Hacks

SAP(Systems Applications and Products) announced on Monday that they are to patch security issues with some of their cloud-based products. The bugs are identified as a part of the internal cybersecurity audit and the company already started working on it. SAP Security Issues SAP said that some of it is “cloud products do not meet one or several contractually agreed or statutory IT security standards” and they started to fix them. Following are the products affected; SAP Success Factors, SAP Concur, SAP/CallidusCloud Commissions, SAP/Callidus Cloud CPQ; as well as SAP C4C/Sales Cloud, SAP Cloud Platform, and SAP Analytics Cloud. SAAP confirms that the  vulnerabilities  are not identified as a part of a security incident and no customer data has been compromised. “To ensure that the affected products meet relevant terms and conditions and in addition to technical remediation, SAP has decided to update its security-related terms and conditions. These remain in l...

Due to coronavirus pandemic, many companies around the world asked employees to work from home, which increases the usage of video conferencing apps. Researchers from Trend Micro observed a  new campaign  that leverages several popular messaging apps including Zoom. WebMonitor RAT Campaign In the new campaign, attackers repackaged the legitimate zoom installer with WebMonitor RAT. The infection starts with downloading the malicious file ZoomIntsaller.exe from malicious sources. While running the malicious file it drops a copy of itself named Zoom.exe and to execute the Zoom.exe it opens the process notepad.exe. Once executed it connects with the remote C2 server and executes following commands. Add, delete, and change files and registry information Close connections Get software and hardware information Get webcam drivers/snapshot Record audio and log keystrokes Start, suspend, and terminate processes and services Start/stop screen stream Start/stop Wire...

The Cyberthreat uses COVID-19 themed malspam to distribute the  Trickbot  malware, says IBM Security Researchers. This time attacker utilizes FMLA ( Family and Medical Leave Act)  to lure the user over COVID-19 medical leaves with the attachment named “Family and Medical Leave of Act 22.04.doc” to distribute the malware. Spam mail disguised to come from the U.S. Department of Labor (DoL). Trickbot Campaigns TrickBot is a sophisticated banking Trojan operated by an organized cybercrime gang. Users infected with the TrickBot Trojan becomes part of a botnet that can allow attackers to gain complete control of the device. Typical consequences of TrickBot infections are bank account takeover, high-value wire fraud, and possibly ransomware attacks targeting organizational networks. Mainly financially motivated cyber-attacks. DocuSign themes used by Trickbot Sample email US-DoL.eml, contains three attachments: uslogo.png, faq.png, and Family and Medical L...

WhatsApp one of the largest instant messengers and considered by many a social network of its own. So, in continuing our app safety discussion, we’re diving into some of the top security hacks and questions many WhatsApp app users and parents may have. But first, what’s a security hack? In short, it’s an attempt to exploit the weaknesses in an app, network, or digital service to gain unauthorized access, usually for some illicit purpose. Here are just some of the concerns WhatsApp users may have and some suggestions on boosting security. WhatsApp Hack FAQ Are WhatsApp conversations private? Yes — but there are exceptions. More than any other app, WhatsApp offers greater privacy thanks to end-to-end encryption that scrambles messages to ensure only you and the person you’re communicating with can read your messages or listen to your calls. Here’s the catch: WhatsApp messages (which include videos and photos) are vulnerable  before  they are encrypted and  after...

A high-severity vulnerability could allow cybercriminals to push malware or remotely execute code, using seemingly innocuous messages. Security researchers have identified a JavaScript vulnerability in the WhatsApp desktop platform that could allow cybercriminals to spread malware, phishing or ransomware campaigns through notification messages that appear completely normal to unsuspecting users. And, further investigation shows this could be parlayed into remote code-execution. The desktop platform has more than 1.5 billion monthly active users. The high-severity bug (rated 8.2 on the CVSS severity scale) could impact those that also use WhatsApp for iPhone, if they don’t update their desktop and mobile apps, and if they don’t use newer versions of the Chrome browser. “A vulnerability [ CVE-2019-18426 ] in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting (XSS) and local file reading,” acc...

DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers' data to unknown and unauthorized third parties. Though the hosting company has not yet publicly released a statement, it did has started warning affected customers of the scope of the breach via an email. According to the breach notification email that affected customers [ 1 ,  2 ] received, the data leak happened due to negligence where DigitalOcean 'unintentionally' left an internal document accessible to the Internet without requiring any password. "This document contained your email address and/or account name (the name you gave your account at sign-up) as well as some data about your account that may have included Droplet count, bandwidth usage, some support or sales communications notes, and the amount you paid during 2018," the company said in the warning email as shown below. Upon discovery, a quick di...

Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the  SaltStack configuration framework , a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and DigiCert. Tracked as  CVE-2020-11651  and  CVE-2020-11652 , the disclosed flaws could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. The issues were fixed by SaltStack in a  release  published on April 29th. "We expect that any competent hacker will be able to create 100% reliable exploits for these issues in under 24 hours," F-Secure researchers had previously warned in an advisory last week. LineageOS, a maker of an open-source operating system based on Android, said it detected the intrusion on May 2nd at around 8 pm Pacific Time. "Around 8 pm PST on May 2nd, 2020, an attacker used a CVE in our SaltStack master to gain access to our infrastructure," the...