by CIRT Team
Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000 [vice]
Hackers are selling two critical vulnerabilities for the video conferencing software Zoom that would allow someone to hack users and spy on their calls, Motherboard has learned. The two flaws are so-called zero-days, and are currently present in Zoom’s Windows and MacOS clients, according to three sources who are knowledgeable about the market for these kinds of hacks. The sources have not seen the actual code...
Read More
by CIRT Team
ওয়েব মিটিং সফ্টওয়্যার -“জুম” (Zoom) এর নিরাপত্তা
বিশ্বব্যাপী COVID-19 এর প্রকোপের কারণে বেশিরভাগ প্ৰতিষ্ঠানের কর্মচারীরা বাসা থেকে কাজ করছেন, যার প্রেক্ষিতে মিটিং করতে বিভিন্ন ওয়েব মিটিং সফ্টওয়্যার ব্যবহৃত হচ্ছে। সহজ ব্যবহার এবং সমৃদ্ধ ফীচারের কারণে বর্তমানে ওয়েব মিটিং সফ্টওয়্যার হিসাবে “জুম” (ZOOM) বেশ জনপ্রিয়। জুম ব্যবহারকারীর সংখ্যা বৃদ্ধি পাওয়ায় সম্প্রতি “জুম-বোম্বিং” বা “ভিডিও-টেলিকনফারেন্সিং হাইজ্যাকিং” নামে বিভিন্ন আক্রমণ লক্ষ্য করা গিয়েছে। জুম মিটিং এর দুর্বলতাসমুহ ব্যবহার করে আক্রমণকারী মিটিংয়ের অ্যাক্সেস করতে পারে,...
Read More
by CIRT Team
Mozilla Patches Critical Vulnerabilities in Firefox, Firefox ESR
Description: Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more...
Read More
by CIRT Team
Google Releases Security Updates
Description: Google has released Chrome version 81.0.4044.92 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
by CIRT Team
Juniper Networks Releases Security Updates
Description: Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
by CIRT Team
VMware Releases Security Updates for VMware Directory Service
Description: VMware has released security updates to address a vulnerability in VMware Directory Service (vmdir). An attacker could exploit this vulnerability to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2020-0006.html
by CIRT Team
Apple Releases Security Updates
Description : Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. System / Technologies Affected : iCloud for Windows 7.18 iCloud for Windows 10.9.3 iTunes 12.10.5 for Windows iOS 13.4 and iPadOS 13.4 Safari 13.1 watchOS 6.2 tvOS 13.4 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update...
Read More
by CIRT Team
Protecting against coronavirus themed phishing attacks [microsoft]
The world has changed in unprecedented ways in the last several weeks due to the coronavirus pandemic. While it has brought out the best in humanity in many ways, as with any crisis it can also attract the worst in some. Cybercriminals use people’s fear and need for information in phishing attacks to steal sensitive information or spread malware for profit. Even as some criminal...
Read More
by CIRT Team
Fake Corona Antivirus Software Used to Install Backdoor Malware [bleepingcomputer]
Sites promoting a bogus Corona Antivirus are taking advantage of the current COVID-19 pandemic to promote and distribute a malicious payload that will infect the target’s computer with the BlackNET RAT and add it to a botnet. The two sites promoting the fake antivirus software can be found at antivirus-covid19[.]site and corona-antivirus[.]com as discovered by the Malwarebytes Threat Intelligence team and researchers at MalwareHunterTeam, respectively. While the former was...
Read More
by CIRT Team
COVID-19 Themes Are Being Utilized by Threat Actors of Varying Sophistication [anomali]
Threat actors are utilizing the global spread of COVID-19 (Coronavirus) to conduct malicious activity. As the world responds to this threat in various ways, actors are attempting to use the chaos to their advantage. COVID-19 is being weaponized for scare tactics by threat actors for conducting malicious activity utilizing different Tactics, Techniques, and Procedures (TTPs). While the majority of observations made by Anomali Threat Research...
Read More
