Sign up to save your podcasts
Or
Share Massive Messenger Mess, Fujitsu Flaws, Aoqin Dragon Rears, and more.
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Massive Messenger Mess, Fujitsu Flaws, Aoqin Dragon Rears, and more.
A daily look at the relevant information security news from overnight - 10 June, 2022
Episode 242 - 10 June 2022
Massive Messenger Mess- https://www.bleepingcomputer.com/news/security/massive-facebook-messenger-phishing-operation-generates-millions/
Fujitsu Flaws -
https://portswigger.net/daily-swig/separate-fujitsu-cloud-storage-vulnerabilities-could-enable-attackers-to-destroy-virtual-backups
Palermo popped- https://www.bleepingcomputer.com/news/security/vice-society-ransomware-claims-attack-on-italian-city-of-palermo/
HID Switched Can’t Hide -
https://www.securityweek.com/vulnerabilities-hid-mercury-access-controllers-allow-hackers-unlock-doors
Aoqin Dragon Rears -
https://www.bleepingcomputer.com/news/security/chinese-hacking-group-aoqin-dragon-quietly-spied-orgs-for-a-decade/
Hi, I’m Paul Torgersen. It’s Friday June 10th, 2022, and once again from Chicago, this is a look at the information security news from overnight.
From BleepingComputer.com
A massive phishing operation is abusing Facebook and Messenger to lure millions of users and tricking them into entering their account credentials and seeing advertisements. The campaign operators then use these stolen accounts to send further phishing messages to their friends, generating a significant revenue via online advertising commissions. The activity peaked in April and May of this year, but has been going on since at least September of last year.
From PortSwigger.net:
Two flaws in the web interface of a Fujitsu cloud storage system could allow remote code execution, and ultimately be exploited to read, write, and destroy backed up files. The vulnerabilities impact the enterprise-grade Fujitsu Eternus CS8000 Control Center version 8.1. Details in the article.
From BleepingComputer.com:
The city of Palermo, Italy, has taken all systems offline in response to a ransomware attack, impacting 1.3 million residents and tens of thousands of tourists visiting the city. The Vice Society ransomware group has claimed responsibility for the attack via an entry on their dark web data leak site.
From SecurityWeek.com:
Access control products using HID Mercury controllers are affected by critical vulnerabilities that can be exploited to remotely unlock doors. The issues were found in products from LenelS2, a subsidiary of Carrier, but HID Global said that all OEM partners that use these hardware controllers are affected. A total of eight vulnerabilities were found, seven of which were rated high or critical severity. Either upgrade to the latest firmware, or make sure those babies are behind a firewall.
And last today, from BleepingComputer.com
A previously unknown Chinese-speaking threat actor has been discovered and named Aoqin Dragon. Researchers were able to link it to malicious activity going as far back as 2013. This hacking group is focused on cyber-espionage, targeting government, education, and telecommunication organizations based in Singapore, Hong Kong, Vietnam, Cambodia, and Australia. Details, including a link to the research, in the article.
That’s all for me this week....
Episode 242 - 10 June 2022
Massive Messenger Mess- https://www.bleepingcomputer.com/news/security/massive-facebook-messenger-phishing-operation-generates-millions/
Fujitsu Flaws -
https://portswigger.net/daily-swig/separate-fujitsu-cloud-storage-vulnerabilities-could-enable-attackers-to-destroy-virtual-backups
Palermo popped- https://www.bleepingcomputer.com/news/security/vice-society-ransomware-claims-attack-on-italian-city-of-palermo/
HID Switched Can’t Hide -
https://www.securityweek.com/vulnerabilities-hid-mercury-access-controllers-allow-hackers-unlock-doors
Aoqin Dragon Rears -
https://www.bleepingcomputer.com/news/security/chinese-hacking-group-aoqin-dragon-quietly-spied-orgs-for-a-decade/
Hi, I’m Paul Torgersen. It’s Friday June 10th, 2022, and once again from Chicago, this is a look at the information security news from overnight.
From BleepingComputer.com
A massive phishing operation is abusing Facebook and Messenger to lure millions of users and tricking them into entering their account credentials and seeing advertisements. The campaign operators then use these stolen accounts to send further phishing messages to their friends, generating a significant revenue via online advertising commissions. The activity peaked in April and May of this year, but has been going on since at least September of last year.
From PortSwigger.net:
Two flaws in the web interface of a Fujitsu cloud storage system could allow remote code execution, and ultimately be exploited to read, write, and destroy backed up files. The vulnerabilities impact the enterprise-grade Fujitsu Eternus CS8000 Control Center version 8.1. Details in the article.
From BleepingComputer.com:
The city of Palermo, Italy, has taken all systems offline in response to a ransomware attack, impacting 1.3 million residents and tens of thousands of tourists visiting the city. The Vice Society ransomware group has claimed responsibility for the attack via an entry on their dark web data leak site.
From SecurityWeek.com:
Access control products using HID Mercury controllers are affected by critical vulnerabilities that can be exploited to remotely unlock doors. The issues were found in products from LenelS2, a subsidiary of Carrier, but HID Global said that all OEM partners that use these hardware controllers are affected. A total of eight vulnerabilities were found, seven of which were rated high or critical severity. Either upgrade to the latest firmware, or make sure those babies are behind a firewall.
And last today, from BleepingComputer.com
A previously unknown Chinese-speaking threat actor has been discovered and named Aoqin Dragon. Researchers were able to link it to malicious activity going as far back as 2013. This hacking group is focused on cyber-espionage, targeting government, education, and telecommunication organizations based in Singapore, Hong Kong, Vietnam, Cambodia, and Australia. Details, including a link to the research, in the article.
That’s all for me this week....
View all episodes
By Paul TorgersenA daily look at the relevant information security news from overnight - 10 June, 2022
Episode 242 - 10 June 2022
Massive Messenger Mess- https://www.bleepingcomputer.com/news/security/massive-facebook-messenger-phishing-operation-generates-millions/
Fujitsu Flaws -
https://portswigger.net/daily-swig/separate-fujitsu-cloud-storage-vulnerabilities-could-enable-attackers-to-destroy-virtual-backups
Palermo popped- https://www.bleepingcomputer.com/news/security/vice-society-ransomware-claims-attack-on-italian-city-of-palermo/
HID Switched Can’t Hide -
https://www.securityweek.com/vulnerabilities-hid-mercury-access-controllers-allow-hackers-unlock-doors
Aoqin Dragon Rears -
https://www.bleepingcomputer.com/news/security/chinese-hacking-group-aoqin-dragon-quietly-spied-orgs-for-a-decade/
Hi, I’m Paul Torgersen. It’s Friday June 10th, 2022, and once again from Chicago, this is a look at the information security news from overnight.
From BleepingComputer.com
A massive phishing operation is abusing Facebook and Messenger to lure millions of users and tricking them into entering their account credentials and seeing advertisements. The campaign operators then use these stolen accounts to send further phishing messages to their friends, generating a significant revenue via online advertising commissions. The activity peaked in April and May of this year, but has been going on since at least September of last year.
From PortSwigger.net:
Two flaws in the web interface of a Fujitsu cloud storage system could allow remote code execution, and ultimately be exploited to read, write, and destroy backed up files. The vulnerabilities impact the enterprise-grade Fujitsu Eternus CS8000 Control Center version 8.1. Details in the article.
From BleepingComputer.com:
The city of Palermo, Italy, has taken all systems offline in response to a ransomware attack, impacting 1.3 million residents and tens of thousands of tourists visiting the city. The Vice Society ransomware group has claimed responsibility for the attack via an entry on their dark web data leak site.
From SecurityWeek.com:
Access control products using HID Mercury controllers are affected by critical vulnerabilities that can be exploited to remotely unlock doors. The issues were found in products from LenelS2, a subsidiary of Carrier, but HID Global said that all OEM partners that use these hardware controllers are affected. A total of eight vulnerabilities were found, seven of which were rated high or critical severity. Either upgrade to the latest firmware, or make sure those babies are behind a firewall.
And last today, from BleepingComputer.com
A previously unknown Chinese-speaking threat actor has been discovered and named Aoqin Dragon. Researchers were able to link it to malicious activity going as far back as 2013. This hacking group is focused on cyber-espionage, targeting government, education, and telecommunication organizations based in Singapore, Hong Kong, Vietnam, Cambodia, and Australia. Details, including a link to the research, in the article.
That’s all for me this week....
Episode 242 - 10 June 2022
Massive Messenger Mess- https://www.bleepingcomputer.com/news/security/massive-facebook-messenger-phishing-operation-generates-millions/
Fujitsu Flaws -
https://portswigger.net/daily-swig/separate-fujitsu-cloud-storage-vulnerabilities-could-enable-attackers-to-destroy-virtual-backups
Palermo popped- https://www.bleepingcomputer.com/news/security/vice-society-ransomware-claims-attack-on-italian-city-of-palermo/
HID Switched Can’t Hide -
https://www.securityweek.com/vulnerabilities-hid-mercury-access-controllers-allow-hackers-unlock-doors
Aoqin Dragon Rears -
https://www.bleepingcomputer.com/news/security/chinese-hacking-group-aoqin-dragon-quietly-spied-orgs-for-a-decade/
Hi, I’m Paul Torgersen. It’s Friday June 10th, 2022, and once again from Chicago, this is a look at the information security news from overnight.
From BleepingComputer.com
A massive phishing operation is abusing Facebook and Messenger to lure millions of users and tricking them into entering their account credentials and seeing advertisements. The campaign operators then use these stolen accounts to send further phishing messages to their friends, generating a significant revenue via online advertising commissions. The activity peaked in April and May of this year, but has been going on since at least September of last year.
From PortSwigger.net:
Two flaws in the web interface of a Fujitsu cloud storage system could allow remote code execution, and ultimately be exploited to read, write, and destroy backed up files. The vulnerabilities impact the enterprise-grade Fujitsu Eternus CS8000 Control Center version 8.1. Details in the article.
From BleepingComputer.com:
The city of Palermo, Italy, has taken all systems offline in response to a ransomware attack, impacting 1.3 million residents and tens of thousands of tourists visiting the city. The Vice Society ransomware group has claimed responsibility for the attack via an entry on their dark web data leak site.
From SecurityWeek.com:
Access control products using HID Mercury controllers are affected by critical vulnerabilities that can be exploited to remotely unlock doors. The issues were found in products from LenelS2, a subsidiary of Carrier, but HID Global said that all OEM partners that use these hardware controllers are affected. A total of eight vulnerabilities were found, seven of which were rated high or critical severity. Either upgrade to the latest firmware, or make sure those babies are behind a firewall.
And last today, from BleepingComputer.com
A previously unknown Chinese-speaking threat actor has been discovered and named Aoqin Dragon. Researchers were able to link it to malicious activity going as far back as 2013. This hacking group is focused on cyber-espionage, targeting government, education, and telecommunication organizations based in Singapore, Hong Kong, Vietnam, Cambodia, and Australia. Details, including a link to the research, in the article.
That’s all for me this week....