Cyber security | OSG: Bits, Bytes and Packets

Skip navigation

Category Archives: Cyber security

Dropbox files notice of breach with SEC

May 2, 2024 – 12:08 pm
Posted in Attacks, Cloud, Computers and Internet, Cyber security, Leaked Credentials, Privacy Alert, Technology
Tagged Breach notification, DBX, Dropbox, Hellosign
Leave a Comment

https://www.sec.gov/Archives/edgar/data/1467623/000146762324000024/dbx-20240429.htm

At the very least, the actor(s) was able to obtain hashed passwords, OAUTH tokens, some MFA, phone numbers and API keys. They noticed this on April 24, 2024 according to the 8-K filed with the SEC

The investigation is continuing… AKA change passwords and inventory your data so you are prepared to evaluate your risk

Police bust accuses 37 of being cyber criminals that stole identities, credit card numbers and pin codes; seize LabHost site on Dark Web

April 18, 2024 – 9:56 am
Posted in Attacks, Card theft, Computers and Internet, Cyber security, Fraud, Online Fraud, Phishing, Privacy Alert, Scam, Social Engineering
Tagged Bust, Cyber Defence Alliance, Dark Web, fraudulent text messages, Labhost, Metropolitan Police, msn.com, National Crime Agency
Leave a Comment

Police bust cyber gang accused of worldwide fraud (msn.com)

Palo Alto updates patching guidance for command injection vulnerability

April 16, 2024 – 5:27 pm
Posted in Attacks, Computers and Internet, Cyber security, Exploit Warning, HAck, Patch Available, POC, Vulnerability
Tagged CVSS Score 10.0, Operation MidnightEclipse, Palo Alto, PAN-252214, PAN-OS, Unit-42
Leave a Comment

https://security.paloaltonetworks.com/CVE-2024-3400

This is a command injection vulnerability that enabled an unauthenticated attacker to execute code with root privileges. POC has been released publicly.

Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.

You can verify whether you have a GlobalProtect gateway or GlobalProtect portal configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways or Network > GlobalProtect > Portals).

https://unit42.paloaltonetworks.com/cve-2024-3400

VPN brute force attacks: Your logs are full of them (guaranteed)

April 16, 2024 – 1:10 pm
Posted in Attacks, Community, Computers and Internet, Cyber security, HAck, VPN
Tagged BigMama Proxy, Bleepingcomputer.com, Checkpoint VPN, Cisco, Cisco Secure Firewall VPN, Cisco Talos, Draytek, FortiOS SSL-VPN, IPIDEA Proxy, Miktrotik, Nexus Proxy, Proxy Rack, RD Web Services, SonicWall VPN, Space Proxies, TOR, Ubiquiti, VPN, VPN Gate
Leave a Comment

https://www.bleepingcomputer.com/news/security/cisco-warns-of-large-scale-brute-force-attacks-against-vpn-services

Make sure you are using MFA for every account that has remote access and check all remote access points; not just VPNs.

Not April Fools: Duo (Cisco) MFA service breached… via phishing scheme

April 16, 2024 – 8:58 am
Posted in Attacks, Computers and Internet, Cyber security, HAck, Phishing, Social Engineering, Technology
Tagged 3rd Party, Cisco Duo, MFA
Leave a Comment

https://www.darkreading.com/cyberattacks-data-breaches/cisco-duo-multifactor-authentication-service-breached

https://app.securitymsp.cisco.com/e/es?s=4673582&e=2785&elqTrackId=EF815608FCE191E1D3FAAE7B0376C832&elq=bd1c1886a59e40c09915b029a74be94e&elqaid=112&elqat=1

Customer Advisory

CVE-2024-3400: Volexity warns of Zero-day exploitation of Palo Alto device vulnerability in GlobalProtect feature over versions of PAN-OS.

April 15, 2024 – 5:27 pm
Posted in Cyber security, HAck, Patch Available, Vulnerability
Tagged CVE-2024-3400, CVSS Score 10.0, Global Protect, OS Command injection, Palo Alto, Pan OS, Python backdoor, remote code execution (RCE), UTA0218, Volexity.com
Leave a Comment

Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)

Patches are available for the varied versions of PAN-OS

CISA: Weakness in Chirp Systems may pose problems for “smart lock” homes.

April 15, 2024 – 2:49 pm
Posted in Android, Attacks, CISA, Cyber security, Endpoint Security, HAck, Skimming, Smartphones, Vulnerability
Tagged API, APK, Chirp Systems, CVSS Score: 9.1, key fob, krebsonsecurity.com, low attack complexity, plain text, Realpage, Smart Lock
Leave a Comment

https://krebsonsecurity.com/2024/04/crickets-from-chirp-systems-in-smart-lock-key-leak

Domain controllers crashing after March updates? Uninstalling KB5035855 and KB5035857 may help

March 20, 2024 – 6:59 pm
Posted in Cyber security, Microsoft, Microsoft Patches, Patch Management, Windows Server
Tagged Bleepingcomputer.com, Domain controller, DoS, KB5035855
Leave a Comment

https://www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-domain-controller-crashes-reboots

Russian actors “all up in” Microsoft’s business; accesses source code. Is this anything new?

March 14, 2024 – 7:00 am
Posted in Attacks, Cloud, Computers and Internet, Cyber security, HAck, Microsoft, Supply Chain, Technology
Tagged Russia, Source Code, SVR
Leave a Comment

https://www.independent.co.uk/news/world/americas/microsoft-russia-hackers-b2510319.html

SQL Injection vulnerability in Ivanti endpoint Manager is patched

January 9, 2024 – 4:59 pm
Posted in Computers and Internet, Cyber security, Endpoint Security, Exploit Warning, Patch Available, Patch Management, Vulnerability, Vulnerability Management
Tagged CVE-2023-39336, EPM, Ivanti, Ivanti Endpoint Manager, SQL Express, SQL Injection
Leave a Comment

https://www.bankinfosecurity.com/ivanti-patches-critical-endpoint-security-vulnerability-a-24046