- 1. F5 urges customers to patch critical BIG-IP pre-auth RCE bug
F5 Networks released patches for four critical remote code execution flaws affecting most BIG-IQ and BIG-IP software versions. CVE-2021-22986 allows unauthenticated remote attackers to execute arbitrary commands on compromised BIG-IP devices. The other vulnerabilities, CVE-2021-22987, CVE-2021-22991, and CVE-2021-22992, are also listed as Critical and allow authenticated remote attackers to execute arbitrary system commands.
- 2. Email Hackers Defraud TM Supermarkets Of $22 Million In BEC Scam
Hackers have reportedly defrauded Zimbabwe's TM Supermarkets out of some $22 million in what appears to be a business email compromise (BEC) scam in which unidentified hackers emailed instructions to the supermarkets' bank (Steward Bank) requesting that it transfer funds to four attacker-controlled accounts.
- 3. Tesla Shanghai factory among sites exposed in huge security camera hack
An international hacker collective says it breached a massive amount of security camera data collected by San Mateo, Calif.-based start-up Verkada and accessed live camera feeds live feeds from 150,000 surveillance cameras located inside hospitals, prisons, schools, police departments, and companies, including Tesla Inc.
- 4. iPhone, iPad and Mac security: Apple releases fixes for bug that could allow code execution via malicious web content
As part of its macOS Big Sur 11.2.3, iOS 14.4.1, and iPadOS 14.4.1 security fixes, Apple has addressed a memory-related vulnerability (CVE-2021-1844) affecting its WebKit browser engine used by Safari on iPhones and MacBooks that could lead to arbitrary code execution if victims visit a website hosting malicious code.
- 5. 9 Android Apps On Google Play Caught Distributing AlienBot Banker and MRAT Malware
Cybersecurity researchers have discovered a new malware dropper contained in as many as 9 Android apps distributed via Google Play Store. This dropper, dubbed Clast82, utilizes a series of techniques to avoid detection by Google Play Protect detection, completes the evaluation period successfully, and changes the payload dropped from a non-malicious payload to the AlienBot Banker and MRAT.
- 6. Google, Linux Foundation, Red Hat release free tool to secure software supply chains
Sigstore tool will provide the infrastructure for developers to cryptographically sign software releases, container images, or binaries and then save signing proof in public and auditable logs.
Google described the new project as “Let’s Encrypt for Code Signing.”
The Linux Foundation, which is formally hosting and shepherding the project, said Sigstore was created to address the problem of software supply chain security.
- 7. A Basic Timeline of the Exchange Mass-Hack — Krebs on Security
Timeline of what happened when and why we're in a fix-it-now rather than patch Tuesday cycle.
- 8. Microsoft’s MSERT tool now finds web shells from Exchange Server attacks
Microsoft has pushed out a new update for their Microsoft Safety Scanner (MSERT) tool to detect web shells deployed in the recent Exchange Server attacks. Tool scans and removes (by default) discovered web shells.
- 9. Everything you need to know about the Microsoft Exchange Server hack
What happened, vulnerabilities explained, mitigation/patch options. Scope of attack.
- 10. Microsoft Exchange Server Vulnerabilities Mitigations – March 2021 – Microsoft Security Response Center
Mitigation to the vulnerabilities. These require service disablement and can be intrusive. PS you still need to patch.
- 11. Unpatched QNAP devices are being hacked to mine cryptocurrency
Unpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware. Update firmware/software, review accounts, review installed software, add the QNAP MalwareRemoval app.
- 12. Idaho Man Charged With Hacking Into Computers in Georgia
An Idaho man faces federal charges after authorities say he hacked into the computers of a Georgia city and Atlanta area medical clinics. He purchased credentials for the targeted systems online.
- 13. Docker Hub and Bitbucket Resources Hijacked for Crypto-Mining
Aqua Security observed that attackers created 92 malicious Docker Hub registries and 92 Bitbucket repositories in just four days, indicating a resurgent crypto-mining campaign in which attackers are using those resources to infect targeted systems with the "Monero" cryptominer and mine for cryptocurrency.
- 14. About 580,000 SIA KrisFlyer and PPS members affected by external data leak
Singapore Airlines (SIA) has disclosed it suffered a data breach after third-party information technology firm Sita's passenger service system servers were compromised and leaked some 580,000 SIA KrisFlyer and POS programmes members' personally identifiable information (PII). The connection is via Star Alliance Data which allowed Sitka to access data from all other airlines.