Security daily (14-04-2021)

Lawmakers press spy leaders on lagging efforts to block foreign hackers

When companies become aware they have been targeted by criminal or nation-state hackers, they need to fess up and come to the U.S. government with information to help feds get a better handle on foreign nation-state hacking, FBI Director Chris Wray emphasized during testimony on Capitol Hill Wednesday. Wray noted that companies coming forward when they are impacted in cyberattacks is a crucial part of developing a sort of early-warning system for foreign hackers working to conduct sweeping cyber-operations against multiple American companies and government entities. “We need that first company [impacted]. Someday you’re going to be the first company, if you’re the CEO, and someday you’re going to be the second, third or fourth company,” Wray told the Senate Intelligence Committee during the intelligence community’s global threats briefing. “We need in every instance those companies to be stepping forward promptly and reaching out to government so that we can […] The post Lawmakers press spy leaders on lagging efforts to block foreign hackers appeared first on CyberScoop. (CyberScoop)

Unpatched Microsoft Exchange Servers hit with cryptojacking

Hackers are hitting Microsoft Exchange Servers with a Monero cryptominer, according to Sophos research published Tuesday. The attackers, whom Sophos did not identify, began their apparently financially-motivated campaign shortly after Microsoft announced four zero-day vulnerabilities, according to Sophos. The attackers have lost several of the servers they used to steal Monero — a kind of cryptocurrency — from victims, an indication that those with vulnerable machines are applying patches and hunting for compromises. But over the past month, the hackers have looked for new vulnerable servers to exploit, indicating some are still not paying attention to patching notices, Sophos warned. There were fewer than 10,000 vulnerable systems in the U.S. as of March 22, according to the National Security Council, compared with 120,000 entities that were vulnerable when the vulnerabilities were discovered. As of late March over 92% of affected servers were patched or mitigated, according to Microsoft. This particular […] The post Unpatched Microsoft Exchange Servers hit with cryptojacking appeared first on CyberScoop. (CyberScoop)

With court order, FBI removes hundreds of Exchange Server web shells from US organizations

The FBI has used a court order to remove malicious code from hundreds of U.S. computers running the Microsoft Exchange Server email program, Justice Department officials announced Tuesday. The court-ordered removal of the web shells, or scripts used by hackers for persistent access, is one of the most aggressive actions taken yet by U.S. government officials or corporate executives to combat the Exchange Server vulnerabilities since Microsoft announced on March 2 that suspected Chinese spies were exploiting them. The alleged Chinese hackers used the flaws to steal emails from targeted organizations, according to private-sector analysts, but an array of scammers have since exploited the bugs for their own purposes. In the days after Microsoft revealed the vulnerabilities, incident responders estimated that tens of thousands of U.S. organizations running Exchange Server could be exposed to potential hacking. Many of those organizations have removed the web shells, but Justice Department officials said […] The post With court order, FBI removes hundreds of Exchange Server web shells from US organizations appeared first on CyberScoop. (CyberScoop)

FBI hacks into hundreds of infected US servers (and disinfects them)

Hacking for good! A judge said I could! (Naked Security)

FBI Deletes Web Shells From Hundreds Of Compromised Microsoft Exchange Servers Before Alerting Admins

(News ≈ Packet Storm)

Facebook Will Not Notify More Than 530M Users Exposed In 2019 Breach

(News ≈ Packet Storm)

Reddit Takes Bug Bounty Program Public

(News ≈ Packet Storm)

100,000 Google Sites Used To Install SolarMarket RAT

(News ≈ Packet Storm)

WordPress Continues to Fall Victim to Carding Attacks

Unsurprisingly, as WordPress continues to increase in popularity as an e-commerce platform, attackers continue to attempt to steal credit card information from unsuspecting clients. Currently, the WordPress plugin WooCommerce accounts for roughly a quarter of all online stores. Over recent years, attackers whose goal it is to fradulently obtain credit card information have mostly focused on e-commerce specific platforms such as Magento, PrestaShop and OpenCart (knowing that 100% of these websites are dealing with payment information). Continue reading WordPress Continues to Fall Victim to Carding Attacks at Sucuri Blog. (Sucuri Blog)

New WhatsApp Bugs Could've Let Attackers Hack Your Phone Remotely

Facebook-owned WhatsApp recently addressed two security vulnerabilities in its messaging app for Android that could have been exploited to execute malicious code remotely on the device and even exfiltrate sensitive information. The flaws take aim at devices running Android versions up to and including Android 9 by carrying out what's known as a "man-in-the-disk" attack that makes it possible for (The Hacker News)

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack. Dubbed SMASH (Synchronized MAny-Sided Hammering), the technique can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM cards, notwithstanding extensive mitigations that have been put in place by manufacturers over the (The Hacker News)

Simplify, then Add Lightness – Consolidating the Technology to Better Defend Ourselves

One of the biggest consequences of the rapidly evolving cybersecurity threat landscape is that defenses must constantly build bigger systems to defend themselves.  This leads to both more complex systems and often less communication between them. More importantly, it can lead companies to invest in disparate “best in class” components instead of finding the best fit for their needs. The constant (The Hacker News)

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits

Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation. One of the two flaws concerns an insufficient validation of untrusted input in its V8 JavaScript rendering engine ( (The Hacker News)

NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers

In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Of the 114 flaws, 19 are rated as Critical, 88 are rated Important, and one is rated Moderate in severity. Chief among them is CVE-2021-28310, a privilege escalation vulnerability in Win32k that's said to be (The Hacker News)

Security Bug Allows Attackers to Brick Kubernetes Clusters

The vulnerability is triggered when a cloud container pulls a malicious image from a registry. (Threatpost)

Ransomware Attack Creates Cheese Shortages in Netherlands

Not a Gouda situation: An attack on a logistics firm is suspected to be related to Microsoft Exchange server flaw. (Threatpost)

FBI Clears ProxyLogon Web Shells from Hundreds of Orgs

In a veritable cyber-SWAT action, the Feds remotely removed the infections without warning businesses beforehand. (Threatpost)

A Post-Data Privacy World and Data-Rights Management

Joseph Carson, chief security scientist at Thycotic, discusses the death of data privacy and what comes next. (Threatpost)

100,000 Google Sites Used to Install SolarMarker RAT

Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains. (Threatpost)

Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes

Microsoft fixes 110 vulnerabilities, with 19 classified as critical and another flaw under active attack. (Threatpost)


/security-daily/ 15-04-2021 23:44:22