Microsoft has fixed a subdomain takeover vulnerability in its collaboration platform Microsoft Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization’s Teams accounts. The attack simply involved tricking a victim into viewing a malicious GIF image for it to work, according to researchers at CyberArk who also created a proof-of-concept (PoC) of the attack. Microsoft neutralized the threat last Monday, updating misconfigured DNS records, after researchers reported the vulnerability ..read more

The Israeli government says that hackers have targeted its water supply and treatment facilities last week. In a security alert sent by the Israeli National Cyber-Directorate (INCD), the agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems. If passwords can’t be changed, the agency recommended taking systems offline until proper security systems can be put in place. Read more… Source: ZDNet   ..read more

Cyber-security firm Sophos has published an emergency security update on Saturday to patch a zero-day vulnerability in its XG enterprise firewall product that was being abused in the wild by hackers. Sophos said it first learned of the zero-day on late Wednesday, April 22, after it received a report from one of its customers. The customer reported seeing “a suspicious field value visible in the management interface.” After investigating the report, Sophos determined this was an active attack and not an error in its product. Read more… Source: ZDNet   ..read more

In a statement today, Apple said it “thoroughly investigated” a recent report about hackers exploiting three iOS vulnerabilities but “found no evidence they were used against customers.” Apple’s statement comes after on Wednesday, cyber-security firm ZecOps published a report detailing three iOS vulnerabilities that impacted the Apple Mail client. ZecOps said it found evidence of the bugs being used in the wild against a list of high-profile targets that included the likes of: Read more… Source: ZDNet   ..read more

The legal case between Facebook and Israeli spyware vendor NSO Group is starting to yield the details tech and cyber-security experts have been waiting since Facebook filed its lawsuit in October 2019. In court documents filed yesterday, Facebook said it linked 720 instances of attacks against WhatsApp users to one single IP address. The attacks were carried out against WhatsApp users in the spring of 2019. The exploit used in the attack was a zero-day in the WhatsApp VoIP feature. Read more… Source: ZDNet   ..read more

Unknown threat actors have allegedly dumped nearly 25,000 email addresses and passwords from notable organizations involved in the fight against the COVID-19 pandemic, including credentials from prominent health organizations. Hackers have been using information belonging to groups such as World Health Organization (WHO), the U.S. Centers for Disease Control and Prevention (CDC), the World Bank, the U.S. National Institutes of Health, the Bill and Melinda Gates Foundation and the Wuhan Institute of Virology online in various ways, according to a report by the Washington Post, citing ..read more

From remote administration and jackpotting, to malware sold on the Darknet, attacks against ATMs have a long and storied history.  And, much like other areas of cybercrime, attackers only refine and grow their skillset for infecting ATM systems from year-to-year. So what does the ATM landscape look like as of 2020? Let’s take a look. ATM attacks aren’t new, and that’s not surprising. After all, what is one of the primary motives driving cyber criminals? Money. And ATMs are cash hubs—one successful attack can net you hundreds of thousands of dollars. In the past, even high-profil ..read more

The US National Security Agency (NSA) and the Australian Signals Directorate (ASD) have published a security advisory this week warning companies to search web-facing and internal servers for common web shells. Web shells are one of today’s most popular forms of malware. The term “web shell” refers to a malicious program or script that’s installed on a hacked server. Web shells provide a visual interface that hackers can use to interact with the hacked server and its filesystem. Read more… Source: ZDNet   ..read more

With the spread of the coronavirus worldwide, interest is high in related topics. Accordingly, Unit 42 researchers found an immense increase in coronavirus-related Google searches and URLs viewed since the beginning of February. Cybercriminals are looking to profit from such trending topics, disregarding ethical concerns, and in this particular case preying on the misfortunes of billions. To protect customers of Palo Alto Networks, Unit 42 researchers monitor user interest in trending topics and newly registered domain names related to these topics, as miscreants often leverage them for malici ..read more

Three years and eight days ago, on April 14, 2017, a mysterious group of hackers known as the Shadow Brokers published a collection of hacking tools that ended up changing the internet forever. Known as the “Lost in Translation” dump, this collection of files included tens of hacking tools and exploits stolen from the US National Security Agency (NSA), exploits that many believed the US was using to hack other countries. Today, three years later, the most known file included in the leak is, by far, ETERNALBLUE, the exploit that was at the heart of the WannaCry and NotPetya ransomware outbreaks ..read more