REvil killer, Tricky phish, Top Aces locked, and more.

Infosec Overnights - Daily Security News

תוכן מסופק על ידי Paul Torgersen. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Paul Torgersen או שותף פלטפורמת הפודקאסט שלו. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

2y ago 2:51

MP3•בית הפרקים

סדרה בארכיון ("עדכון לא פעיל" status)

When? This feed was archived on May 25, 2023 16:09 (11M ago). Last successful fetch was on July 29, 2022 18:35 (1+ y ago)

Why? עדכון לא פעיל status. השרתים שלנו לא הצליחו לאחזר פודקאסט חוקי לזמן ממושך.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

A daily look at the relevant information security news from overnight.
Episode 238 - 13 May 2022
REvil killer - https://portswigger.net/daily-swig/researcher-stops-revil-ransomware-in-its-tracks-with-dll-hijacking-exploit
Tricky phish -
https://www.bleepingcomputer.com/news/security/iranian-hackers-exposed-in-a-highly-targeted-espionage-campaign/
Zyxel flaw - https://www.securityweek.com/critical-vulnerability-allows-remote-hacking-zyxel-firewalls
InHand out of hand - https://www.securityweek.com/critical-vulnerabilities-provide-root-access-inhand-industrial-routers
Top Aces locked- https://therecord.media/top-aces-ransomware-attack-lockbit/
Hi, I’m Paul Torgersen. It’s Friday the 13th of May, 2022, and this is a look at the information security news from overnight.
From PortSwigger.net:
John Page at Malvuln.com has discovered a vulnerability in the REvil ransomware that can be exploited to deactivate the malware before it encrypts any files. REvil searches for and executes DLLs in the directory where it is located. By hijacking a vulnerable DLL and executing specially crafted code, he was able to stop and terminate REvil before it started encrypting. Details, including a proof of concept, in the article.
From BleepingComputer.com:
Threat analysts have spotted a novel attack attributed to the Iranian hacking group APT34 or Oilrig, targeting Jordanian diplomats with custom-crafted tools. The spear-phishing email has an Excel attachment that contains VBA macro code to load a malicious executable, a configuration file, and a signed and clean DLL. It also checks for the existence of a mouse, which if you are playing in a sandbox, may not be there.
From SecurityWeek.com:
Thousands of Zyxel firewalls could be vulnerable to remote attacks which affect ATP, VPN and USG FLEX series firewalls. The vulnerability can be exploited by a remote, unauthenticated attacker for arbitrary code execution as the “nobody” user. The company has already released a fix. Details in the article.
Also from SecurityWeek.com:
A total of 17 vulnerabilities have been found in the InHand Networks wireless industrial routers which could be exploited to gain root access. The weaknesses affect IR302 version 3.5.37 and prior. If that is you, make sure to update to version 3.5.45. Get your patch on kids.
And last today, from TheRecord.media:
Top Aces, a Canadian company that supplies fighter jets for airborne training exercises has been hit with a ransomware attack. The company works extensively with the armed forces of Canada, Germany, United States, Israel and others. The LockBit ransomware group gave Top Aces a deadline of May 15 before it leaks the 44GB of data it allegedly stole.
That’s all for me today. Remember to LIKE and SUBSCRIBE. And as always, until next time, be safe out there.

221 פרקים

#Security #Software Development #Paul Torgersen #Security News #Tech #News #Tech News