Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks. DNSaaS providers (also known as managed DNS providers) provide DNS renting services to other organizations that do not want to manage and secure yet another network asset on their own. These DNS flaws provide threat actors with nation-state intelligence harvesting capabilities with a simple domain registration. READ MORE...
A "highly sophisticated group" known for cyberattacks against governmental and other entities is believed to be behind the attack this spring that targeted the Alaska health department, a spokesperson for the department said. Clinton Bennett, a department spokesperson, said a cybersecurity firm the department is working with had identified as responsible for the incident "a highly sophisticated group known to conduct complex cyberattacks." READ MORE...
IT management and security company Ivanti this week released patches for multiple vulnerabilities in its Pulse Connect Secure VPN appliances, including a critical issue that could be exploited to execute arbitrary code with root privileges. Tracked as CVE-2021-22937 (CVSS score of 9.1), the issue is in fact a bypass of the patch released in October last year for CVE-2020-8260, a high-severity remote code execution flaw in the admin web interface of Pulse Connect Secure. READ MORE...
Group-IB security researchers have shared a technical analysis of Prometheus TDS, an underground service that over the past several months has been used for the distribution of various malware families, such as Buer Loader, Campo Loader, Hancitor, IcedID, QBot, and SocGholish. Prometheus TDS (Traffic Direction System) is a malware-as-a-service (MaaS) solution that has been promoted on underground forums since August 2020. READ MORE...
?The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMware's ESXi virtual machine platform. The enterprise is increasingly moving to virtual machines for their servers for better resource management and disaster recovery. With VMware ESXi being the most popular virtual machine platform, almost every enterprise-targeting ransomware operation has begun to release encryptors that specifically target its virtual machines. READ MORE...
A vulnerability in a high-level privacy feature of Telegram on macOS that sets up a "self-destruct" timer for messages on both the sender's and recipient's devices can allow someone to retrieve these messages even after they've been deleted, a researcher has found. Reegun Richard Jayapaul, Trustwave SpiderLabs Lead Threat Architect, discovered the flaw in the Self-Destruct feature of Telegram MacOS, which is part of the Secret-Chats aspect of the messaging app that uses end-to-end encryption. READ MORE...
The vast majority of commercial-off-the-shelf products examined in a new report contain at least one cybersecurity vulnerability at the highest severity ranking, something the report's authors say should compel their customers-including the government-to employ software bills of materials. GrammaTech-an application security testing firm that generates SBOMs and would benefit from greater demand for them-published the report Wednesday in partnership with cybersecurity consultant Osterman Research. READ MORE...
Implementation flaws and imperfections in the technical specifications around HTTP/2 are exposing websites using the network protocol to a brand-new set of risks, a security researcher warned in a presentation at Black Hat USA Thursday. Researcher James Kettle this week showed how similar attacks could be carried out with potentially severe consequences against websites using the HTTP/2 standard. READ MORE...