June | 2022 | OSG: Bits, Bytes and Packets

Skip navigation

Monthly Archives: June 2022

YouTube used to distribute malware and steal data

June 30, 2022 – 7:17 pm
Posted in Anti-Virus, Attacks, Cloud, Community, Computers and Internet, Cyber security, Google, Malware, Social Engineering, Supply Chain Attack, Technology, Virus
Tagged BitCoin Mining Software, cyble.com, PennyWise, YouTube
Leave a Comment

https://blog.cyble.com/2022/06/30/infostealer/

IIS and Exchange Servers backdoored by SessionManager malware

June 30, 2022 – 5:13 pm
Posted in Attacks, Computers and Internet, Cyber security, Exchange, Exploit Warning, HAck, Malware, Microsoft, Virus, Vulnerability, Windows Server
Tagged Bleepingcomputer.com, darkreading.com, Gelsemium, Kaspersky, securelist.com, SessionManager
Leave a Comment

https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-worldwide-backdoored-with-new-malware/

The SessionManager IIS backdoor

https://securelist.com/the-sessionmanager-iis-backdoor/106868/

https://www.darkreading.com/attacks-breaches/new-sessionmanager-exchange-server-backdoor-globally

RCE vulnerability in ManageEngine ADAudit Plus allows for data exfiltration and network “takeover”

June 30, 2022 – 4:55 pm
Posted in Attacks, Business Continuity, Computers and Internet, Cyber security, Exploit Warning, HAck, Vulnerability
Tagged ADAudit Plus, CVE-2022-28219, darkreading.com, Horizon3.ai, Zoho ManageEngine
Leave a Comment

https://www.darkreading.com/vulnerabilities-threats/manageengine-adaudit-plus-vulnerability-network-takeover-data-exfiltration

Flagstar Bank provides Breach Notification to Maine Attorney General six months after a breach. 1.5 million affected.

June 26, 2022 – 1:12 am
Posted in Computers and Internet, Cyber security, HAck, Privacy Alert
Tagged Flagstar Bank, PII
Leave a Comment

https://www.msn.com/en-us/money/personalfinance/bank-data-breach-exposes-1-5-million-social-security-numbers/ar-AAYQVwp

CISA releases advisory on bad actors exploiting Log4Shell on VMware Horizon systems

June 24, 2022 – 1:39 pm
Posted in Attacks, CISA, Computers and Internet, Cyber security, Exploit Warning, HAck, Malware, Patch Available, Technology, Vulnerability
Tagged Apache, CGCYBER, CVE-2021-44228, IOCs, log4j, log4shell, MAR-10382254-1, MAR-10382580-1, vmware, VMware Horizon
Leave a Comment

https://www.cisa.gov/uscert/ncas/alerts/aa22-174a

Zero-Day in Mitel VoIP appliance leads to RCE/ Ransomware attack

June 24, 2022 – 12:08 pm
Posted in Attacks, Computers and Internet, Cyber security, Exploit Warning, HAck, Linux, Malware, Patch Available, ransomware, Technology, Vulnerability, Zero Day
Tagged Crowdstrike, CVE-2022-29499, Mitel, pdf_import.php, Reverse Shell, SA 100, SA 400, thehackernews.com, Virtual SA
Leave a Comment

Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attack (thehackernews.com)

Cisco: Upgrade (replace) EoL VPN devices

Cisco tells customers to upgrade VPN routers or risk attack (msn.com)

Cloudflare: Largest yet HTTPS DDoS mitigated

June 18, 2022 – 8:51 am
Posted in Uncategorized
Tagged Cloudflare, DDoS, IoT, therecord, Volumetric DDoS
Leave a Comment

https://therecord.media/cloudflare-says-it-stopped-largest-https-ddos-attack-on-record-last-week/

June 2022 Windows patch release may break Wi-Fi hotspot connections, says Microsoft

June 17, 2022 – 5:50 pm
Posted in Computers and Internet, Cyber security, Microsoft, Supply Chain, Technology, Windows 10, Windows 11, Windows Server, Wireless
Tagged Bleepingcomputer.com, hotspot
Leave a Comment

https://www.bleepingcomputer.com/news/microsoft/microsoft-june-windows-updates-may-break-wi-fi-hotspots/

FIXED: Authentication Bypass vulnerability in Cisco ESA, Secure Email and Web Manager

https://securityaffairs.co/wordpress/132327/hacking/cisco-esa-critical-flaw.html