Hacken Token
$ -- --.--
Weekly News Digest #23

Weekly News Digest #23

NSA Hacking Tool Appeared to Be Used Years Ago in China

Is it possible for any intelligence agency to keep its ‘zero-day’ supply from falling into the wrong hands? The question that bothers security community heads since four years ago accident with a group of hackers Shadow Brokers, who launched leaking of NSA hacking tools onto the Internet.

Recently, security firm Check Point revealed that Shadow Brokers weren’t the first to use the NSA hacking tool. Chinese attackers APT31, known as Zirconium or Judgment Panda, appeared to obtain and reuse another NSA instrument years before the famous hacker gang. The prooves confirm that Zirconium used EpMe Windows-hacking tool developed by the Equation Group, which is supposed to belong to NSA.

Read more

New Bug Invades 6,700 VMware Servers

A new hacker attack threatening VMware vCenter servers has been  revealed recently. Not only unpatched devices, but also companies’ entire networks appear to be vulnerable.

Threat intelligence firm Bad Packets affirms that Scans for VMware vCenter devices have already been initiated.

On their blog, Chinese security researchers disclosed proof-of-concept code CVE-2021-21972 for weakness detection. As a result, the scans were launched tracked.

Read more

Brazil Data Protection Fines Could Be Placed on a Shelf Till 2020

Brazilian authorities came out with a bill offering to put back the reinforcement of fines for non-compliance with data protection regulations.

In September 2020, was launched a country’s General Data Protection Law (LGPD, in the Portuguese acronym), mentioning the sanctions for defiance. They result in warnings, daily fines of up to 50 million reais (US$ 9 million) as well as in a prohibition of data processing activities.

The act provoked two sensational scandals in 2021. The first one led to the exposure of personal information of 220 million citizens, while the second one concerned the leakage of 102 mobile phone accounts.

Read more

Bug Bounty Hunter Discloses XSS Bug in Apple iCloud

An XSS security vulnerability in icloud.com has been recently discovered by Vishal Bharad, bug bounty hunter and penetration tester.

Stored or persistent XSS flaws serve not only to store payloads on a target server, but also to penetrate threatening scripts into websites and could be exploited for stealing cookies, session tokens, and browser data.

Hacker should create new Pages or Keynote content with an XSS payload sent into the name field to provoke the vulnerability.

Read more

Auth-Bypass Security Vulnerability

Cisco System intersite policy manager software appeared to be vulnerable to remote hackers who can now bypass authorization.

Unfortunately, this is not the first weakness discovered and eradicated by Cisco this week. The vulnerability resides in Cisco’s ACI Multi-Site Orchestrator (ACI MSO) – business-management software that monitors interconnected policy-management sites condition.

According to the CVSS vulnerability-rating scale, Cisco’s vulnerability (CVE-2021-1388) ranks 10 (out of 10). Hackers could bypass the authorization and use it by sending a crafted request to the affected API. That’s why such a gotcha is considered to be dangerous.

Read more

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.

    hackenproof logo

    The world trusted Bug Bounty Platform. Run custom-tailored Bug Bounty Programs to secure your business and assets.