February 2018 - Securezoo

Cache utility memcached is being exploited

Configuration Management, Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / February 28, 2018 / Akamai, Cache, DDoS, memchached, port 11211

Do you have any internet-facing devices running memcached? Security experts warn that systems exposed to the internet and running memcached on port 11211 UDP and TCP are being exploited in a new distributed denial-of-service (DDoS) reflection attack.

Cache utility memcached is being exploited Read More »

SAML vulnerabilities affect multiple SSO implementations

Leave a Comment / Application Security, Identity & Access Management, Vulnerabilities & Exploits / Frank Crast / February 27, 2018 / Clever, Duo, OneLogin, SAML

Duo Labs has found SAML protocol vulnerabilities that impact multiple vendor single sign-on (SSO) systems.

SAML vulnerabilities affect multiple SSO implementations Read More »

Oracle vulnerability exploited to deliver dual Monero miners

Leave a Comment / Cybersecurity Attacks, Malware, Vulnerabilities & Exploits / Frank Crast / February 26, 2018 / Cryptocurrency, CVE-2017-1027, Monero, Oracle, WebLogic, XMRig

Trend Micro security researchers have spotted an Oracle vulnerability that is being abused to deliver dual Monero miner malware. The Oracle WebLogic WLS-WSAT vulnerability (CVE-2017-10271) allows remote code execution and was patched by Oracle back in October.

Oracle vulnerability exploited to deliver dual Monero miners Read More »

Evolving W-2 phishing campaigns

Leave a Comment / Cybercrime, Phishing / Frank Crast / February 22, 2018 / IC3, phishing, W-2

The Internet Crime Complaint Center (IC3) has issued an alert on W-2 phishing campaigns. In the latest scam, criminals are targeting sensitive tax information by using IRS-related phishing emails.

Evolving W-2 phishing campaigns Read More »

Active BEC scams target Fortune 500 companies

Cybercrime, Messaging Security, Phishing / Frank Crast / February 21, 2018 / BEC, email, phishing, Scam, Security

Threat actors from likely Nigerian origin are using business email compromise scams (BECs) to target Fortune 500 companies.

Active BEC scams target Fortune 500 companies Read More »

Hacking tax preparers to pull off tax refund fraud

Cybercrime / Frank Crast / February 20, 2018 / Cybercrime, IRS, Scam, tax

In a relatively new IRS scam, identity thieves are now hacking tax preparers to pull off tax refund fraud.

Hacking tax preparers to pull off tax refund fraud Read More »

Cyber attack on Indian bank’s SWIFT system

Leave a Comment / Cybercrime, Cybersecurity Attacks / Frank Crast / February 19, 2018 / banking, Finance, Indian, SWIFT

Indian City Union Bank said that cyber criminals gained access to the bank’s SWIFT systems and made three unauthorized transfers totalling $1.8 million.

Cyber attack on Indian bank’s SWIFT system Read More »

Apple’s ‘Text Bomb’ bug

Leave a Comment / Mobile Security, Vulnerabilities & Exploits / Frank Crast / February 19, 2018 / Apple, iOS, mobile, Text Bomb

Apple is rushing to fix a another ‘Text Bomb’ bug that crashes a number of iOS and Mac apps.

Apple’s ‘Text Bomb’ bug Read More »

Apache CouchDB vulnerabilities exploited

Leave a Comment / Vulnerabilities & Exploits / Frank Crast / February 16, 2018 / Apache, CouchDB, JSON, Vulnerabilities

Security researchers from Trend Micro have spotted two vulnerabilities that are being exploited on popular CouchDB open source database management systems.

Apache CouchDB vulnerabilities exploited Read More »

HARDRAIN and BADCALL malware

Leave a Comment / Cybercrime, Cybersecurity Attacks / Frank Crast / February 15, 2018 / Badcall, Hardrain, HIDDEN COBRA, malware, US-CERT

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified Trojan malware variants, HARDRAIN and BADCALL, used by the North Korean government.

HARDRAIN and BADCALL malware Read More »