Sign up to save your podcasts
Or
Share Log4J exploit, SQL brute, Vidor delivery, and more.
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Log4J exploit, SQL brute, Vidor delivery, and more.
A daily look at the relevant information security news from overnight.
Episode 239 - 20 May 2022
Log4J exploit - https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-vmware-servers-with-log4shell-exploits/
SQL brute -
https://www.securityweek.com/new-brute-force-attacks-against-sql-servers-use-powershell-wrapper
Phishing with Chat - https://www.bleepingcomputer.com/news/security/phishing-websites-now-use-chatbots-to-steal-your-credentials/
Jupiter flawed - https://threatpost.com/vulnerability-wordpress-themes-site-takeover/179672/
Flux flaw -
https://portswigger.net/daily-swig/rogue-cloud-users-could-sabotage-fellow-off-prem-tenants-via-critical-flux-flaw
Vidar delivery- https://www.zdnet.com/article/fake-domains-offer-windows-11-installers-but-deliver-malware-instead/
Hi, I’m Paul Torgersen. It’s Friday May 20th, 2022, and after a couple days under the weather, this is a look at the information security news from overnight.
From BleepingComputer.com:
The North Korean hacking group Lazarus is exploiting the Log4J remote code execution vulnerability on VMware Horizon servers. They use the weakness to execute a PowerShell command and ultimately install the NukeSped backdoor. Details in the article.
From SecurityWeek.com:
Microsoft has warned organizations of a new wave of brute force cyberattacks that target SQL servers and use a living-off-the-land binary. Specifically, the attackers rely on a legitimate utility called sqlps.exe to achieve fileless persistence on SQL servers that use weak or default passwords.
From BleepingComputer.com:
Phishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to the threat actors. How nice of them. Actually, the presence of a chatbot lends a sense of legitimacy to the malicious sites. See the full Trustwave report in the article.
From ThreatPost.com:
A critical privilege escalation flaw found in two WordPress site themes, can allow the threat actors to take over the sites completely. The Jupiter and JupiterX Core Plugin affect more than 90,000 sites. The vulnerability affects Jupiter Theme 6.10.1 or earlier, and JupiterX Core Plugin 2.0.7 or earlier. Updated versions have patched the flaws.
From PortSwigger.net:
A critical vulnerability in Flux2, the continuous delivery tool for Kubernetes, can enable rogue tenants in multi-tenancy deployments to sabotage their neighbors that are using the same off-premise infrastructure. The remote code execution flaw arises through improper validation of kubeconfig files, which “can define commands to be executed to generate on-demand authentication tokens”. In a single tenant deployment, this flaw is only a 6.8 severity. In multi tenant deployments, that rating jumps to a 9.9
And last this week, from ZDNet.com
Newly registered domains that just appeared in April, mimic a legitimate Microsoft Windows 11 OS download portal. Unfortunately, what you actually get is a nasty little information stealer...
Episode 239 - 20 May 2022
Log4J exploit - https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-vmware-servers-with-log4shell-exploits/
SQL brute -
https://www.securityweek.com/new-brute-force-attacks-against-sql-servers-use-powershell-wrapper
Phishing with Chat - https://www.bleepingcomputer.com/news/security/phishing-websites-now-use-chatbots-to-steal-your-credentials/
Jupiter flawed - https://threatpost.com/vulnerability-wordpress-themes-site-takeover/179672/
Flux flaw -
https://portswigger.net/daily-swig/rogue-cloud-users-could-sabotage-fellow-off-prem-tenants-via-critical-flux-flaw
Vidar delivery- https://www.zdnet.com/article/fake-domains-offer-windows-11-installers-but-deliver-malware-instead/
Hi, I’m Paul Torgersen. It’s Friday May 20th, 2022, and after a couple days under the weather, this is a look at the information security news from overnight.
From BleepingComputer.com:
The North Korean hacking group Lazarus is exploiting the Log4J remote code execution vulnerability on VMware Horizon servers. They use the weakness to execute a PowerShell command and ultimately install the NukeSped backdoor. Details in the article.
From SecurityWeek.com:
Microsoft has warned organizations of a new wave of brute force cyberattacks that target SQL servers and use a living-off-the-land binary. Specifically, the attackers rely on a legitimate utility called sqlps.exe to achieve fileless persistence on SQL servers that use weak or default passwords.
From BleepingComputer.com:
Phishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to the threat actors. How nice of them. Actually, the presence of a chatbot lends a sense of legitimacy to the malicious sites. See the full Trustwave report in the article.
From ThreatPost.com:
A critical privilege escalation flaw found in two WordPress site themes, can allow the threat actors to take over the sites completely. The Jupiter and JupiterX Core Plugin affect more than 90,000 sites. The vulnerability affects Jupiter Theme 6.10.1 or earlier, and JupiterX Core Plugin 2.0.7 or earlier. Updated versions have patched the flaws.
From PortSwigger.net:
A critical vulnerability in Flux2, the continuous delivery tool for Kubernetes, can enable rogue tenants in multi-tenancy deployments to sabotage their neighbors that are using the same off-premise infrastructure. The remote code execution flaw arises through improper validation of kubeconfig files, which “can define commands to be executed to generate on-demand authentication tokens”. In a single tenant deployment, this flaw is only a 6.8 severity. In multi tenant deployments, that rating jumps to a 9.9
And last this week, from ZDNet.com
Newly registered domains that just appeared in April, mimic a legitimate Microsoft Windows 11 OS download portal. Unfortunately, what you actually get is a nasty little information stealer...
View all episodes
By Paul TorgersenA daily look at the relevant information security news from overnight.
Episode 239 - 20 May 2022
Log4J exploit - https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-vmware-servers-with-log4shell-exploits/
SQL brute -
https://www.securityweek.com/new-brute-force-attacks-against-sql-servers-use-powershell-wrapper
Phishing with Chat - https://www.bleepingcomputer.com/news/security/phishing-websites-now-use-chatbots-to-steal-your-credentials/
Jupiter flawed - https://threatpost.com/vulnerability-wordpress-themes-site-takeover/179672/
Flux flaw -
https://portswigger.net/daily-swig/rogue-cloud-users-could-sabotage-fellow-off-prem-tenants-via-critical-flux-flaw
Vidar delivery- https://www.zdnet.com/article/fake-domains-offer-windows-11-installers-but-deliver-malware-instead/
Hi, I’m Paul Torgersen. It’s Friday May 20th, 2022, and after a couple days under the weather, this is a look at the information security news from overnight.
From BleepingComputer.com:
The North Korean hacking group Lazarus is exploiting the Log4J remote code execution vulnerability on VMware Horizon servers. They use the weakness to execute a PowerShell command and ultimately install the NukeSped backdoor. Details in the article.
From SecurityWeek.com:
Microsoft has warned organizations of a new wave of brute force cyberattacks that target SQL servers and use a living-off-the-land binary. Specifically, the attackers rely on a legitimate utility called sqlps.exe to achieve fileless persistence on SQL servers that use weak or default passwords.
From BleepingComputer.com:
Phishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to the threat actors. How nice of them. Actually, the presence of a chatbot lends a sense of legitimacy to the malicious sites. See the full Trustwave report in the article.
From ThreatPost.com:
A critical privilege escalation flaw found in two WordPress site themes, can allow the threat actors to take over the sites completely. The Jupiter and JupiterX Core Plugin affect more than 90,000 sites. The vulnerability affects Jupiter Theme 6.10.1 or earlier, and JupiterX Core Plugin 2.0.7 or earlier. Updated versions have patched the flaws.
From PortSwigger.net:
A critical vulnerability in Flux2, the continuous delivery tool for Kubernetes, can enable rogue tenants in multi-tenancy deployments to sabotage their neighbors that are using the same off-premise infrastructure. The remote code execution flaw arises through improper validation of kubeconfig files, which “can define commands to be executed to generate on-demand authentication tokens”. In a single tenant deployment, this flaw is only a 6.8 severity. In multi tenant deployments, that rating jumps to a 9.9
And last this week, from ZDNet.com
Newly registered domains that just appeared in April, mimic a legitimate Microsoft Windows 11 OS download portal. Unfortunately, what you actually get is a nasty little information stealer...
Episode 239 - 20 May 2022
Log4J exploit - https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-vmware-servers-with-log4shell-exploits/
SQL brute -
https://www.securityweek.com/new-brute-force-attacks-against-sql-servers-use-powershell-wrapper
Phishing with Chat - https://www.bleepingcomputer.com/news/security/phishing-websites-now-use-chatbots-to-steal-your-credentials/
Jupiter flawed - https://threatpost.com/vulnerability-wordpress-themes-site-takeover/179672/
Flux flaw -
https://portswigger.net/daily-swig/rogue-cloud-users-could-sabotage-fellow-off-prem-tenants-via-critical-flux-flaw
Vidar delivery- https://www.zdnet.com/article/fake-domains-offer-windows-11-installers-but-deliver-malware-instead/
Hi, I’m Paul Torgersen. It’s Friday May 20th, 2022, and after a couple days under the weather, this is a look at the information security news from overnight.
From BleepingComputer.com:
The North Korean hacking group Lazarus is exploiting the Log4J remote code execution vulnerability on VMware Horizon servers. They use the weakness to execute a PowerShell command and ultimately install the NukeSped backdoor. Details in the article.
From SecurityWeek.com:
Microsoft has warned organizations of a new wave of brute force cyberattacks that target SQL servers and use a living-off-the-land binary. Specifically, the attackers rely on a legitimate utility called sqlps.exe to achieve fileless persistence on SQL servers that use weak or default passwords.
From BleepingComputer.com:
Phishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to the threat actors. How nice of them. Actually, the presence of a chatbot lends a sense of legitimacy to the malicious sites. See the full Trustwave report in the article.
From ThreatPost.com:
A critical privilege escalation flaw found in two WordPress site themes, can allow the threat actors to take over the sites completely. The Jupiter and JupiterX Core Plugin affect more than 90,000 sites. The vulnerability affects Jupiter Theme 6.10.1 or earlier, and JupiterX Core Plugin 2.0.7 or earlier. Updated versions have patched the flaws.
From PortSwigger.net:
A critical vulnerability in Flux2, the continuous delivery tool for Kubernetes, can enable rogue tenants in multi-tenancy deployments to sabotage their neighbors that are using the same off-premise infrastructure. The remote code execution flaw arises through improper validation of kubeconfig files, which “can define commands to be executed to generate on-demand authentication tokens”. In a single tenant deployment, this flaw is only a 6.8 severity. In multi tenant deployments, that rating jumps to a 9.9
And last this week, from ZDNet.com
Newly registered domains that just appeared in April, mimic a legitimate Microsoft Windows 11 OS download portal. Unfortunately, what you actually get is a nasty little information stealer...