Serious Security: Don’t let your SQL server attack you with ransomware. Encryption is Often Poorly Deployed, if Deployed at All - Infosecurity Magazine. Encryption continues to be a challenge for companies, as only a quarter of organizations admit to using it for at-rest data, and for emails and data centers.
According to research by Thales and IDC, encryption for email is only adopted by around 27% of the European respondents, while the numbers decline for data at rest, data centers, Big Data environments and full disk encryption. The only instance of European respondents ranking higher than a global number was in the instance of using cloud-native provider encryption. Fifth of Docker Containers Have No Root Passwords. Google stored some passwords in plaintext for 14 years. Oops, Google said on Tuesday: you know that domain administrator’s tool to reset passwords in the G Suite enterprise product?
The one we implemented back in 2005, as in, 14 years ago? We goofed, Google said. The company’s been storing copies of unhashed passwords – as in, plaintext, unencrypted passwords – all this time. From a blog post written by Google vice president of engineering Suzanne Frey: Citrix admits attackers breached its network – what we know. On Friday, software giant Citrix issued a short statement admitting that hackers recently managed to get inside its internal network.
According to a statement by chief information security officer Stan Black, the company was told of the attack by the FBI on 6 March, since when it had established that attackers had taken “business documents” during the incident: The specific documents that may have been accessed, however, are currently unknown. Monero cryptominers hijack hundreds of unpatched Docker hosts. A recently-disclosed vulnerability in the Docker containerisation platform is being exploited by cybercriminals to mine the Monero (XMR) cryptocurrency on hundreds of servers.
Security company Imperva used Shodan to find open ports running Docker, finding 3,822 on which the platform’s remote API was publicly exposed. Of these, around 400 had accessible IP addresses on port 2735/2736, the API’s listening ports. The majority turned out to be running cryptominers, with legitimate MySQL and Apache production servers on a smaller number. Attackers Exploit Zero-Day in WordPress Plugin. Patch Tuesday avril 2019 : 74 vulnérabilités, dont 16 critiques corrigées par Microsoft. Dans ce Patch tuesday mensule, huit de ces vulnérabilités critiques concernent les moteurs de script et des composants de navigateur et impactent les navigateurs Microsoft ainsi que la suite Office, tandis que 5 vulnérabilités critiques affectent MSXML.
Deux vulnérabilités facilitant l’exécution de code à distance (RCE) sont corrigées dans GDI+ et IOleCvt. Deux vulnérabilités permettant une élévation de privilèges dans Win32k sont signalées comme activement attaquées tandis qu’une autre dans le service de déploiement AppX Windows fait l’objet d’un exploit PoC public. Correctifs pour postes de travail. Security weakness in popular VPN clients. Numerous enterprise VPN clients could be vulnerable to a potentially serious security weakness that could be used to spoof access by replaying a user’s session, an alert from the Carnegie Mellon University CERT Coordination Center (CERT/CC) has warned.
Connecting to an enterprise VPN gateway made by a specific company usually requires a dedicated application designed to work with it. So far, the issue has only been confirmed in applications from four vendors – Palo Alto, F5 Networks, Pulse Secure, and Cisco – but others could be affected. The problem is the surprisingly basic one that applications have been insecurely storing session and authentication cookies in memory or log files which renders them vulnerable to misuse.
Kaspersky Labs Discovers 'Previously Unknown Vulnerability' in Microsoft Windows. Hackers Steal 7K BTC from Binance Cryptocurrency. Baltimore Severs Down After Ransomware Attack. Another city has become the victim of a ransomware attack, as government officials in Baltimore have revealed that the city hall computer networks have been infected, according to CBS Baltimore.
Experts have identified the ransomware used in this case as the RobbinHood variant, about which there is little information given that it is relatively new. RobbinHood was also identified as the ransomware used last month in an attack on Greenville, North Carolina. Though it has been reported that no personal data has been compromised at this time, Mayor Jack Young reportedly released a statement confirming the attack. “Baltimore City core essential services (police, fire, EMS and 311) are still operational but it has been determined that the city’s network has been infected with a ransomware virus.
City employees are working diligently to determine the source and extent of the infection. Baltimore's city council president, Brandon M. Faille iLnkP2P : découverte de 2 millions d'objets connectés affectés. En tout, iLnkP2P présente deux failles de sécurité.
L’une d’elle permet à un attaquant de se connecter à un périphérique. L’autre problème permet de voler les données d’accès au périphérique et de prendre le contrôle total. Un vrai danger, surtout si une webcam impactée est située dans une zone telle que la chambre d’un enfant ou votre chambre à coucher. Docker breach of 190,000 users exposes lack of two-factor authentication. Containerisation platform Docker has asked 190,000 developer users to change their account passwords after hackers gained access to a database containing personal data.
According to an advisory on the company’s website, the incident happened on 25 April when for a “brief period” attackers accessed a single Docker Hub repository used to store the accounts. Exposed data included usernames, an unknown number of hashed passwords and, inconveniently, API tokens used by developers with GitHub and Bitbucket (which, when embedded in scripts, perform the same function as passwords for Docker autobuilds).
When Docker discovered the breach it acted quickly, adding: No Official Images have been compromised. Top Russian Hacking Group Breaches Three AV Companies. A report published today by Advanced Intelligence revealed that three US-based antivirus software vendors have been breached, and a high-profile collective of Russian hackers is claiming responsibility.
Using a credential-stuffing botnet, the known international cybercrime group has reportedly stolen more than 30 terabytes of data from the networks of three U.S. -based antivirus firms. Advanced Intelligence research disclosed that “Fxmsp,” a collective of hackers who speak both Russian and English, has also advertised that access to both the source code and networks of three US-based antivirus software vendors can be purchased for $300,000. The hackers have also providing evidence to validate their claims. “Cyber-attackers long ago discovered that the easiest way to gain access to sensitive data is via weak, default or otherwise compromised credentials,” said Dr. Severe Linux kernel flaw found in RDS. Linux systems running kernels prior to 5.0.8 require patching after news emerged of a high-severity flaw that could be remotely exploited.
According to the NIST advisory, CVE-2019-1181 is a race condition affecting the kernel’s rds_tcp_kill_sock in net/rds/tcp.c “leading to a use-after-free, related to net namespace cleanup.” The RDS bit refers to systems running the Reliable Datagram Sockets (RDS) for the TCP module, which means only systems that run applications using this are affected. The attention-grabbing part is that this opens unpatched systems to remote compromise and denial of service without the need for system privileges or user interaction.
Critical Vulnerabilities in Cisco Products. A high-risk vulnerability in Cisco's secure boot process was disclosed earlier this week by Cisco and Red Balloon Security and is believed to have affected an estimate 100 or more devices. The vulnerability (CVE-2019-1649) is “in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. UPDATE NOW! Critical, remote, ‘wormable’ Windows vulnerability. Microsoft has issued a patch for a vulnerability in its Remote Desktop Services that can be exploited remotely, via RDP, without authentication and used to run arbitrary code:
Update WhatsApp now! One call could give spies access to your phone.