Category Archives: Cybersecurity
Digital Weapons You Must Know About!
What is this Digital Weapon?
This type of Malicious Software Weapon is called or for short Malware. This type of software is designed intentionally to hurt and infect your network and computers and their are many type in the wild.
Types of Digital Weapon Threats
There are many types of malware however the weapons mostly used today are not directly installed on your device but instead hackers use loopholes that they exploit to launch scripts.
What are the types of digital weapon payloads?
- Social Engineering:
When an attacker manipulates the user to extract sensitive information for personal gains, it is known as social engineering. Sometimes the malicious links or malicious files are sent to the victim during social engineering. As soon as the victim clicks on the malicious link or downloads the malicious file, the malware gets installed in the victim’s device.
- Email:
The attacker sends lucrative emails that tempt … Read the rest
COVID-19 Vaccine Email Scams
Online scammers have found another avenue to lure their desperate victims. These scams are being sent through emails stating that you can purchase a vaccine for around $150 and the COVID-19 Vaccines can be delivered within a few days.
Doing searches in dark web forums and on messaging app Telegram found seven different offers for alleged COVID-19 vaccines.
These Scams include emails stating that your VIP and on the sort list for early vaccine access. Robocalls presenting themselves as government agencies selling COVID-19 vaccines and text messages being sent to your cell phones requesting payment for vaccines.
There also has been a number of new website domains registered with variants of the words COVID-19 and Vaccine since October there have been around 2,500 domains registered which mostly will be used for online fraud.
Please disregard those scams and if you cannot tell the difference it should be time to put … Read the rest
Microsoft.com is being Spoofed to Phish Office 365 Users
As the title said, the microsoft.com domain is being spoofed to phish office 365 users. This is quite alarming for one, why is Microsoft allowing its domain to be spoofed is beyond me. They can easily fix this with proper SPF, DKIM, and DMARC records within their DNS.
In a recent report posted online by Lomy Ovadia, Ironscales vice president of research and development said that many industries are being targeted and lots of damage is being done.
The email phishing attack is so realistic looking that victims fall for the scam. It sure doesn’t help that the domain Microsoft.com is being spoofed.
The email is also composed in a way that will lure you into making a bad decision.
… Read the rest“Specifically, the fraudulent message is composed of urgent and somewhat fear-inducing language intended to convince users to click on what is a malicious link without hesitation,” Ovadia wrote. “As inferred
Hackers Bypassing cPanel 2FA All Day Long
Researchers have discovered quite a big issue with cPanel which Hackers can exploit your 2FA authentication to obtain access to your cPanel Hosting service.
What was found by Digtial Defense, Inc.
“Digital Defense, Inc., a leader in vulnerability and threat management solutions, today announced that its Vulnerability Research Team (VRT) uncovered a previously undisclosed vulnerability affecting the cPanel & WebHost Manager (WHM) web hosting platform.” reads the post published by Digital Defense. “c_Panel &WHM version 11.90.0.5 (90.0 Build 5) exhibits a two-factor authentication bypass flaw, vulnerable to brute force attack, resulting in a scenario where an attacker with knowledge of or access to valid credentials could bypass two-factor authentication protections on an account.”
This exploitation can have a big impact towards web hosting providers and the 70 million domains around the world if not dealt with quickly. However there is some good news even though they can … Read the rest
Phishing for Microsoft Teams Credentials
Phishing continues to be a pain in everyone’s rear end. This particular Phishing scam aims to rob you from your Microsoft Teams Credentials.
Since Microsoft Teams has become a favorable communication tool throughout the world of course hackers are now aiming to phish you into giving them your login information.
Abnormal Security said “Because Microsoft Teams is an instant messaging service, recipients of this notification might be more apt to click on it so that they can respond quickly to whatever message they think they may have missed based on the notification.”
What to look for
- The attack impersonates an automated message from what you think would be from Microsoft Teams.
- The from field would state “Theres new activity in teams”.
- The message from the teammate would craft a message with a sense of urgency.
- The email will have clickable URL’s and Buttons that direct you to a fake Office365
Cyber-Response Ethical Guidelines is a must read.
Now this was an interesting read from the website ethicsFIRST. They guide you through 12 ethical duties which are listed and explained. Of course some of it seems to be a little on the nose and why did you not ethically choose this path to begin with? Regardless these steps are great for people that seen to lack a cyber security ethics plan and path and could bring some confidence to your teams decision making.
The guidelines were launched on Oct. 21, Global Ethics Day, by FIRST.
For more, read here.
- Automating System Updates with Unattended-Upgrades on Ubuntu
- How to Add a Large Disk Partition as Storage in Proxmox VE
- How to Remove Radmin Viewer with PowerShell
- How to Automate Ubuntu Server System Updates and Package Installation
- Introducing Zevonix: Your Pathway to Smarter IT
Mobile Users Falling Victims To URL Spoofing
Yikes, aren’t there enough mobile vulnerabilities already? Now we have to tend to URL Spoofing and determining if the website is real or not?
A Rapid7 researcher named Tod Beardsley, which disclosed the vulnerability, said this flaw, is an instance of CWE-451 from the Common Weakness Enumeration. It is cause for concern because these victims on mobile devices can’t tell the difference between a real site and the fake site victims land on.
In its most common cases a user would get lured to click on a link from a social media site, or receive a text on their mobile device with a link that would take them to the fraudulent site. In just about every instance, once the user clicks, he’s asked to give up something, whether it’s credentials or credit card information.
… Read the rest“I can’t really tell the difference,” Beardsley said. “The mobile address bar is so small that
Hackers From Iran Are Spreading Dharma Ransomware Via RDP Ports
A group of hackers from Iran are targeting worldwide companies that use public-facing Remote Desktop Protocol (RDP) and infecting them with the Dharma Ransomeware.
The attackers would lunch their campaign by first scaning ranges of IPs for hosts that contained these vulnerable RDP ports like 3389 which is the default RDP port, afterwards attempt weak credentials. They have been using a scanning software called Masscan.
Once vulnerable hosts were identified, the attackers deployed a well-known RDP brute force application called NLBrute, which has been sold on the dark web forums. Using this tool, they are able to brute-force their way into the system, and then check the validity of obtained credentials on other accessible hosts in the network.
Attackers also attempted to elevate privileges using an exploit for an elevation privilege flaw. This medium-severity flaw (CVE-2017-0213), which affects Windows systems, can be exploited when an attacker runs a … Read the rest
CISA Alerts in Ongoing Ransomware Exploiting Vulnerabilities in RDP and VPNs
The DHS Cybersecurity & Infrastructure Security Agency (CISA) has issued an alert regarding an on going Nefilim ransomware campaign, after the New Zealand Computer Emergency Response Team (CERT NZ) issuing an alert as well.
Nefilim ransomware is the successor of Nemty ransomware and was first discovered in February 2020. The developers of the ransomware conduct their own attacks and deploy the ransomware manually after gaining access to enterprise networks.
Once an attacker gains a foothold through the remote access system, they then use tools such as mimikatz, psexec, and Cobalt Strike to elevate privileges, move laterally across a network, and establish persistence on the network.
The attacker identifies and extracts sensitive information from the network and encrypts files. Nefilim ransomware has commonly been used, but other ransomware can also be used. Once the attacker has the information they want they attempt to sell or publicly release the information.
Ransomware Mitigations
… Read the rest
Russian Sandworm Exploiting Exim Mail Servers
It has been found by the NSA that the Russian Spy Group called BlackEnergy is actively exploiting Exim mail servers with Sandworm.
The Exim mail server flaw can be exploited using a email containing a modified “MAIL FROM” field in a Simple Mail Transfer Protocol (SMTP) message. The Russians have been exploiting unpatched Exim servers since at least August, according the NSA’s advisory.
Once Sandworm compromises a target Exim server, it subsequently downloads and executes a shell script from a Sandworm-controlled domain to establish a persistent backdoor that can be used for reconnaissance, spying on mail messages, lateral movement and additional malware implantation.
“This script would attempt to do the following on the victim machine: Add privileged users; disable network security settings; update SSH configurations to enable additional remote access; and execute an additional script to enable follow-on exploitation,” according to the NSA.
Exim admins should update their MTAs … Read the rest
Loading ...