6 May 2021 Weekly Newsletter

 

BOCRA website

 

     

NEWSLETTER

PoC exploit released for Microsoft Exchange bug dicovered by NSA


                                                     LATEST CYBER HACKS 

 
 

icon

 

A massive DDoS knocked offline Belgian government websites

People attempting to visit websites hosted on the Belnet network were not able to reach them and were displayed error messages. The websites of the Belgium government and police services were also unavailable.

 

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

A latest 5report shared with The Hacker News detailed how the BeVigil search engine identified over 40 apps - with more than a cumulative 100 million downloads - that had hardcoded private Amazon Web Services (AWS) keys embedded within them, putting their internal networks and their users' data at risk of cyberattacks.


                                                      VULNERABILITIES

 
 

wGm4KiG+TQImQAAAABJRU5ErkJggg==

 

Android May 2021 Update Out, Fixes Over 40 Vulnerabilities

The new security patch 2021-05-01 fixes three main critical flaws which were identified in the System component. All these three security breaches could be exploited to run arbitrary code on a vulnerable Android device.

9k=

 

Dell patches 12-year-old driver vulnerability impacting millions of PCs

Hundreds of millions of Dell desktops, laptops, notebooks, and tablets will need to update their Dell DBUtil driver to fix a 12-year-old vulnerability that exposes systems to attacks. The bug, tracked as CVE-2021-21551, impacts version 2.3 of DBUtil, a Dell BIOS driver that allows the OS and system apps to interact with the computer’s BIOS and hardware.

icon

 

Apple reports 2 iOS 0-days that let hackers compromise fully patched devices

A week after Apple issued its biggest iOS and iPadOS update since last September’s release of version 14.0, the company has released a new update to patch two zero-days that allowed attackers to execute malicious code on fully up-to-date devices. Monday’s release of version 14.5.1 also fixes problems with a bug in the newly released App Tracking Transparency feature rolled out in the previous version.

icon

 

Pulse Secure fixes VPN zero-day used to hack high-value targets

Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and govt agencies.

icon

 

Python also impacted by critical IP address validation vulnerability

The Python standard library ipaddress also suffers from the critical IP address validation vulnerability identical to the flaw that was reported in the "netmask" library earlier this year.


                                     MALWARES

 
 

icon

 

Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks

SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug.

icon

 

N3TW0RM ransomware emerges in wave of cyberattacks in Israel

A new ransomware gang known as 'N3TW0RM' is targeting Israeli companies in a wave of cyberattacks starting last week. Israeli media Haaretz reported that at least four Israeli companies and one nonprofit organization had been successfully breached in this wave of attacks.

icon

 

New FluBot Android Banking Trojan Spread Via SMS Phishing

Heads up, Android users! If you receive an SMS about a package delivery with a link, double-check it for authenticity before clicking on it. A new Android banking trojan identified as FluBot is actively targeting users via such SMS phishing campaigns.

icon

 

RotaJakiro Linux Backdoor Malware Escaped Detection Since 2018 As It Continued Stealing Data

New malware is in the wild targeting Linux systems. Researchers have identified this malware as ‘RotaJakiro’, a Linux backdoor that steals data from devices. This malware, despite active campaigns for the past three years, managed to escape detection.


                               GENERAL NEWS

 
 

icon

 

Tesla Car Hacked Remotely From Drone via Zero-Click Exploit

Two researchers have shown how a Tesla — and possibly other cars — can be hacked remotely without any user interaction. They carried out the attack from a drone.

icon

 

Google Chrome: This new feature makes it tougher for hackers to attack Windows 10 PCs

Google has revealed Chrome 90 has adopted a new Windows 10 security feature called "Hardware-enforced Stack Protection" to protect the memory stack from attackers.   

icon

 

Malware Increasingly Using TLS to Hide Communication

Researchers from cybersecurity firm Sophos have reported that the use of Transport Layer Security (TLS) encrypted communications by malware has doubled in a year. The TLS protocol allows cybercriminals to privately share information between a C2 server and a website, shielding them from security systems.

icon

 

Several Threats Still Looming over Microsoft Exchange

At the beginning of March, Microsoft discovered some zero-day vulnerabilities in its Exchange Servers were actively exploited by a hacking group known as Hafnium. Since then, a large number of attackers, including state-sponsored hackers, started exploiting these vulnerabilities in the wild. Recently, attackers were observed exploiting this vulnerability for mining cryptocurrency.

COMM-CIRT

Botswana Communications Regulatory Authority

Private Bag 00495, Gaborone, Botswana

+2673929961

Disclaimer: This information was gathered from multi-trusted feeds and it is not created by COMM-CIRT