Sign up to save your podcasts
Or
Share Elastix VoIP Attack, Botnet Targeting ICS, Blitz.JS Polluted, and more.
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Elastix VoIP Attack, Botnet Targeting ICS, Blitz.JS Polluted, and more.
A daily look at the relevant information security news from overnight - 18 July, 2022
Episode 267 - 18 July 2022
Elastix VoIP Attack- https://www.bleepingcomputer.com/news/security/elastix-voip-systems-hacked-in-massive-campaign-to-install-php-web-shells/
Botnet Targeting ICS -
https://thehackernews.com/2022/07/hackers-distributing-password-cracking.html
Play Store Purge -
https://threatpost.com/google-boots-malware-marketplace/180241/
Juniper Patches- https://www.securityweek.com/juniper-networks-patches-over-200-third-party-component-vulnerabilities
Blitz.JS Polluted -
https://portswigger.net/daily-swig/prototype-pollution-in-blitz-js-leads-to-remote-code-execution
Hi, I’m Paul Torgersen. It’s Monday July 18th, 2022, and from Port Angeles, this is a look at the information security news from overnight.
From BleepingComputer.com:
Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of about three months. The attackers are likely exploiting CVE-2021-45461, a remote code execution vulnerability with a 9.8 severity. The goal is to plant a PHP web shell that could run arbitrary commands on the compromised communications server. Details in the article.
From TheHackerNews.com:
Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers and co-opt the machines to a botnet. Attackers are exploiting a vulnerability in the firmware which allows it to retrieve the password on command. They then drop the Sality malware and turn the host into a peer in Sality's peer-to-peer botnet. More details inside.
From ThreatPost.com:
Google has removed eight apps from its Play store that were propagating a new variant of the Joker spyware. Unfortunately those apps had already accounted for a total of over 3 million downloads. Those apps are: Vlog Star Video Editor, Creative 3D Launcher, Wow Beauty Camera, Gif Emoji Keyboard, (yes I said gif not jif) Freeglow Camera, Coco Camera, Funny Camera, and Razer Keyboard & Theme.
From SecurityWeek.com:
Juniper Networks has published 21 security advisories to inform customers about patches for more than 200 vulnerabilities. Six of those advisories impact their own products, including Junos OS, Junos Space, Contrail Networking, and Northstar Controller products. The rest were vulnerabilities affecting third-party components such as Nginx, OpenSSL, Samba, Java SE, SQLite and Linux. Details in the article.
And last today, from PortSwigger.net:
Blitz.js, a JavaScript web application framework, has patched a dangerous prototype pollution vulnerability that could lead to remote code execution on Node.js servers. The bug allows attackers to manipulate the code in the Blitz.js app to create a reverse shell and run arbitrary commands on the server. You can find all the dirty details in the article.
That’s all for me. Have a great rest of your day. Like and subscribe, and until next time, be safe out there.
Episode 267 - 18 July 2022
Elastix VoIP Attack- https://www.bleepingcomputer.com/news/security/elastix-voip-systems-hacked-in-massive-campaign-to-install-php-web-shells/
Botnet Targeting ICS -
https://thehackernews.com/2022/07/hackers-distributing-password-cracking.html
Play Store Purge -
https://threatpost.com/google-boots-malware-marketplace/180241/
Juniper Patches- https://www.securityweek.com/juniper-networks-patches-over-200-third-party-component-vulnerabilities
Blitz.JS Polluted -
https://portswigger.net/daily-swig/prototype-pollution-in-blitz-js-leads-to-remote-code-execution
Hi, I’m Paul Torgersen. It’s Monday July 18th, 2022, and from Port Angeles, this is a look at the information security news from overnight.
From BleepingComputer.com:
Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of about three months. The attackers are likely exploiting CVE-2021-45461, a remote code execution vulnerability with a 9.8 severity. The goal is to plant a PHP web shell that could run arbitrary commands on the compromised communications server. Details in the article.
From TheHackerNews.com:
Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers and co-opt the machines to a botnet. Attackers are exploiting a vulnerability in the firmware which allows it to retrieve the password on command. They then drop the Sality malware and turn the host into a peer in Sality's peer-to-peer botnet. More details inside.
From ThreatPost.com:
Google has removed eight apps from its Play store that were propagating a new variant of the Joker spyware. Unfortunately those apps had already accounted for a total of over 3 million downloads. Those apps are: Vlog Star Video Editor, Creative 3D Launcher, Wow Beauty Camera, Gif Emoji Keyboard, (yes I said gif not jif) Freeglow Camera, Coco Camera, Funny Camera, and Razer Keyboard & Theme.
From SecurityWeek.com:
Juniper Networks has published 21 security advisories to inform customers about patches for more than 200 vulnerabilities. Six of those advisories impact their own products, including Junos OS, Junos Space, Contrail Networking, and Northstar Controller products. The rest were vulnerabilities affecting third-party components such as Nginx, OpenSSL, Samba, Java SE, SQLite and Linux. Details in the article.
And last today, from PortSwigger.net:
Blitz.js, a JavaScript web application framework, has patched a dangerous prototype pollution vulnerability that could lead to remote code execution on Node.js servers. The bug allows attackers to manipulate the code in the Blitz.js app to create a reverse shell and run arbitrary commands on the server. You can find all the dirty details in the article.
That’s all for me. Have a great rest of your day. Like and subscribe, and until next time, be safe out there.
View all episodes
By Paul TorgersenA daily look at the relevant information security news from overnight - 18 July, 2022
Episode 267 - 18 July 2022
Elastix VoIP Attack- https://www.bleepingcomputer.com/news/security/elastix-voip-systems-hacked-in-massive-campaign-to-install-php-web-shells/
Botnet Targeting ICS -
https://thehackernews.com/2022/07/hackers-distributing-password-cracking.html
Play Store Purge -
https://threatpost.com/google-boots-malware-marketplace/180241/
Juniper Patches- https://www.securityweek.com/juniper-networks-patches-over-200-third-party-component-vulnerabilities
Blitz.JS Polluted -
https://portswigger.net/daily-swig/prototype-pollution-in-blitz-js-leads-to-remote-code-execution
Hi, I’m Paul Torgersen. It’s Monday July 18th, 2022, and from Port Angeles, this is a look at the information security news from overnight.
From BleepingComputer.com:
Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of about three months. The attackers are likely exploiting CVE-2021-45461, a remote code execution vulnerability with a 9.8 severity. The goal is to plant a PHP web shell that could run arbitrary commands on the compromised communications server. Details in the article.
From TheHackerNews.com:
Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers and co-opt the machines to a botnet. Attackers are exploiting a vulnerability in the firmware which allows it to retrieve the password on command. They then drop the Sality malware and turn the host into a peer in Sality's peer-to-peer botnet. More details inside.
From ThreatPost.com:
Google has removed eight apps from its Play store that were propagating a new variant of the Joker spyware. Unfortunately those apps had already accounted for a total of over 3 million downloads. Those apps are: Vlog Star Video Editor, Creative 3D Launcher, Wow Beauty Camera, Gif Emoji Keyboard, (yes I said gif not jif) Freeglow Camera, Coco Camera, Funny Camera, and Razer Keyboard & Theme.
From SecurityWeek.com:
Juniper Networks has published 21 security advisories to inform customers about patches for more than 200 vulnerabilities. Six of those advisories impact their own products, including Junos OS, Junos Space, Contrail Networking, and Northstar Controller products. The rest were vulnerabilities affecting third-party components such as Nginx, OpenSSL, Samba, Java SE, SQLite and Linux. Details in the article.
And last today, from PortSwigger.net:
Blitz.js, a JavaScript web application framework, has patched a dangerous prototype pollution vulnerability that could lead to remote code execution on Node.js servers. The bug allows attackers to manipulate the code in the Blitz.js app to create a reverse shell and run arbitrary commands on the server. You can find all the dirty details in the article.
That’s all for me. Have a great rest of your day. Like and subscribe, and until next time, be safe out there.
Episode 267 - 18 July 2022
Elastix VoIP Attack- https://www.bleepingcomputer.com/news/security/elastix-voip-systems-hacked-in-massive-campaign-to-install-php-web-shells/
Botnet Targeting ICS -
https://thehackernews.com/2022/07/hackers-distributing-password-cracking.html
Play Store Purge -
https://threatpost.com/google-boots-malware-marketplace/180241/
Juniper Patches- https://www.securityweek.com/juniper-networks-patches-over-200-third-party-component-vulnerabilities
Blitz.JS Polluted -
https://portswigger.net/daily-swig/prototype-pollution-in-blitz-js-leads-to-remote-code-execution
Hi, I’m Paul Torgersen. It’s Monday July 18th, 2022, and from Port Angeles, this is a look at the information security news from overnight.
From BleepingComputer.com:
Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of about three months. The attackers are likely exploiting CVE-2021-45461, a remote code execution vulnerability with a 9.8 severity. The goal is to plant a PHP web shell that could run arbitrary commands on the compromised communications server. Details in the article.
From TheHackerNews.com:
Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers and co-opt the machines to a botnet. Attackers are exploiting a vulnerability in the firmware which allows it to retrieve the password on command. They then drop the Sality malware and turn the host into a peer in Sality's peer-to-peer botnet. More details inside.
From ThreatPost.com:
Google has removed eight apps from its Play store that were propagating a new variant of the Joker spyware. Unfortunately those apps had already accounted for a total of over 3 million downloads. Those apps are: Vlog Star Video Editor, Creative 3D Launcher, Wow Beauty Camera, Gif Emoji Keyboard, (yes I said gif not jif) Freeglow Camera, Coco Camera, Funny Camera, and Razer Keyboard & Theme.
From SecurityWeek.com:
Juniper Networks has published 21 security advisories to inform customers about patches for more than 200 vulnerabilities. Six of those advisories impact their own products, including Junos OS, Junos Space, Contrail Networking, and Northstar Controller products. The rest were vulnerabilities affecting third-party components such as Nginx, OpenSSL, Samba, Java SE, SQLite and Linux. Details in the article.
And last today, from PortSwigger.net:
Blitz.js, a JavaScript web application framework, has patched a dangerous prototype pollution vulnerability that could lead to remote code execution on Node.js servers. The bug allows attackers to manipulate the code in the Blitz.js app to create a reverse shell and run arbitrary commands on the server. You can find all the dirty details in the article.
That’s all for me. Have a great rest of your day. Like and subscribe, and until next time, be safe out there.