Latest News

2021/04/29

Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware

Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research.

The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious.

"The biggest risk for the targeted companies and individuals is the fact that security solutions still have a lot of problems with detecting malicious Excel 4.0 documents, making most of these slip by conventional signature based detections and analyst written YARA rules," researchers from ReversingLabs said in a report published today.
2021/04/16

Security Bug Allows Attackers to Brick Kubernetes Clusters

A vulnerability in one of the Go libraries that Kubernetes is based on could lead to denial of service (DoS) for the CRI-O and Podman container engines.

The bug (CVE-2021-20291) affects the Go library called “containers/storage.” According to Aviv Sasson, the security researcher at Palo Alto’s Unit 42 team who found the flaw, it can be triggered by placing a malicious image inside a registry; the DoS condition is created when that image is pulled from the registry by an unsuspecting user.

“Through this vulnerability, malicious actors could jeopardize any containerized infrastructure that relies on these vulnerable container engines, including Kubernetes and OpenShift,” Sasson said in a Wednesday posting.
2021/04/06

533M Facebook Accounts Leaked Online: Check if You Are Exposed

An estimated 32 million, of the half-billion of Facebook account details posted online, were tied to US-based accounts.

More than 533 million Facebook users had their personal information posted to a public hacker forum, a move that is raising concerns about an uptick in cybercrime leveraging the credentials.

The publicly released Facebook user data is believed to be part of a 2019 “Add Friend” Facebook security bug exploited by hackers at the time. The flaw allowed criminals to siphon hundreds of millions of member account details from Facebook and sell them to the highest bidder on illicit online markets.
2021/03/22

Office 365 Phishing Attack Targets Financial Execs

Attackers move on new CEOs, using transition confusion to harvest Microsoft credentials.

A new phishing scam is on the rise, targeting executives in the insurance and financial services industries to harvest their Microsoft 365 credentials and launch business email compromise (BEC) attacks, according to a new report from Area 1 Security.

These new, sophisticated attacks are aimed at C-suite executives, their assistants and financial departments, and can work around email security and Office 365 defenses. Researchers added, most of the attacks they intercepted attempted to breach financial departments. Researchers said the attacks started last December and continued through February.
2021/03/10

Microsoft Patch Tuesday Updates Fix 14 Critical Bugs

Microsoft has released its regularly scheduled March Patch Tuesday updates, which address 89 security vulnerabilities overall.

Included in the slew are 14 critical flaws and 75 important-severity flaws. Microsoft also included five previously disclosed vulnerabilities, which are being actively exploited in the wild.

Four of the actively exploited flaws (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065), found in Microsoft Exchange, were disclosed as part of an emergency patch earlier this month by Microsoft; businesses have been scrambling to patch their systems as the bugs continue to be exploited in targeted attacks. The fifth actively-exploited flaw exists in the Internet Explorer and Microsoft Edge browsers (CVE-2021-26411). Proof-of-concept (PoC) exploit code also exists for this flaw, according to Microsoft.