Sign up to save your podcasts
Or
Share Entrust Breached, UEFI Rootkit, Racoon Get Buff, and more.
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Entrust Breached, UEFI Rootkit, Racoon Get Buff, and more.
A daily look at the relevant information security news from overnight - 25 July, 2022
Episode 272 - 25 July 2022
Entrust Breached- https://www.bleepingcomputer.com/news/security/digital-security-giant-entrust-breached-by-ransomware-gang/
UEFI Rootkit -
https://thehackernews.com/2022/07/experts-uncover-new-cosmicstrand-uefi.html
Urgent SonicWall Patch -
https://www.securityweek.com/sonicwall-warns-critical-gms-sql-injection-vulnerability
Cisco Nexus Patches Three- https://portswigger.net/daily-swig/cisco-patches-dangerous-bug-trio-in-nexus-dashboard
Racoon Gets Buff -
https://thehackernews.com/2022/07/racoon-stealer-is-back-how-to-protect.html
Hi, I’m Paul Torgersen. It’s Monday July 25th, 2022, this is a look at the information security news from overnight.
From BleepingComputer.com:
Identity and access management company Entrust has confirmed that it was the victim of a cyberattack. Threat actors were able to breach their network and steal data from internal systems. The company says they have found no indication that the breach has impacted their operation or their products and services. No word on malware strain or threat actor involved. More to come I’m sure.
From TheHackerNews.com:
An unknown Chinese-speaking threat actor has been attributed with a new kind of UEFI firmware rootkit called CosmicStrand. The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and are related to designs using the H81 chipset. Victims identified so far are just individuals in China, Vietnam, Iran and Russia, with no discernable ties to business or government agencies. A link to the Kaspersky research in the article.
From SecurityWeek.com:
SonicWall has issued urgent patches for a critical flaw in its Global Management System software, warning that the issue exposes businesses to remote attacks. The 9.4 severity flaw provides a pathway for a remote attacker to execute arbitrary SQL queries in the database. The vulnerability exists due to insufficient sanitization of user-supplied data.
From PortSwigger.net:
Serious vulnerabilities in Cisco Nexus Dashboard give attackers a viable path to executing arbitrary commands as root, uploading container image files, or performing cross-site request forgery attacks. Cisco has issued patches for the three bugs, one of them carrying a 9.8 severity rating. The company said it was not aware of any of these bugs being exploited in-the-wild. Get your patch on kids.
And last, from TheHackerNews.com:
The new and vastly improved version of Raccoon Stealer has hit the scene. Not only can it steal browser passwords, cookies, and auto-fill data, it can now also steal credit card numbers, cryptocurrency and crypto wallets, harvest file data, drop files onto the system, list apps installed on the machine, and take screenshots. Fortunately, just like with the real world rodents, basic precautions should keep the varmint at bay: beware of spoofed messages and don’t click any links you didn’t know were specifically coming.
That’s all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
Episode 272 - 25 July 2022
Entrust Breached- https://www.bleepingcomputer.com/news/security/digital-security-giant-entrust-breached-by-ransomware-gang/
UEFI Rootkit -
https://thehackernews.com/2022/07/experts-uncover-new-cosmicstrand-uefi.html
Urgent SonicWall Patch -
https://www.securityweek.com/sonicwall-warns-critical-gms-sql-injection-vulnerability
Cisco Nexus Patches Three- https://portswigger.net/daily-swig/cisco-patches-dangerous-bug-trio-in-nexus-dashboard
Racoon Gets Buff -
https://thehackernews.com/2022/07/racoon-stealer-is-back-how-to-protect.html
Hi, I’m Paul Torgersen. It’s Monday July 25th, 2022, this is a look at the information security news from overnight.
From BleepingComputer.com:
Identity and access management company Entrust has confirmed that it was the victim of a cyberattack. Threat actors were able to breach their network and steal data from internal systems. The company says they have found no indication that the breach has impacted their operation or their products and services. No word on malware strain or threat actor involved. More to come I’m sure.
From TheHackerNews.com:
An unknown Chinese-speaking threat actor has been attributed with a new kind of UEFI firmware rootkit called CosmicStrand. The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and are related to designs using the H81 chipset. Victims identified so far are just individuals in China, Vietnam, Iran and Russia, with no discernable ties to business or government agencies. A link to the Kaspersky research in the article.
From SecurityWeek.com:
SonicWall has issued urgent patches for a critical flaw in its Global Management System software, warning that the issue exposes businesses to remote attacks. The 9.4 severity flaw provides a pathway for a remote attacker to execute arbitrary SQL queries in the database. The vulnerability exists due to insufficient sanitization of user-supplied data.
From PortSwigger.net:
Serious vulnerabilities in Cisco Nexus Dashboard give attackers a viable path to executing arbitrary commands as root, uploading container image files, or performing cross-site request forgery attacks. Cisco has issued patches for the three bugs, one of them carrying a 9.8 severity rating. The company said it was not aware of any of these bugs being exploited in-the-wild. Get your patch on kids.
And last, from TheHackerNews.com:
The new and vastly improved version of Raccoon Stealer has hit the scene. Not only can it steal browser passwords, cookies, and auto-fill data, it can now also steal credit card numbers, cryptocurrency and crypto wallets, harvest file data, drop files onto the system, list apps installed on the machine, and take screenshots. Fortunately, just like with the real world rodents, basic precautions should keep the varmint at bay: beware of spoofed messages and don’t click any links you didn’t know were specifically coming.
That’s all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
View all episodes
By Paul TorgersenA daily look at the relevant information security news from overnight - 25 July, 2022
Episode 272 - 25 July 2022
Entrust Breached- https://www.bleepingcomputer.com/news/security/digital-security-giant-entrust-breached-by-ransomware-gang/
UEFI Rootkit -
https://thehackernews.com/2022/07/experts-uncover-new-cosmicstrand-uefi.html
Urgent SonicWall Patch -
https://www.securityweek.com/sonicwall-warns-critical-gms-sql-injection-vulnerability
Cisco Nexus Patches Three- https://portswigger.net/daily-swig/cisco-patches-dangerous-bug-trio-in-nexus-dashboard
Racoon Gets Buff -
https://thehackernews.com/2022/07/racoon-stealer-is-back-how-to-protect.html
Hi, I’m Paul Torgersen. It’s Monday July 25th, 2022, this is a look at the information security news from overnight.
From BleepingComputer.com:
Identity and access management company Entrust has confirmed that it was the victim of a cyberattack. Threat actors were able to breach their network and steal data from internal systems. The company says they have found no indication that the breach has impacted their operation or their products and services. No word on malware strain or threat actor involved. More to come I’m sure.
From TheHackerNews.com:
An unknown Chinese-speaking threat actor has been attributed with a new kind of UEFI firmware rootkit called CosmicStrand. The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and are related to designs using the H81 chipset. Victims identified so far are just individuals in China, Vietnam, Iran and Russia, with no discernable ties to business or government agencies. A link to the Kaspersky research in the article.
From SecurityWeek.com:
SonicWall has issued urgent patches for a critical flaw in its Global Management System software, warning that the issue exposes businesses to remote attacks. The 9.4 severity flaw provides a pathway for a remote attacker to execute arbitrary SQL queries in the database. The vulnerability exists due to insufficient sanitization of user-supplied data.
From PortSwigger.net:
Serious vulnerabilities in Cisco Nexus Dashboard give attackers a viable path to executing arbitrary commands as root, uploading container image files, or performing cross-site request forgery attacks. Cisco has issued patches for the three bugs, one of them carrying a 9.8 severity rating. The company said it was not aware of any of these bugs being exploited in-the-wild. Get your patch on kids.
And last, from TheHackerNews.com:
The new and vastly improved version of Raccoon Stealer has hit the scene. Not only can it steal browser passwords, cookies, and auto-fill data, it can now also steal credit card numbers, cryptocurrency and crypto wallets, harvest file data, drop files onto the system, list apps installed on the machine, and take screenshots. Fortunately, just like with the real world rodents, basic precautions should keep the varmint at bay: beware of spoofed messages and don’t click any links you didn’t know were specifically coming.
That’s all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
Episode 272 - 25 July 2022
Entrust Breached- https://www.bleepingcomputer.com/news/security/digital-security-giant-entrust-breached-by-ransomware-gang/
UEFI Rootkit -
https://thehackernews.com/2022/07/experts-uncover-new-cosmicstrand-uefi.html
Urgent SonicWall Patch -
https://www.securityweek.com/sonicwall-warns-critical-gms-sql-injection-vulnerability
Cisco Nexus Patches Three- https://portswigger.net/daily-swig/cisco-patches-dangerous-bug-trio-in-nexus-dashboard
Racoon Gets Buff -
https://thehackernews.com/2022/07/racoon-stealer-is-back-how-to-protect.html
Hi, I’m Paul Torgersen. It’s Monday July 25th, 2022, this is a look at the information security news from overnight.
From BleepingComputer.com:
Identity and access management company Entrust has confirmed that it was the victim of a cyberattack. Threat actors were able to breach their network and steal data from internal systems. The company says they have found no indication that the breach has impacted their operation or their products and services. No word on malware strain or threat actor involved. More to come I’m sure.
From TheHackerNews.com:
An unknown Chinese-speaking threat actor has been attributed with a new kind of UEFI firmware rootkit called CosmicStrand. The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and are related to designs using the H81 chipset. Victims identified so far are just individuals in China, Vietnam, Iran and Russia, with no discernable ties to business or government agencies. A link to the Kaspersky research in the article.
From SecurityWeek.com:
SonicWall has issued urgent patches for a critical flaw in its Global Management System software, warning that the issue exposes businesses to remote attacks. The 9.4 severity flaw provides a pathway for a remote attacker to execute arbitrary SQL queries in the database. The vulnerability exists due to insufficient sanitization of user-supplied data.
From PortSwigger.net:
Serious vulnerabilities in Cisco Nexus Dashboard give attackers a viable path to executing arbitrary commands as root, uploading container image files, or performing cross-site request forgery attacks. Cisco has issued patches for the three bugs, one of them carrying a 9.8 severity rating. The company said it was not aware of any of these bugs being exploited in-the-wild. Get your patch on kids.
And last, from TheHackerNews.com:
The new and vastly improved version of Raccoon Stealer has hit the scene. Not only can it steal browser passwords, cookies, and auto-fill data, it can now also steal credit card numbers, cryptocurrency and crypto wallets, harvest file data, drop files onto the system, list apps installed on the machine, and take screenshots. Fortunately, just like with the real world rodents, basic precautions should keep the varmint at bay: beware of spoofed messages and don’t click any links you didn’t know were specifically coming.
That’s all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.