Posted on Leave a comment

DataVault Encryption Software Flaws Affect Multiple Storage Devices.

Sylvain Pelissier, a researcher, discovered that ENC Security’s DataVault encryption software, which is used by a number of vendors, is affected by a couple of key derivation function issues. An attacker can take advantage of the flaws to obtain user passwords.

DataVault is advanced encryption software that provides comprehensive military grade data protection and security features to multiple systems.

The researchers reported that “It was discovered that the key derivation function was PBKDF2, with 1000 iterations of MD5 used to … Read more

Posted on Leave a comment

The China-Linked BlackTech APT Employs New Flagpro Malware.

NTT Security’s analysis reported that ,” The attackers examine the target’s environment to see if it is suitable for running the second stage malware. If they decide to attack the target, they will download and execute another malware sample.” “Flagpro communicates with a command and control server and receives commands to execute from the server, or Flagpro downloads and executes second stage malware.”

The attackers send an email with a password-protected archived file (ZIP or RAR) attached, and they include … Read more

Posted on Leave a comment

Federal Agencies Have Released A Joint Advisory And Scanner For Log4j Vulnerabilities.

The intelligence agencies noted in the new advisory that “these vulnerabilities, particularly Log4Shell are Significant”. Cyber threat actors are actively monitoring networks for susceptible systems that might be exploited by Log4Shell, CVE-2021-45046, and CVE-2021-45105. These flaws will very certainly be exploited for a long time.”

In response to widespread exploitation of various vulnerabilities in Apache’s Log4j software library by malevolent adversaries, cybersecurity authorities from Australia, Canada, New Zealand, the United States, and the United Kingdom announced a combined advisory on … Read more

Posted on Leave a comment

A 4-Year-Old Azure App Service Bug Leaked Hundreds of Source Code Folders.

Wiz researchers reported the vulnerability to the tech giant on October 7, 2021 which leads to leakage of source codes. Luckily Microsoft has released the mitigations to fix the information disclosure bug in November.

Microsoft stated that only a “limited subset of customers” are at risk, adding that “customers who deployed code to App Service Linux through Local Git after files had already been created in the application were the only impacted customers.

Since September 2017, a security … Read more

Posted on Leave a comment

Experts Discover A Backdoor On A US Federal Agency’s Network

Czech security firm Avast said in a report published last week,” This attack could have provided total visibility of the network and complete control of a system, and thus could have been used as the first step in a multi-stage attack to penetrate this or other networks more deeply.”

A federal government commission associated with international rights in the United States was reportedly targeted by a backdoor that compromised its internal network in what the researchers called a “classic APT-type … Read more

Posted on Leave a comment

Log4j Vulnerability’s Attack Surface Is Expanded By A New Local Attack Vector

Blumira CTO Matthew Warner explained that ,”There is no evidence of active exploitation at this time. This vector significantly broadens the attack surface and can have an impact on services running as localhost that are not exposed to the network. With this newly discovered attack vector, anyone with a vulnerable Log4j version on their machine or local private network can browse a website and potentially trigger the vulnerability.”

While the problem can be fixed by updating all local development and … Read more