Cyber Bites

Researchers from Niederrhein University and Ruhr-Universität Bochum (RUB) have discovered 14 new cross-site data leaks (XS-Leaks) attacks targetting a wide range of modern web browsers. The browsers affected include Microsoft Edge, Google Chrome, Opera, Apple Safari, Tor Browser, and Mozilla Firefox among many others. The researchers discovered the leaks by testing how well 56 browsers and operating systems were protected against 34 XS-Leaks. The researchers' website, XSinator.com, scanned the browsers for leaks and found that...

US military's hacking unit, Cyber Command, has taken offensive action to disrupt cybercriminal groups that have launched ransomware attacks on US companies, a spokesperson for the command confirmed to CNN Sunday.  

Security researchers tested nine popular WiFi routers and found they are riddled with vulnerabilities - even when running the latest firmware. In the nine models tested, a total of 226 vulnerabilities were found, the TP-Link Archer AX6000 and the Synology RT-2600ac resulting the most insecure, with 32 and 30 flaws, respectively. Conducted by IoT Inspector for the publication CHIP, the analysis found that in the most common vulnerabilities were: Outdated Linux kernel in the firmware...

Papua New Guinea’s finance department acknowledged late Thursday that its payment system, which manages access to hundreds of millions of dollars in foreign aid money, was hit with a ransomware attack. The attack on the Department of Finance’s Integrated Financial Management System (IFMS) occurred at 1 a.m. local time on Oct. 22, according to a statement released by John Pundari, finance minister and acting treasurer, Bloomberg reported. Commenting on the news, Robert Golladay, EMEA and...

Kaspersky has this week released the findings of their research on the malware dubbed BloodyStealer. According to its creators, the malware can steal passwords, cookies, bank card details, browser autofill data, screenshots and more, and it is advertised on underground forums. It looks like the criminals behind BloodyStealer are targeting gamers, as they are selling access to specific accounts, both individually and wholesale. Accounts with add-on and expensive items hold particular value, but they are...

Cloud security vendor Wiz, who also found a massive vulnerability in Microsoft Azure's CosmosDB-managed database service recently, has found another security vulnerability in Azure that impacts Linux virtual machines. Users could end up with a little-known service called OMI installed as a byproduct of enabling any of several logging reporting and/or management options in Azure's UI. In the worst case scenario, the vulnerability in OMI could be used for remote root code execution— though in...

Russian internet giant Yandex has been targeted in a massive distributed denial-of-service (DDoS) attack that started last week and and it reportedly continues this week, Bleeping Computer reports. Russian media called the assault the largest in the history of Russian internet (RuNet), and that a US based company confirmed that the attack was ongoing. The attack started over the weekend and while there are no further details about the type or size of the DDoS,...

Gardaí have seized cyber infrastructure used by the cyber gang involved in the HSE cyber attack earlier this year. The operation is believed to have prevented more than 750 ransomware attacks, the Irish Times has reported. The Garda-led operation targeted websites, domain names and servers used in the attacks, has been led by An Garda Síochána but also involved other international law enforcement agencies, including Interpol and Europol. Garda Headquarters, in Phoenix Park, Dublin, on...

The US Cyber Command issued a warning that the Atlassian Corp. PLC’s Confluence software is being exploited on a large scale and that users should patch their installations immediately. The vulnerability, formally named CVE-2021-26084, was revealed by Atlassian on Aug. 25 and was described as allowing an authenticated user to execute arbitrary code on a Confluence Server or data centre instance. It also said that Confluence Cloud customers are not affected. The issue affects all...

The US' CYbersecurity Infrastructure Security Agency (CISA) has added signle-factor authentication (SFA) to its list of bad practices, which outlines exceptionally risky cybersecurity practices. The agency has specified that this low-security method of authentication is particularly dangerous when used to secure Critical Infrastructure or National Critical Functions. The list also includes the use of unsupported/end-of-life software that can no longer be patched, and the use of known/default passwords and credentials. "The presence of these Bad...