulnerability was found in nagios that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It’s possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change. Impact: A local attacker may exploit this issue to gain elevated root privileges on the affected...
Read More
by CIRT Team
Someone Published a List of Telnet Credentials for IoT Devices [source : bleepingcomputer]
A list of thousands of fully working Telnet credentials has been sitting online on Pastebin since June 11, credentials that can be used by botnet herders to increase the size of their DDoS cannons. The list — spotted by Ankit Anubhav, a security researcher with New Sky Security — includes an IP address, device username, and a password, and is mainly made up of default device...
Read More
by CIRT Team
Hackable flaw in connected cars is ‘unpatchable’, warn researchers [source: nakedsecurity]
The news for the motoring public was bad enough a few weeks ago: a team of researchers had demonstrated yet another hackable flaw in connected vehicles – in the Controller Area Network (CAN) bus standard – that could enable a Denial of Service (DoS) attack on safety systems including brakes, airbags and power steering. Kind of a big deal, since the CAN is essentially the brain of...
Read More
by CIRT Team
NIST’s new password rules – what you need to know [source: nakedsecurity]
It’s no secret. We’re really bad at passwords. Nevertheless, they aren’t going away any time soon. With so many websites and online applications requiring us to create accounts and think up passwords in a hurry, it’s no wonder so many of us struggle to follow the advice of so-called password security experts. At the same time, the computing power available for password cracking just gets...
Read More
by CIRT Team
New EMPTY CryptoMix Ransomware Variant Released [source: bleepingcomputer]
MalwareHunterTeam has discovered a new variant of the CryptoMix ransomware that is appending the .EMPTY extension to encrypted file names. Considering that the previous variant used ERROR as the previous extension and now uses empty, it is clear that the developers are running out of ideas for extensions. This article will provide a brief summary of what has changed in this new variant. For more detail, click here.
by CIRT Team
Mobile malware factories: Android apps for creating ransomware [source: symantec]
Having little to no coding experience is no longer a problem for wannabe mobile malware authors, thanks to Trojan Development Kits (TDKs). Criminals can now install an app that will allow them to quickly and easily create Android ransomware with their own devices. It should be noted that the use of TDKs is different from malware being created using the Android integrated development environment (AIDE)....
Read More
by CIRT Team
Malicous Chrome Extensions Stealing Roblox In-Game Currency [source: trendmicro]
Recently, we discussed how cyber criminals are using the popular voice/chat client Discord to steal cookies from the running Roblox process on a Windows PC. Since then, we’ve noticed another attack going after the same information, only this time it is via Chrome extensions (CRX files). While currently it is targeting only Roblox users, the same technique can be used to steal cookies from any website. The...
Read More
by CIRT Team
Malware rains on Google’s Android Oreo parade [source: nakedsecurity]
Google has had an exciting summer, for good and bad reasons. The good news: Google just officially launched the eighth version of its operating system, Android Oreo, with enhancements for battery life and security. Last month, it also began rolling out a new feature called Google Play Protect, designed to scan apps that could cause harm to your Android device and data. The bad news: at least five different...
Read More
by CIRT Team
Cisco IOS and IOS XE Software Multiple Remote Code Execution Vulnerabilities
Description: The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP – Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must...
Read More
by CIRT Team
ISC BIND CVE-2017-3143 Security Bypass Vulnerability
Description: BIND is open source software that enables you to publish your Domain Name System (DNS) information on the Internet, and to resolve DNS queries for your users. An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND...
Read More
