LINK Ryuk Ransomware now has a new component that allows it to self replicate via SMB shares.
LINK Well, Chrome a zero-day exploit in Chrome was found and its actively being utilized in attacks. Update now.
LINK Misconfigurations of the Plex Media server is enabling attackers to use Plex to amplify DDoS attacks. In some cases—such as when the server uses the Simple Service Discovery Protocol to locate universal plug-and-play gateways on end users’ broadband modems—the Plex service registration responder gets exposed to the general Internet. Responses range from 52 bytes […]
I have not been documenting the SolarWinds escapades completely because its changing so fast AND CISA has been actively on top of this. Anything you want about it should be at the CISA links below. Their link is HERE
So it seems that attackers have been exploiting IoT smart devices so they can then SWAT the location and watch the authorities attack the house. LINK Call me a bit paranoid. This is why I will never have any of these devices in my house…ever.
LINK Now…you tell me. A Cruise line that has been in one of the most terrible years because of COVID, cancels a trip with paying customers because of IT? Who here says they got hit with something like Ransomware on the boats? Just my speculation of course.
The Cybersecurity and Infrastructure Security Agency (CISA) has released a PowerShell-based tool that helps detect potentially compromised applications and accounts in Azure/Microsoft 365 environments. This is in relation to: Solorigate AzureAd IOCs and a link earlier about SolarWinds and SAML The tool is called Sparrow and CISA posted it up on GitHub
Looks like an app that was put together by the Vietnam Government Certification Authority (VGCA) that is required to be used that can be used to electronically sign official documents. ESET says that between July 23 and August 5, this year, the two files contained a backdoor trojan named PhantomNet, also known as Smanager. LINK
At this time it looks like someone is targetting Citrix Netscalers with a DDoS using DTLS. Datagram Transport Layer Security (DTLS) is a communications protocol for securing delay-sensitive apps and services that use datagram transport. Only a small number of customers are being targetted. The following sites are confirmed in the attack: 220.127.116.11/2418.104.22.168/2422.214.171.124126.96.36.199188.8.131.52184.108.40.206220.127.116.11 Citrix confirmed […]