admin, Author at CIRT-BS

Dropbox discloses breach after hacker stole 130 GitHub repositories

Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack. The company discovered the attackers breached the account on October 14 when GitHub notified it of suspicious activity that started one day before the alert was […]

Dropbox discloses breach after hacker stole 130 GitHub repositories Read More »

ABOUT “BLUEBLEED”SERVICE AND THE VULNERABILITY OF MICROSOFT AWS SERVERS

Attack info First seen 2022-09-24 • Last seen 2022-10-19 On October 19, 2022, Socradar announced a vulnerability they discovered in several misconfigured Microsoft AWS servers. They also announced the launch of the BlueBleed service, which contains data downloaded from several misconfigured Microsoft AWS servers. Link to the Socradar announcement – hxxps://socradar[.]io/sensitive-data-of-65000-entities-in-111- countries-leaked-due-to-a-single-misconfigured-data-bucket/ The exposed files in

ABOUT “BLUEBLEED”SERVICE AND THE VULNERABILITY OF MICROSOFT AWS SERVERS Read More »

New PHP information-stealing malware targets Facebook accounts

A new Ducktail phishing campaign is spreading a never-before-seen Windows information-stealing malware written in PHP used to steal Facebook accounts, browser data, and cryptocurrency wallets. Ducktail phishing campaigns were first revealed by researchers from WithSecure in July 2022, who linked the attacks to Vietnamese hackers. Those campaigns relied on social engineering attacks through LinkedIn, pushing .NET Core malware masquerading

New PHP information-stealing malware targets Facebook accounts Read More »

Magniber ransomware now infects Windows users via JavaScript files

A recent malicious campaign delivering Magniber ransomware has been targeting Windows home users with fake security updates. Threat actors created in September websites that promoted fake antivirus and security updates for Windows 10. The downloaded malicious files (ZIP archives) contained JavaScript that initiated an intricate infection with the file-encrypting malware. A report from HP’s threat intelligence

Magniber ransomware now infects Windows users via JavaScript files Read More »

CVE-2022-41352: Remote Code Execution Vulnerability in Zimbra Collaboration Suite CVSS 3.0: 9.8 (Critical)

Vulnerability Description An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however,

CVE-2022-41352: Remote Code Execution Vulnerability in Zimbra Collaboration Suite CVSS 3.0: 9.8 (Critical) Read More »

The Bahamas strengthens its cybersecurity capacity

The Bahamas has launched a project with ITU to set up a national Computer Incident Response Team (CIRT) to help protect the small island country’s critical digital infrastructure and data. The National Cybersecurity Project, started in January and officially launched in February at national level, aims to help assess current Bahamian capabilities in this rapidly

The Bahamas strengthens its cybersecurity capacity Read More »

Author name: admin