Comments on: Cyber security news December 2022

By: Tomi Engdahl

Tomi Engdahl — Mon, 02 Jan 2023 16:56:13 +0000

https://www.analyticsinsight.net/mysterious-python-package-becomes-a-hazard-for-all-programmers/

By: Tomi Engdahl

Tomi Engdahl — Mon, 02 Jan 2023 16:51:28 +0000

New Linux malware uses 30 plugin exploits to backdoor WordPress sites
https://www.bleepingcomputer.com/news/security/new-linux-malware-uses-30-plugin-exploits-to-backdoor-wordpress-sites/

By: Tomi Engdahl

Tomi Engdahl — Mon, 02 Jan 2023 07:55:30 +0000

https://hackaday.com/2022/12/30/this-week-in-security-adblock-for-security-proxynotshell-lives-and-cvss-10-to-not-worry-about/
LastPass isn’t the only password manager in the news, and the problems found in Passwordstate makes the recent LastPass issues seem like the most minor of inconveniences. Passwordstate is an enterprise solution for password management. Researchers at modzero started with the browser extension, that allows a user to access saved passwords. To authenticate, a token is generated and sent to the server. Turns out, that token is just the username and other user information, XOR’d with a static, universal key. And on the server side, the only check that happens is on the username. So on any Passwordstate install anywhere, if you can talk to the API, and know a valid username, you can pull every password accessible to that account.

Better Make Sure Your Password Manager Is Secure
Or Someone Else Will
https://www.modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html

By: Tomi Engdahl

Tomi Engdahl — Mon, 02 Jan 2023 07:52:58 +0000

Guardian hit by serious IT incident believed to be ransomware attack
https://www.theguardian.com/media/2022/dec/21/guardian-hit-by-serious-it-incident-believed-to-be-ransomware-attack
Incident has hit parts of media company’s technology infrastructure, with staff told to work from home

By: Tomi Engdahl

Tomi Engdahl — Mon, 02 Jan 2023 07:05:45 +0000

https://www.securityweek.com/data-breach-louisiana-healthcare-provider-impacts-270000-patients

By: Tomi Engdahl

Tomi Engdahl — Mon, 02 Jan 2023 07:05:30 +0000

Netwrix Acquires Remediant for PAM Technology
https://www.securityweek.com/netwrix-acquires-remediant-pam-technology

Data security software vendor Netwrix has acquired Remediant, an early-stage startup working on technology in the PAM (privileged access management) category.

Financial terms of the acquisition were not disclosed.

By: Tomi Engdahl

Tomi Engdahl — Mon, 02 Jan 2023 07:04:59 +0000

EarSpy: Spying on Phone Calls via Ear Speaker Vibrations Captured by Accelerometer
https://www.securityweek.com/earspy-spying-phone-calls-ear-speaker-vibrations-captured-accelerometer

By: Tomi Engdahl

Tomi Engdahl — Mon, 02 Jan 2023 07:04:35 +0000

North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains
https://www.securityweek.com/north-korean-hackers-created-70-fake-bank-venture-capital-firm-domains

By: Tomi Engdahl

Tomi Engdahl — Mon, 02 Jan 2023 07:04:20 +0000

CISA Says Two Old JasperReports Vulnerabilities Exploited in Attacks
https://www.securityweek.com/cisa-says-two-old-jasperreports-vulnerabilities-exploited-attacks

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two JasperReports flaws to its Known Exploited Vulnerabilities Catalog.

Tibco’s JasperReports Library is advertised as the world’s most popular open source reporting engine. The JasperReports Server software is designed to enable non-technical users to create reports, dashboards, and visualizations.

CISA has learned that two JasperReports vulnerabilities discovered in 2018 have been exploited in attacks.

One of them is CVE-2018-18809, a critical directory traversal issue in JasperReports Library that can allow webserver users to access data on the host system, which can include credentials for accessing other systems. The flaw was addressed in March 2019.

CVE-2018-18809 has been found to affect the products of major vendors that use the JasperReports Library, including IBM products.

The second vulnerability is CVE-2018-5430, a high-severity information disclosure issue affecting JasperReports Server. The security hole was addressed in April 2018.

By: Tomi Engdahl

Tomi Engdahl — Mon, 02 Jan 2023 07:02:27 +0000

LockBit ransomware claims attack on Port of Lisbon in Portugal https://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-attack-on-port-of-lisbon-in-portugal/
A cyberattack hitting the Port of Lisbon Administration (APL), the third-largest port in Portugal, on Christmas day, has been claimed by the LockBit ransomware gang. According to a company statement shared with local media outlets on Monday, the cyberattack did not impact the port’s operations.