2022 - Securezoo

Raspberry Robin malware uses Tor network to deliver payloads to Telecom and Government targets

Malware / Frank Crast / December 29, 2022 / malware, Rasberry Robin, Red Canary, Tor network

Researchers have discovered a new malware threat dubbed Raspberry Robin that uses the Tor network to deliver payloads to Telecom and Government targets.

Raspberry Robin malware uses Tor network to deliver payloads to Telecom and Government targets Read More »

CISA adds 2 TIBCO vulnerabilities to Known Exploited Vulnerabilities Catalog

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / December 29, 2022 / CISA, CVE-2018-18809, CVE-2018-5430, Exploit, TIBCO

The Cybersecurity and Infrastructure Security Agency (CISA) has added two TIBCO vulnerabilities to its Known Exploited Vulnerabilities Catalog.

CISA adds 2 TIBCO vulnerabilities to Known Exploited Vulnerabilities Catalog Read More »

LastPass provides an update on security breach

Cybersecurity Attacks, Data Breach, Data Privacy, Password Management / Frank Crast / December 28, 2022 / Data Breach, LastPass, Password

LastPass has provided an update on a security breach of internal source code and sensitive documents previously disclosed this past August.

LastPass provides an update on security breach Read More »

Linux Kernel ksmbd Use-After-Free RCE Vulnerability

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / December 28, 2022 / kernel, Linux, RCE, SMB3, ZDI

Security researchers have discovered a Critical remote code execution (RCE) vulnerability in Linux 5.15 Kernel Server Message Block (SMB) server, ksmbd.

Linux Kernel ksmbd Use-After-Free RCE Vulnerability Read More »

Meddler-in-the-Middle phishing attacks break MFA

Cybersecurity Attacks, Phishing, Social Engineering / Frank Crast / December 22, 2022 / 2FA, MFA, MITM

Security researchers have discovered “meddler-in-the-middle” (MitM) phishing attacks that can break multi-factor authentication (MFA) controls.

Meddler-in-the-Middle phishing attacks break MFA Read More »

Okta’s GitHub source code repositories hacked

Application Security, Cybersecurity Attacks, Source Code Security / Frank Crast / December 21, 2022 / Auth0, authentication, Authorization, Breach, Okta

Okta, a leading solution provider of identity and access management solutions, has confirmed their private GitHub repositories were hacked this month.

Okta’s GitHub source code repositories hacked Read More »

MCCrash botnet launches DDoS attacks against Minecraft servers

Cybersecurity Attacks, Malware / Frank Crast / December 21, 2022 / botnet, Cyberattack, DDoS, DEV-1028, IOT, MCCrash, Microsoft, Minecraft

Microsoft researchers have detected a cross-platform botnet designed to infect Windows, Linux, and IoT devices. The botnet dubbed “MCCrash” then launches distributed denial of service (DDoS) attacks against private Minecraft servers.

MCCrash botnet launches DDoS attacks against Minecraft servers Read More »

Agenda Ransomware gang uses Rust to target more companies worldwide

Cybersecurity Attacks, Malware, Ransomware / Frank Crast / December 20, 2022 / Agenda, Go, Ransomware, ransomware-as-a-service, RUST

A ransomware-as-a-service group has released a new variant of Agenda ransomware written in Rust, designed to target more companies from different countries. The group has also posted company victims online, threatening to publish private files.

Agenda Ransomware gang uses Rust to target more companies worldwide Read More »

‘Achilles’ vulnerability exploit bypasses macOS Gatekeeper

Proof of Concepts (POCs), Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / December 20, 2022 / Apple, CVE-2022-42821, Gatekeeper, macOS, Microsoft, POC

Microsoft researchers discovered a vulnerability dubbed “Achilles” in macOS that could allow attackers to bypass Apple’s Gatekeeper security feature designed to ensure that only trusted software runs on your Mac.

‘Achilles’ vulnerability exploit bypasses macOS Gatekeeper Read More »

Google releases Chrome 108 update with fixes for 4 High risk vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / December 19, 2022 / Chrome, Chrome108, ChromeOS, CVE-2022-4436, CVE-2022-4437, CVE-2022-4438, CVE-2022-4439, LTS-102

Google has released Chrome 108.0.5359.124 for Mac and Linux and 108.0.5359.124/.125 for Windows with a fixes for four High severity vulnerabilities. New security updates for ChromeOS, Chrome for Android, and Chrome for iOS were also published.

Google releases Chrome 108 update with fixes for 4 High risk vulnerabilities Read More »