Cisco Networks hacked by Yanluowang Ransomware Group. Cisco has reported a security incident on their corporate network. Although, the company has said it did not identify any impact to their business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations. However, on August 10 the bad actors published a list of files from this security incident to the dark web.

• Advisory
• August 12, 2022

Microsoft announced End-of-Support for Windows 8.1. Microsoft has announced that its Windows 8.1 will reach End-of-Support by January 10, 2023. According to Microsoft, after this date, Microsoft will no longer provide updates of any kind to the OS in question, leaving devices (and the networks they may be a part of) vulnerable.

• Advisory
• July 22, 2022

Android Malware With Over 2 Million Downloads Discovered on Google Play Store. An Android malware that is both an adware and information-stealer has been downloaded over two million times on the Google Play Store. The malware has been masquerading as several legitimate apps, and while most have been removed, five of them are still up on the store with the possibility that some are yet to be identified.

• Advisory
• June 26, 2022

Dangerous Malware Targets Android Devices. Ermac, a dangerous malware that targeted Android devices in 2021, has reappeared as Ermac 2.0. Ermac is a trojan that steals user credentials from banking apps and crypto wallets included in the list of targeted apps and sends them to threat actors. It currently targets 467 apps and is available for rent on the darknet for $5000 per month by threat actors.

• Advisory
• June 2, 2022

Joker Trojan-Infected Android Apps Reappear on Google Play Store. The Joker trojan malware, which targets Android devices, first showed up in 2017 and has resurfaced intermittently ever since. In April 2021, it was embedded in an App that was downloaded over seven hundred thousand (700,000) times before discovery and subsequent removal from the Google Play Store. Its latest emergence has so far triggered the removal of three (3) apps from the Play Store.

• Advisory
• May 10, 2022

New Browser-In-The Browser (BITB) Phishing Attacks. A coding ruse that is invisible to the naked eye can now be used to trick targets into disclosing sensitive information. The novel phishing technique is known as a browser-in-the-browser (BitB) attack. This type of attack employs bogus popup SSO windows to steal credentials from Google, Facebook, and Microsoft, among others.

• Advisory
• March 29, 2022

Wordpress Themes and Plugins Vulnerabilities. A recent discovery revealed that dozens of WordPress themes and plugins had been backdoored with malicious code in order to infect additional sites. Also disclosed was a security flaw affecting three different WordPress plugins that affected over 84,000 websites and could be exploited by a malicious actor to take over vulnerable sites.

• Advisory
• January 25, 2022

New Windows Installer Zero-Day Vulnerability. A security researcher discovered and reported a privilege escalation vulnerability in the Windows Installer software component, which was later fixed by Microsoft. The flaw not only allows for the bypass of Microsoft's previous fix, but it also allows for local privilege escalation via the newly discovered zero-day bug. As a result, attackers are actively attempting to exploit the newly disclosed variant of the disclosed vulnerability in order to potentially execute arbitrary code on fully patched systems.

• Advisory
• November 25, 2021

Flubot Malware Targets Androids With Fake Security Updates and App Installations. A newly discovered Android malware, dubbed FluBot, impersonates Android mobile banking applications to draw fake webview on targeted applications. The malware primarily focuses on stealing credit card details or online banking credentials, apart from personal data.

• Advisory
• October 19, 2021

Browser’s DNS Rebinding Attacks. Cybercriminals have been discovered to be using a technique known as DNS rebinding to compromise internal networks by abusing web-based consoles. This method exposes the attack surface of internal web applications to malicious websites after being launched on victims' browsers. The DNS rebinding attack can use victims' browsers as a proxy to expand the attack surface to private networks.

• Advisory
• September 22, 2021

Russian GRU Global Brute Force Attacks. The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), military unit 26165, is reported to be conducting a Global anonymized Brute Force Campaign to Compromise Enterprise and Cloud Environments. This attack is discovered to be targeting government and foreign organizations using brute force access to penetrate government and private sector victim networks.

• Advisory
• July 2, 2021

Cellebrite Forensic Software Security Vulnerabilities. Signal CEO in a successful hacking of the Cellebrite cellphone hacking and cracking tool revealed that the software lacks industry-standard exploit mitigation defenses, thereby making the software vulnerable to exploitations. This is coming after Cellebrite claimed in 2019 that its new tool unlocks almost any iOS and Android device, and in December 2020, that it could easily crack Signal’s encryption. Marlinspike accused Cellebrite of making a living from undisclosed vulnerabilities hence the decision to play it smart with the company by publicly publishing the vulnerability.

• Advisory
• April 28, 2021

Microsoft Exchange Servers Zero-Day Vulnerability. Microsoft has confirmed the attacks against the Exchange servers aimed at stealing email addresses and installing malware to gain persistence in the target networks. This attacks campaign has been attributed to China-based hacker group called HAFNIUM who were exploiting unknown software bugs in Exchange Server to steal sensitive data from select targets. The vulnerability is being actively exploited in the wild by several cyber espionage groups, including LuckyMouse, Tick, and Calypso targeting servers around the world.

• Advisory
• March 8, 2021

APT Compromise of Orion Platforms. Reports revealed recent compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor which began at least since March 2020. It is expected that removing this threat actor from compromised environments will be highly complex and challenging for organizations hence the need to take proactive actions in the protection of government critical national information infrastructures. The cyber-security firm that identified the large-scale hacking of US government agencies says it "genuinely impacted" around 50 organisations. The US Treasury and departments of homeland security, state and defence are known to have been targeted. Russian Intelligence has been accused by the US for the cyber intrusion. Several other organisations around the world are understood to have been targeted by hackers using the same network management software.

• Advisory
• January 1, 2021

ReVoLTE Networks Vulnerability. Recently, a group of security researchers discovered a new vulnerability named ReVoLTE attack. This vulnerability is due to mobile operators often utilizing similarly encryption key to obtain multiple 4G voice calls that takes place through similarly base station. This vulnerability could allow a malicious attacker to manipulate encrypted content of a recorded Volte call so as to eavesdrop the conversation.

• Advisory
• August 27, 2020

Cisco Small Business Routers Vulnerabilities. According to Cisco, different categories of vulnerabilities were discovered from different Cisco routers. This vulnerabilities ranges from static default credential, Management interface remote command execution, authentication bypass, arbitrary code execution, and privilege escalation.

• Advisory
• July 17, 2020

Multiple Security Vulnerabilities for Adobe Products. Adobe has released an update for multiple adobe products in Windows, MacOS, and Linux. The updates resolves critical out-of-bounds Read and Write vulnerabilities that could lead to arbitrary code execution and information disclosure.

• Advisory
• June 18, 2020

ngCERT Advisory 19-years-old WinRAR vulnerability leads to over 100 malware exploits. ngCERT Advisory 19-years-old WinRAR vulnerability leads to over 100 malware exploits

• Advisory
• February 10, 2020

ngCERT 2nd Advisory on WannaCry/WCry/WCrypt0 Ransomware Warm and Remote Desktop Protocol (RDP) & Server Message Block (SMB) Protocol Vulnerability. The Remote Desktop Protocol (RDP) and a vulnerability in the implementation of the Server Message Block SMB protocol of Microsoft Windows Operating System is currently being exploited by a ransomware called WannaCry worm. The worm encrypts all files on an infected computer’s hard drive.

• Advisory
• May 15, 2017

Windows 10 Task Scheduler Zero-Day Vulnerability. Microsoft Windows Task Scheduler is a set of Microsoft Windows components that allows for the execution of scheduled tasks. The exploit "functions reliably on 32- and 64-bit Windows 10 platforms, as well as Windows Server 2016 and Windows Server 2019.

• Vulnerability
• February 10, 2020