InfoSec Feed

This feed is in UTC time. If you do not see the feed please enable JavaScript.

  • Leaked Details of 142 Million MGM Hotel Guests Found for Sale on Dark Web
    on July 14, 2020 at 12:13 pm

    Last summer’s data leak at the hotel chain appears to be far more expansive than previously thought -- or the credentials could come from a hack of DataViper.

  • 99% of Websites at Risk of Attack Via JavaScript Plug-ins
    on July 14, 2020 at 12:10 pm

    The average website includes content from 32 different third-party JavaScript programs, new study finds.

  • Critical flaw allows hackers to breach SAP systems with ease
    on July 14, 2020 at 12:00 pm

    SAP users should immediately deploy a newly released patch for a critical vulnerability that could allow hackers to compromise their systems and the data they contain. The flaw is in a core component that exists by default in most SAP deployments and can be exploited remotely without the need of a username and password.Researchers from security firm Onapsis who found and reported the vulnerability estimate that 40,000 SAP customers worldwide might be affected. Over 2,500 vulnerable SAP systems are directly exposed to the internet and are at higher risk of being hacked, but attackers who gain access to local networks can compromise other deployments.To read this article in full, please click here

  • Critical SAP Bug Allows Full Enterprise System Takeover
    on July 14, 2020 at 11:45 am

    Exploitation of the bug can allow an attacker to lift sensitive information, delete files, execute code, carry out sabotage and more.

  • Enigma Machine for Sale
    on July 14, 2020 at 11:17 am

    A four-rotor Enigma machine -- with rotors -- is up for auction....

  • 5 best practices to secure single sign-on systems
    on July 14, 2020 at 10:00 am

    The recent “Sign in with Apple” vulnerability earned a researcher $100,000 as a part of Apple’s bug bounty program. The flaw itself arose from an OAuth-style implementation that did not properly validate JSON Web Token (JWT) authentication between requests. This would have allowed a malicious actor to “Sign in with Apple” using anyone’s Apple ID.To read this article in full, please click here(Insider Story)

  • CompTIA Certification Prep Courses – Get Lifetime Access @ 99% Discount
    on July 14, 2020 at 9:10 am

    In the world of professional IT, recruiters look for certificates as an important criterion for eligibility. Any résumé that includes CompTIA certificates tends to rise up the pile. Of course, there are many different CompTIA exams you can choose from based on your interest and already chosen path. Our educational and industry partners have introduced "Complete 2020 CompTIA Certification

  • San Diego Resident Receives 46 Months after Pleading Guilty to Million-Dollar Scam Involving the Stolen Identities of Military Members
    on July 14, 2020 at 8:12 am

    A 32-year old California man was sentenced to 46 months in federal prison after pleading guilty to a million-dollar scheme involving stolen identities of United States service members and veterans. During his trial, Trorice Crawford admitted that he and his co-conspirators stole money from military members’ bank accounts from May 2017 to July 2020 after

  • Security firm G4S fined by Serious Fraud Office
    on July 14, 2020 at 8:04 am

    Security firm G4S has been fined £44m by the Serious Fraud Office (SFO) as part of an agreement that will see it avoid prosecution for overcharging the Ministry of Justice for the electronic tagging of offenders, some of whom had died. The SFO said G4S had accepted responsibility for three counts of fraud that were The post Security firm G4S fined by Serious Fraud Office appeared first on IT Security Guru.

  • Highly-Critical SAP bug that could let attackers take over corporate servers patched
    on July 14, 2020 at 8:01 am

    SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, allowing an unauthenticated attacker to take control of SAP applications. The bug, dubbed RECON and tracked as CVE-2020-6287, is rated with a maximum CVSS score of 10 out of 10, potentially affecting over 40,000 SAP customers, The post Highly-Critical SAP bug that could let attackers take over corporate servers patched appeared first on IT Security Guru.

  • COVID-19 could spur authentication without passwords
    on July 14, 2020 at 7:59 am

    Passwords have always been a weak link in security, but people are so used to them that getting them to change to a more secure form of authentication has been a difficult task. Could COVID-19 be the catalyst that ends up ushering in passwordless access? The push is slowly happening. Gartner predicts that 60% of The post COVID-19 could spur authentication without passwords appeared first on IT Security Guru.

  • New Highly-Critical SAP Bug Could Let Attackers Take Over Corporate Servers
    on July 14, 2020 at 7:17 am

    SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, allowing an unauthenticated attacker to take control of SAP applications. The bug, dubbed RECON and tracked as CVE-2020-6287, is rated with a maximum CVSS score of 10 out of 10, potentially affecting over 40,000 SAP customers, according to cybersecurity

  • Live Auction Marketplace Confirms Data Breach After Bad Actor Puts User Database Up for Sale on The Dark Web
    on July 14, 2020 at 6:27 am

    LiveAuctioneers, an online auction platform headquartered in the United States, has confirmed a security incident after a database containing 3.4 million user records was put up for sale on the dark web for $2,500. “As of July 11th, 2020, our cybersecurity team has confirmed that an unauthorized third party accessed certain user data through a

  • ISC StormCast for Tuesday, July 14th 2020
    on July 14, 2020 at 2:00 am

    Purged VBA Codehttps://isc.sans.edu/forums/diary/Maldoc+VBA+Purging+Example/26342/ Password protected VBA Codehttps://isc.sans.edu/forums/diary/VBA+Project+Passwords/26346/ MacOS mount_apfs TCC Bypasshttps://theevilbit.github.io/posts/cve_2020_9771/

  • AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java
    on July 13, 2020 at 11:07 pm

    Original release date: July 13, 2020SummaryOn July 13, 2020 EST, SAP released a security update to address a critical vulnerability, CVE-2020-6287, affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. An unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications. Due to the criticality of this vulnerability, the attack surface this vulnerability represents, and the importance of SAP’s business applications, the Cybersecurity and Infrastructure Security Agency (CISA) strongly recommends organizations immediately apply patches. CISA recommends organizations prioritize patching internet-facing systems, and then internal systems. Organizations that are unable to immediately patch should mitigate the vulnerability by disabling the LM Configuration Wizard service (see SAP Security Note #2939665). Should these options be unavailable or if the actions will take more than 24 hours to complete, CISA strongly recommends closely monitoring your SAP NetWeaver AS for anomalous activity. CISA is unaware of any active exploitation of these vulnerabilities at the time of this report. However, because patches have been publicly released, the underlying vulnerabilities could be reverse-engineered to create exploits that target unpatched systems.   Technical DetailsAffected Systems This vulnerability is present by default in SAP applications running on top of SAP NetWeaver AS Java 7.3 and any newer versions (up to SAP NetWeaver 7.5). Potentially vulnerable SAP business solutions include any SAP Java-based solutions such as (but not limited to): SAP Enterprise Resource Planning, SAP Product Lifecycle Management, SAP Customer Relationship Management, SAP Supply Chain Management, SAP Supplier Relationship Management, SAP NetWeaver Business Warehouse, SAP Business Intelligence, SAP NetWeaver Mobile Infrastructure, SAP Enterprise Portal, SAP Process Orchestration/Process Integration), SAP Solution Manager, SAP NetWeaver Development Infrastructure, SAP Central Process Scheduling, SAP NetWeaver Composition Environment, and SAP Landscape Manager. Attack Surface The vulnerability was identified in a component that is part of the SAP NetWeaver AS Java. This technology stack is part of the SAP Solution Manager, which is a support and system management suite. The SAP NetWeaver AS for Java technology supports the SAP Portal component, which may therefore be affected by this vulnerability and is typically exposed to the internet. Passive analysis of internet-facing applications indicates that a number of such applications are connected to the internet and could be affected by this vulnerability. Description On July 13, 2020 EST, SAP released the patch for a critical vulnerability, CVE-2020-6287, affecting its NetWeaver AS for Java component. This vulnerability can lead to compromise of vulnerable SAP installations, including the modification or extraction of highly sensitive information, as well as the disruption of critical business processes. A remote, unauthenticated attacker can exploit this vulnerability through an HTTP interface, which is typically exposed to end users and, in many cases, exposed to the internet. The vulnerability is introduced due to the lack of authentication in a web component of the SAP NetWeaver AS for Java allowing for several high-privileged activities on the SAP system. Impact If successfully exploited, a remote, unauthenticated attacker can obtain unrestricted access to SAP systems through the creation of high-privileged users and the execution of arbitrary operating system commands with the privileges of the SAP service user account (<sid>adm), which has unrestricted access to the SAP database and is able to perform application maintenance activities, such as shutting down federated SAP applications. The confidentiality, integrity, and availability of the data and processes hosted by the SAP application are at risk by this vulnerability.   MitigationsCISA strongly recommends organizations review SAP Security Note #2934135 for more information and apply critical patches as soon as possible. CISA recommends prioritizing patching over application of individual mitigations. When patching, external facing systems should be urgently addressed, followed by internal systems. Patched versions of the affected components are available at the SAP One Support Launchpad. Additional Recommendations CISA encourages users and administrators of SAP products to: Scan SAP systems for all known vulnerabilities, such as missing security patches, dangerous system configurations, and vulnerabilities in SAP custom code. Apply missing security patches immediately and institutionalize security patching as part of a periodic process Ensure secure configuration of your SAP landscape Identify and analyze the security settings of SAP interfaces between systems and applications to understand risks posed by these trust relationships. Analyze systems for malicious or excessive user authorizations. Monitor systems for indicators of compromise resulting from the exploitation of vulnerabilities. Monitor systems for suspicious user behavior, including both privileged and non-privileged users. Apply threat intelligence on new vulnerabilities to improve the security posture against advanced targeted attacks. Define comprehensive security baselines for systems and continuously monitor for compliance violations and remediate detected deviations. These recommendations apply to SAP systems in public, private, and hybrid cloud environments. See the Onapsis report on the “RECON” SAP Vulnerability for more information. ACKNOWLEDGEMENTS SAP and Onapsis contributed to this Alert. RESOURCES [1] Onapsis Threat Report https://www.onapsis.com/recon-sap-cyber-security-vulnerability [2] CVE-2020-6287 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6287%20 [3] SAP Security Note 2934135 patching the issue (https://launchpad.support.sap.com/#/notes/2934135) [4] SAP Trust Center (www.sap.com/security) [5] SAP Monthly Security Patch Day Blog (https://wiki.scn.sap.com/wiki/display/PSR/The+Official+SAP+Product+Security+Response+Space) References [1] Onapsis Threat Report [2] CVE-2020-6287 [3] SAP Security Note [4] SAP Trust Center [5] SAP Monthly Security Patch Day Blog Revisions July, 13 2020: Initial Version This product is provided subject to this Notification and this Privacy & Use policy.

  • Zero-Trust Efforts Rise with the Tide of Remote Working
    on July 13, 2020 at 10:35 pm

    With employees likely to continue to spend much, if not all, of their time working from home, companies are focusing more on technologies to boost the security of their now-distributed workplace.

  • A Paramedic's Lessons for Cybersecurity Pros
    on July 13, 2020 at 10:15 pm

    A paramedic turned cybersecurity expert shares his experiences in both fields, highlights their similarities, and explains how they can learn from each other.

  • Lost in Translation: Serious Flaws Found in ICS Protocol Gateways
    on July 13, 2020 at 9:25 pm

    These oft-forgotten devices contain serious vulnerabilities that allow attackers to hack OT systems remotely, researchers will reveal at Black Hat USA next month.

  • Russian Hacker Convicted for Social Network Hacks
    on July 13, 2020 at 8:50 pm

    The Russian national was convicted of hacking into accounts at LinkedIn, Dropbox, and Formspring.

  • Presidential authorization for US Cyber Command action. DPRK hacking and internal regime dynamics. TrickBot’s developers. Cybercriminals in the dock.
    on July 13, 2020 at 6:19 pm

    President Trump says he authorized US Cyber Command’s retaliation against Russia’s Internet Research Agency for midterm election meddling. North Korean financially motivated hacking as a sign of internal power dynamics. TrickBot accidentally deploys a new module. TikTok, privacy, and security. LinkedIn hacker convicted. Justin Harvey from Accenture on what should and shouldn’t go in emails. Our guest is Matt Davey from 1password on the under-celebrated role of IT in the work from home transition. And advice to alleged criminals on the lam: give ‘em a low silhouette. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/134

  • Experts Predict Rise of Data Theft in Ransomware Attacks
    on July 13, 2020 at 6:15 pm

    The most attractive targets for data theft are businesses perceived as most likely to pay to prevent exposure of their information.

  • SCANdalous! (External Detection Using Network Scan Data and Automation)
    on July 13, 2020 at 5:58 pm
  • TrickBot Sample Accidentally Warns Victims They’re Infected
    on July 13, 2020 at 5:09 pm

    A data-stealing module in a recent sandboxed sample triggers browser-based fraud alerts for Trickbot victims -- and shows something of the inner working of the malware's operators.

  • Secret Service Creates Cyber Fraud Task Forces
    on July 13, 2020 at 4:01 pm

    Traditional financial crime and cyberattacks are converging, requiring new skills and approaches to the problem, officials said.

  • Announcement: Tony Morbin joins IT Security Guru as Editor in Chief
    on July 13, 2020 at 3:54 pm

    Today Tony Morbin joined IT Security Guru as editor in chief, signalling a drive to further develop this vital news and information source for the cyber security industry. Last week Tony left SC Media UK, the world’s longest established cyber security title, where he oversaw the transition from print to digital, as well as more The post Announcement: Tony Morbin joins IT Security Guru as Editor in Chief appeared first on IT Security Guru.

  • Man who lived luxury lifestyle after hacking LinkedIn and Dropbox is found guilty
    on July 13, 2020 at 3:51 pm

    Yevgeniy Nikulin lived the high life, funded by a life of cybercrime. Now he faces a significant prison sentence after stealing millions of user records from the likes of LinkedIn and Dropbox.

  • Millions of LiveAuctioneers passwords offered for sale following data breach
    on July 13, 2020 at 3:43 pm

    Researchers claim to have found evidence that cybercriminals are offering for sale a database containing the personal details of 3.4 million users of an online art and antiques auction website, as well as three million cracked passwords.

  • Zero-Day Vulnerability in Zoom Affected Windows 7 Users
    on July 13, 2020 at 3:31 pm

    A zero-day vulnerability affecting the Zoom client for Windows has been discovered that would allow an attacker to execute arbitrary code on remote devices. Only Windows 7 and older OSes were affected, further complicating the situation. Zoom vulnerabilities pop up constantly, but that’s also likely due in part to the app’s sudden popularity. The COVID-19

  • Digicert revokes a raft of web security certificates
    on July 13, 2020 at 2:36 pm

    The good news is that this was a bureaucratic necessity rather than an actual cybersecurity attack.

  • Decoding the Verizon DBIR Report: An Insider's Look Beyond the Headlines
    on July 13, 2020 at 2:00 pm

    To truly understand cybersecurity trends, we must look beyond the headlines and ask more of the data. What you learn might surprise you.

  • BrandPost: Virtual Security Analysts – Using AI to Bridge the Cybersecurity Skills Gap
    on July 13, 2020 at 1:48 pm

    Perhaps the most resource-intensive task required of security teams is the correlation and analysis of the massive volumes of data being produced by security devices and network sensors. This challenge is probably most apparent in the fact that network breaches often remain undetected for months, allowing cybercriminals to plant time-bombs, establish elaborate botnets, and slowly exfiltrate millions of records containing customer information and intellectual property. This challenge is compounded with the growing skills shortage the cybersecurity industry is facing globally, further adding to organizations’ risks. In fact, a recent Fortinet survey found that 73% of organizations had at least one intrusion or breach over the past year that can be partially attributed to a gap in cybersecurity skillsTo read this article in full, please click here

  • A ‘New Age’ of Sophisticated Business Email Compromise is Coming
    on July 13, 2020 at 1:00 pm

    A new BEC threat group is heralding more sophisticated email scams that target organizations without DMARC and squeeze as much money out of victims as possible.

  • The Enemy Within: How Insider Threats Are Changing
    on July 13, 2020 at 1:00 pm

    Insider-threat security experts unravel the new normal during this time of remote working, and explain how to protect sensitive data from this escalating risk.

  • How CARTA Strategies for Web Applications are Met with Indusface AppTrana Solution
    on July 13, 2020 at 1:00 pm

    From an operational standpoint, the foundation of CARTA starts with an assessment and then building the zero-trust principles on top of that with an adaptive security model.

  • Learn About the Latest Election Security Threats and Defenses at Black Hat USA
    on July 13, 2020 at 1:00 pm

    Christopher Krebs, director of the CISA, will explain how the organization is leading the federal effort to support state and local officials in their mission to secure US elections this year.

  • Deep Dive into Synthetic Identity Fraud
    on July 13, 2020 at 12:58 pm

    The fraud landscape is evolving and, as the world becomes increasingly digital, so do the criminals. From petty schemes to high-class social engineering strategies, fraudsters cash out on billions each year. Creating a fake identity The FTC calls synthetic identity fraud “one of the fastest-growing financial crimes” in the United States. Unlike traditional forms of

  • Go Phish: Cybercriminals Stick to Coronavirus and Financial Content to Fuel Phishing Schemes
    on July 13, 2020 at 12:32 pm

    We’ve reached the half-year mark and online scammers are still taking advantage of the uncertainties brought on by the pandemic. Cyber-attacks targeting both consumers and business surged worldwide, and the trend shows no sign of stopping any time soon. In recent months, coronavirus-related attacks spiked, and email has remained the prime vector of choice for

  • Prioritize alerts and jump-start your investigations with Recorded Future’s free browser extension. Sign up now.
    on July 13, 2020 at 12:11 pm

    Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Drowning in alerts from many different sources and systems? Spending too much valuable time researching potential threats and vulnerabilities? You need Recorded Future Express, a new browser extension from the experts at

  • COVID-19: Latest Security News & Commentary
    on July 13, 2020 at 12:04 pm

    Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.

  • A Peek into the Fake Review Marketplace
    on July 13, 2020 at 11:21 am

    A personal account of someone who was paid to buy products on Amazon and leave fake reviews. Fake reviews are one of the problems that everyone knows about, and no one knows what to do about -- so we all try to pretend doesn't exist....

  • Monday review – the hot stories of the week
    on July 13, 2020 at 10:22 am

    Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

  • How to protect algorithms as intellectual property
    on July 13, 2020 at 10:00 am

    Ogilvy is in the midst of a project that converges robotic process automation and Microsoft Vision AI to solve a unique business problem for the advertising, marketing and PR firm. Yuri Aguiar is already thinking about how he will protect the resulting algorithms and processes from theft.To read this article in full, please click here(Insider Story)

  • Hacker “revenge hacks” security firm
    on July 13, 2020 at 8:35 am

    A hacker claims to have breached the backend servers belonging to a US cybersecurity firm and stolen information from the company’s “data leak detection” service. The hacker says the stolen data includes more than 8,200 databases containing the information of billions of users that have leaked from other companies in previous security breaches. The databases The post Hacker “revenge hacks” security firm appeared first on IT Security Guru.

  • A look at Evilnum, the APT Group Behind the Malware
    on July 13, 2020 at 8:32 am

    The group behind Evilnum malware, that targets financial institutions, appears to be testing new techniques. ESET researchers published an analysis of advanced persistent threat (APT) group Evilnum, known for developing malware of the same name. A detailed look at its activity reveals an evolved toolset and infrastructure that combine custom malware with tools bought from The post A look at Evilnum, the APT Group Behind the Malware appeared first on IT Security Guru.

  • Malware evading analysis by adding Any.Run sandbox detection
    on July 13, 2020 at 8:27 am

    Any.Run is a malware analysis sandbox service that lets researchers and users safely analyse malware without risk to their computers. And now malware developers are checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analysed by researchers.   Source: Bleeping Computer The post Malware evading analysis by adding Any.Run sandbox detection appeared first on IT Security Guru.

  • ISC StormCast for Monday, July 13th 2020
    on July 13, 2020 at 2:00 am

    Excel Spreadsheet Macro Kicks Off Formbook Infectionhttps://isc.sans.edu/forums/diary/Excel+spreasheet+macro+kicks+off+Formbook+infection/26332/ Zoom Update Fixing Zoom on Windows 7 Vulnerabilityhttps://support.zoom.us/hc/en-us/articles/360046081271-New-updates-for-July-10-2020 DigiCert Replaces 50,000 EV Certificateshttps://knowledge.digicert.com/alerts/DigiCert-ICA-Replacement Microsoft Warns of OAUTH consent Phishinghttps://www.microsoft.com/security/blog/2020/07/08/protecting-remote-workforce-application-attacks-consent-phishing/

  • Turn challenges into opportunities.
    on July 12, 2020 at 5:00 am

    Cybersecurity and disinformation researcher Bilyana Lilly shares her career path from studying where she was always a foreigner to an expert on the Russian perspective. While studying international law in Kosovo, Bilyana realized there are no winners in war. Through her work, she hopes to bring a greater understanding of Russia's strategic thinking. Our thanks to Bilyana for sharing her story with us.

  • LiveAuctioneers security breach puts users at risk
    on July 11, 2020 at 9:44 pm

    LiveAuctioneers, the online website which broadcasts live auctions selling antiques, art, and collectibles, has warned that user details have fallen into unauthorised hands following a security breach.

  • Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily
    on July 11, 2020 at 7:03 pm

    Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content, and even upload unauthorized videos. The Indian video sharing app, called Chingari, is available for Android and iOS

  • Friday Squid Blogging: China Closing Its Squid Spawning Grounds
    on July 11, 2020 at 9:43 am

    China is prohibiting squid fishing in two areas -- both in international waters -- for two seasons, to give squid time to recover and reproduce. This is the first time China has voluntarily imposed a closed season on the high seas. Some experts regard it as an important step forward in China's management of distant-water fishing (DWF), and crucial for...

Feed sources:

  • https://www.schneier.com/blog/atom.xml
  • https://nakedsecurity.sophos.com/feed/
  • https://krebsonsecurity.com/feed/
  • http://feeds.feedburner.com/GoogleOnlineSecurityBlog
  • https://www.darknet.org.uk/feed/
  • https://www.darkreading.com/rss_simple.asp
  • https://www.imperva.com/blog/feed/
  • https://www.csoonline.com/index.rss
  • http://feeds.feedburner.com/TheHackersNews
  • https://taosecurity.blogspot.com/feeds/posts/default
  • https://technet.microsoft.com/en-us/security/rss/advisory
  • https://podcasts.files.bbci.co.uk/b01n7094.rss
  • https://labsblog.f-secure.com/feed/
  • https://dfirblog.wordpress.com/feed/
  • https://www.us-cert.gov/ncas/alerts.xml
  • https://threatpost.com/feed/
  • https://www.fireeye.com/blog/threat-research/_jcr_content.feed
  • https://feeds.feedburner.com/CiscoBlogThePlatform
  • http://feeds.feedburner.com/GrahamCluleysBlog
  • http://feeds.feedburner.com/TroyHunt
  • http://blogs.securiteam.com/index.php/feed
  • https://www.secureworks.com/rss?feed=blog
  • https://hotforsecurity.bitdefender.com/feed
  • http://www.itsecurityguru.org/feed/
  • https://blogs.technet.microsoft.com/msrc/feed/
  • https://blogs.technet.microsoft.com/mmpc/feed/

Have more RSS feeds to add to the list? Contact me. Thanks!