Original release date: July 1, 2022CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and…
Andrew Appel has a long analysis of the Swiss online voting system. It’s a really good analysis of both the system and the official analyses.
Wired is reporting on a new remote-access Trojan that is able to infect at least eighty different targets:
So far, researchers from Lumen Technologies’ Black Lotus Labs say they’ve identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek. Dubbed ZuoRAT, the remote access Trojan is part of a broader hacking campaign that has existed since at least the fourth quarter of 2020 and continues to operate.
The discovery of custom-built malware written for the MIPS architecture and compiled for small-office and home-office routers is significant, particularly given its range of capabilities. Its ability to enumerate all devices connected to an infected router and collect the DNS lookups and network traffic they send and receive and remain undetected is the hallmark of a highly sophisticated threat actor…
Original release date: June 30, 2022CISA, the Federal Bureau of Investigation (FBI), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: M…
Original release date: June 30, 2022CISA, the Federal Bureau of Investigation (FBI), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: M…
Original release date: June 29, 2022Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA e…
Someone hacked the Ecuadorian embassy in Moscow and found a document related to Ecuador’s 2013 efforts to bring Edward Snowden there. If you remember, Snowden was traveling from Hong Kong to somewhere when the US revoked his passport, stranding h…
Original release date: June 28, 2022 CISA has released guidance on switching from Basic Authentication (“Basic Auth”) in Microsoft Exchange Online to Modern Authentication (“Modern Auth”) before Microsoft begins permanently disabling Basic Auth on…
On December 7, 2021, Google announced it had sued two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy — a 14-year-old anonymity service that rents hacked PCs to cybercriminals — suddenly went offline. Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy’s founder is one of the men being sued by Google.
Original release date: June 28, 2022The Homeland Security Systems Engineering and Development Institute, sponsored by CISA and operated by MITRE, has released the 2022 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. Th…
