cyber attacks

Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses

Sep 24, 2021 by iHash Leave a Comment

A new as-yet unpatched weakness in Apple's iCloud Private Relay feature could be circumvented to leak users' true IP addresses from iOS devices running the latest version of the operating system. Introduced with iOS 15, which was officially released this week, iCloud Private Relay aims to improve anonymity on the web by employing a dual-hop architecture that effectively shields … [Read more...] about Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses

Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials

Sep 23, 2021 by iHash Leave a Comment

An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. "This is a severe security issue, since if an attacker can control such domains or has the ability to 'sniff' traffic in the same network, they can capture domain credentials in … [Read more...] about Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials

Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation

Sep 22, 2021 by iHash Leave a Comment

Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that's involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts. "With over 100 available phishing templates that mimic known brands … [Read more...] about Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation

Unpatched High-Severity Vulnerability Affects Apple macOS Computers

Sep 21, 2021 by iHash Leave a Comment

Cybersecurity researchers on Tuesday disclosed details of an unpatched vulnerability in macOS Finder that could be abused by remote adversaries to trick users into running arbitrary commands on the machines. "A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands, these files can be embedded inside emails which if the user clicks … [Read more...] about Unpatched High-Severity Vulnerability Affects Apple macOS Computers

Europol Busts Major Crime Ring, Arrests Over 100 Online Fraudsters

Sep 20, 2021 by iHash Leave a Comment

Law enforcement agencies in Italy and Spain have dismantled an organized crime group linked to the Italian Mafia that was involved in online fraud, money laundering, drug trafficking, and property crime, netting the gang about €10 million ($11.7 million) in illegal proceeds in just a year. "The suspects defrauded hundreds of victims through phishing attacks and other types of … [Read more...] about Europol Busts Major Crime Ring, Arrests Over 100 Online Fraudsters

Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack

Sep 19, 2021 by iHash Leave a Comment

Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant … [Read more...] about Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack

Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs

Sep 17, 2021 by iHash Leave a Comment

Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The list of flaws, collectively called OMIGOD by researchers from Wiz, affect a little-known software agent called Open Management … [Read more...] about Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs

New Malware Targets Windows Subsystem for Linux to Evade Detection

Sep 17, 2021 by iHash Leave a Comment

A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. The "distinct tradecraft" marks the first instance where a threat actor has been found abusing WSL to install … [Read more...] about New Malware Targets Windows Subsystem for Linux to Evade Detection

Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects

Sep 16, 2021 by iHash Leave a Comment

Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. The issue — tracked as CVE-2021-41077 — concerns unauthorized access and plunder of secret environment data associated with a public open-source … [Read more...] about Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects

Download the Essential Guide to Response Automation

Sep 15, 2021 by iHash Leave a Comment

In the classic children's movie 'The Princess Bride,' one of the characters utters the phrase, "You keep using that word. I do not think it means what you think it means." It's freely used as a response to someone's misuse or misunderstanding of a word or phrase. "Response Automation" is another one of those phrases that have different meanings to different people. It's … [Read more...] about Download the Essential Guide to Response Automation