Security News

Hackers breached six Cisco servers through SaltStack Salt vulnerabilities
2020-05-29 12:34

Earlier this month, when F-Secure publicly revealed the existence of two vulnerabilities affecting SaltStack Salt and attackers started actively exploiting them, Cisco was among the victims. The revelation was made on Thursday, when Cisco published an advisory saying that, on May 7, 2020, they've discovered the compromise of six of their salt-master servers, which are part of the Cisco VIRL-PE service infrastructure.

Cisco Servers Hacked via Salt Vulnerabilities
2020-05-29 10:56

Now, Cisco reveals that salt-master servers that are used with Cisco Virtual Internet Routing Lab Personal Edition were upgraded on May 7, and that, on the same day, they were found to have been compromised through the aforementioned vulnerabilities. "Cisco identified that the Cisco maintained salt-master servers that are servicing Cisco VIRL-PE releases 1.2 and 1.3 were compromised. The servers were remediated on May 7, 2020," the company announced in an advisory.

Hackers Compromise Cisco Servers Via SaltStack Flaws
2020-05-28 20:51

Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. Hackers were able to successfully exploit the flaws incorporated in the latter product, resulting in the compromise of six VIRL-PE backend servers, according to Cisco.

PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time
2020-05-28 15:59

A Java-based ransomware known as PonyFinal has galloped onto the scene, targeting enterprise systems management servers as an initial infection vector. As for the infection routine, "The PonyFinal ransomware is delivered through an MSI file that contains two batch files and the ransomware payload," researchers explained.

Valak Loader Revamped to Rob Microsoft Exchange Servers
2020-05-28 13:54

Threat actors have revamped a popular malware loader into a stealthy infostealer that targets Microsoft Exchange servers to pilfer enterprise mailing information, passwords and enterprise certificates, researchers have found. Valak was first observed as a loader in 2019 but has now gone through "a series of dramatic changes, an evolution of over 30 different versions in less than six months," Cybereason Nocturnus researchers Eli Salem, Lior Rochberger and Assaf Dahan said in a report posted online Thursday.

DNS this week stands for Drowning Needed Services: Design flaw in name server system can be exploited to flood machines offline
2020-05-21 10:52

Dubbed NXNSAttack, the flaw [PDF] can be abused to pull off a classic amplification attack: you send a small amount of specially crafted data to a DNS server, which responds by sending a lot of data to a victim's server. The recursive server contacts your DNS server for your dot.com for that information.

DNS this week stands for Drowning Needed Services: Design flaw in name server system can be exploited to flood machines offline
2020-05-21 10:52

Dubbed NXNSAttack, the flaw [PDF] can be abused to pull off a classic amplification attack: you send a small amount of specially crafted data to a DNS server, which responds by sending a lot of data to a victim's server. The recursive server contacts your DNS server for your dot.com for that information.

Woman stalked by sandwich server via her COVID-19 contact tracing info
2020-05-14 12:52

Mayo? Mustard? Creep who takes your sandwich order plus the personal details you handed over for contact tracing? You may well ask how you do contact tracing without collecting people's PII. Countries have certainly asked, and they've found what will hopefully turn out to be an approach that leaves people's privacy intact.

Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability
2020-05-06 01:18

Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and DigiCert. In a separate development, the Salt vulnerability was used to hack into DigiCert certificate authority as well.

Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability
2020-05-06 01:18

Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and DigiCert. In a separate development, the Salt vulnerability was used to hack into DigiCert certificate authority as well.