Latest News

2021/05/04

New Attacks Slaughter All Spectre Defenses

All defenses against Spectre side-channel attacks can now be considered broken, leaving billions of computers and other devices just as vulnerable today as they were when the hardware flaw was first announced three years ago.

A paper published on Friday by a team of computer scientists from the University of Virginia and the University of California, San Diego, describes how all modern AMD and Intel chips with micro-op caches are vulnerable to this new line of attack, given that it breaks all defenses. That includes all Intel chips that have been manufactured since 2011, which all contain micro-op caches.
2021/05/04

Researchers Explore Active Directory Attack Vector

Incident responders who investigate attacks targeting Active Directory discuss methods used to gain entry, elevate privileges, and control target systems.
Active Directory is a massive and complex attack surface that has long been a prime target for criminals seeking valuable privileges and data. Incident responders find the service is involved in the bulk of attacks they investigate, underscoring major security challenges for defenders.
2021/04/29

Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware

Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research.

The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious.

"The biggest risk for the targeted companies and individuals is the fact that security solutions still have a lot of problems with detecting malicious Excel 4.0 documents, making most of these slip by conventional signature based detections and analyst written YARA rules," researchers from ReversingLabs said in a report published today.
2021/04/16

Security Bug Allows Attackers to Brick Kubernetes Clusters

A vulnerability in one of the Go libraries that Kubernetes is based on could lead to denial of service (DoS) for the CRI-O and Podman container engines.

The bug (CVE-2021-20291) affects the Go library called “containers/storage.” According to Aviv Sasson, the security researcher at Palo Alto’s Unit 42 team who found the flaw, it can be triggered by placing a malicious image inside a registry; the DoS condition is created when that image is pulled from the registry by an unsuspecting user.

“Through this vulnerability, malicious actors could jeopardize any containerized infrastructure that relies on these vulnerable container engines, including Kubernetes and OpenShift,” Sasson said in a Wednesday posting.
2021/04/06

533M Facebook Accounts Leaked Online: Check if You Are Exposed

An estimated 32 million, of the half-billion of Facebook account details posted online, were tied to US-based accounts.

More than 533 million Facebook users had their personal information posted to a public hacker forum, a move that is raising concerns about an uptick in cybercrime leveraging the credentials.

The publicly released Facebook user data is believed to be part of a 2019 “Add Friend” Facebook security bug exploited by hackers at the time. The flaw allowed criminals to siphon hundreds of millions of member account details from Facebook and sell them to the highest bidder on illicit online markets.