News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

BlackByte hijacks EDR solutions with “Bring Your Own Driver” principle
SophosNews

The security specialists from Sophos uncovered a new scam by the relatively young ransomware gang BlackByte. These use the "Bring Your Own Driver" principle to bypass more than 1.000 drivers used in Endpoint Detection and Response (EDR) solutions industry-wide. Sophos describes the attack tactics, techniques and procedures (TTPs) in the new report “Remove all the Callbacks – BlackByte Ransomware Disables EDR via RTCore64.sys Abuse”. BlackByte, which was named as a threat to critical infrastructure in a special report by the Secret Service and FBI earlier this year, surfaced in May after a brief hiatus...

Read more

Ten million EZVIZ cameras with vulnerabilities 
Bitdefender_News

Bitdefender Labs security researchers have discovered several vulnerabilities in popular EZVIZ smart cameras. Hackers can combine them and gain control over systems and access to content. An estimated ten million devices are affected. To do this, the perpetrators bypass existing authentication mechanisms. Bitdefender has informed the manufacturer and provided updates. Users should definitely patch and update their cameras. It is estimated that around ten million devices are affected. The estimate is based on known Android and iOS installations. Access to the video feed Hackers can use the gaps in unpatched cameras on the one hand…

Read more

Hacked security cameras used by DDoS botnet
B2B Cyber ​​Security ShortNews

Security researchers have found a vulnerability in over 80.000 HIKvision security cameras. The company has been providing a firmware update for some time, but only a few have installed it. Cyber ​​gangsters are now using the cameras for their DDoS botnet. Security researchers have already discovered a vulnerability in over 80.000 Hikvision cameras over the past year that can easily be exploited. The error is defined in CVE-2021-36260 and was fixed by Hikvision via a firmware update in September 2021. But: According to a whitepaper published by CYFIRMA, thousands of systems used by 2.300 organizations in 100 countries always have the security update...

Read more

Tricked: Microsoft Defender runs malware
B2B Cyber ​​Security ShortNews

LockBit actors use Windows Defender command-line tool MpCmdRun.exe to infect PCs with Cobalt Strike Beacon. After that, the ransomware LockBit will be installed. Microsoft should be on high alert if they aren't already. Cybersecurity research company SentinelOne has released news: They have discovered that Microsoft's internal anti-malware solution is being abused to load Cobalt Strike Beacon onto victim PCs and servers. In this case, the attackers are operators of LockBit Ransomware as a Service (RaaS). As a starting point for the attack, the command-line tool in Defender called MpCmdRun.exe is abused to…

Read more

Zero Day vulnerability in Google Chrome Browser
Zero Day vulnerability in Google Chrome Browser

As Tenable reports, a zero-day vulnerability has been found in Google's Chrome browser. Targeted attacks are expected, albeit more on people, such as journalists, in the Middle East. However, the weak points are by no means harmless. A comment by James Sebree, Senior Staff Research Engineer at Tenable. As early as 22.07.2022/XNUMX/XNUMX, several reports were published about a zero-day vulnerability in Google Chrome (and possibly Edge and Safari) that was exploited to attack journalists in the Middle East. Security company Avast linked the vulnerability to Candiru. Candiru has previously exploited previously unknown vulnerabilities,…

Read more

Attacks on the zero-day vulnerability in Confluence
B2B Cyber ​​Security ShortNews

After the zero-day vulnerability – now known as CVE-2022-26134 – was exposed in Atlassian's collaboration tool Confluence, attackers attempt to exploit it in a targeted manner. The attacks come mainly from Russia, USA, India, Netherlands and Germany. Confluence touts “the remote-ready workspace for your team, where knowledge and collaboration meet.” This work is currently endangered by a security vulnerability. Security analysts from Barracuda have now analyzed data from the cloud security specialist's worldwide installations and have identified an increasing number of attempted attacks via the vulnerability. These range from harmless intentions to some more complex attempts to infect systems with DDoS botnet malware and cryptominers...

Read more

Microsoft only closes known vulnerabilities after 100 days
Microsoft only closes known vulnerabilities after 100 days

Orca Security criticizes the slow reaction from Microsoft in fixing the SynLapse vulnerability, which was only closed after 100 days. Further isolation and hardening for better cloud security is recommended. Although SynLapse (CVE-2022-29972) is a Critical vulnerability, it has taken Microsoft over 100 days to complete the necessary steps to resolve the vulnerability. 100 days of open vulnerability After Microsoft was informed about the SynLapse vulnerability on January 4th and after several follow-ups, the first patch was only provided in March, which Orca Security was able to bypass. Microsoft has the original…

Read more

770 million logs compromised at Travis CI API
B2B Cyber ​​Security ShortNews

More than 770 million Travis CI API logs are potentially compromised. The free version of the popular CI/DE tool has a new vulnerability and allows access to tokens, user data and passwords. Team Nautilus, Aqua Security's research unit specializing in the cloud-native technology stack, has discovered a new vulnerability in the free version of the Travis CI API, a popular CI/CD tool. The vulnerability easily accesses over tens of thousands of user credentials, tokens and other credentials from potentially up to 770 million free version user logs. 770 million logs visible…

Read more

KRITIS still in sight one year after Colinial Pipeline & Co.
Tenable news

Tenable sees KRITIS operators exposed to increasing threat potential. Also one year after the severe attack on Colinial Pipeline & Co. with devastating effects. A comment from Tenable. “In the XNUMX months since ransomware attacks struck JBS Foods and Colonial Pipeline, the sad reality is that the threat to critical infrastructure operators has increased rather than decreased. Attackers only care about money - not impact Attackers recognize the impact they can have by influencing these environments and rely on it to launch their attacks with increasing accuracy and frequency...

Read more

BSI: Follina vulnerability with increased warning level
BSI: Follina vulnerability with increased warning level

Weeks ago, the new Follina zero-day bug caused a stir in remote code execution in Microsoft Office. More specifically, it is a security vulnerability in Microsoft's Support Diagnostic Tool (MSDT). The BSI has now declared the orange warning level (max. red) for Follina. The CVSS (Common Vulnerability Scoring System) score is now rated “High” 7,8 out of 10. Microsoft already published details and mitigation measures for a vulnerability in Microsoft's Support Diagnostic Tool (MSDT) via the Microsoft Security Response Center on May 30.05.2022, 2022. The vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) number CVE-30190-XNUMX…

Read more