Security daily (22-03-2021)

Thousands of Exchange servers breached prior to patching, CISA boss says

A U.S. government cybersecurity official on Monday warned organizations not to have a false sense of security when it comes to vulnerabilities in Microsoft Exchange Server software, noting that “thousands” of computer servers with updated software had already been breached. “Patching is not sufficient,” said Brandon Wales, acting head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). “There are literally thousands of compromised servers that are currently patched. And these system owners, they believe they are protected.” “We’re seeing improvements there, but more work needs to be done,” Wales said at an event hosted by Auburn University’s McCrary Institute. “The vulnerabilities can be scriptable, allowing automation exploitation, and that’s just a risk that’s unacceptable.” Everyone from suspected Chinese spies to ransomware gangs have in the last month moved to exploit the flaws in Exchange Server, a popular email software. At least one of the bugs could […] The post Thousands of Exchange servers breached prior to patching, CISA boss says appeared first on CyberScoop. (CyberScoop)

Hackers are exploiting new F5 bug in the wild

That didn’t take long. Just days after enterprise IT provider F5 Networks disclosed critical vulnerabilities in its software, researchers say hackers have exploited one of the bugs in attempted intrusions. “Starting this week and especially in the last 24 hours … we have observed multiple exploitation attempts against our honeypot infrastructure,” researchers from security firm wrote in a blog post Thursday. The situation escalated over the weekend, with proof-of-concept exploits posted to Twitter that make it easier to take advantage of the bug. Government agencies and big corporations alike use the F5 software, known as BIG-IP, to manage data on their networks. The vulnerability documented by NCC Group could allow an attacker to execute code remotely on a system and delete data. It is one of a slew of BIG-IP flaws that F5 revealed on March 10. Security fixes are available. “The attackers are hitting multiple honeypots in different regions, suggesting […] The post Hackers are exploiting new F5 bug in the wild appeared first on CyberScoop. (CyberScoop)

US racing to address Microsoft vulnerabilities, especially for small businesses

The number of entities in the U.S. that remain vulnerable to the recently announced Microsoft Exchange Server software flaws is dropping, according to a National Security Council spokesperson. Overall, the number of vulnerable systems fell 45% last week, the National Security Council (NSC) spokesperson said in a statement, and there are now fewer than 10,000 vulnerable systems in the U.S., compared to the more than 120,000 entities that were vulnerable when the software bugs were first uncovered. The key to that apparent decrease is the fact that entities are taking advantage of a new tool Microsoft released to the public last week in an attempt to protect protect smaller organizations against hackers seeking to exploit the Exchange Server flaws, according to the NSC spokesperson. Microsoft developed the tool, the Exchange On-Premises Mitigation tool — which works in an automated way, scanning for compromises and remediating issues — in coordination with Anne […] The post US racing to address Microsoft vulnerabilities, especially for small businesses appeared first on CyberScoop. (CyberScoop)

Naked Security Live – “XcodeSpy” takes aim at Mac and iOS developers

New episode - watch now! (Naked Security)

Instagram scams and how to avoid them

Don't get taken for a sucker on social media! Here are our top tips to protect you from Instagram scams... (Naked Security)

Netop Vision Pro Can Be Hacked To Attack Student PCs

(News ≈ Packet Storm)

Russian Pleads Guilty To Tesla Ransomware Plot

(News ≈ Packet Storm)

Trump Plans To Build His Own Social Media Platform

(News ≈ Packet Storm)

U.S. Supreme Court Rebuffs Facebook Appeal In User Tracking Lawsuit

(News ≈ Packet Storm)

Popular Netop Remote Learning Software Found Vulnerable to Hacking

Cybersecurity researchers on Sunday disclosed multiple critical vulnerabilities in remote student monitoring software Netop Vision Pro that a malicious attacker could abuse to execute arbitrary code and take over Windows computers. "These findings allow for elevation of privileges and ultimately remote code execution which could be used by a malicious attacker within the same network to gain (The Hacker News)

Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now

The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning (ERP) system. Tracked as CVE-2021-26295, the flaw affects all versions of the software prior to 17.12.06 and employs an "unsafe deserialization" as an attack vector to permit (The Hacker News)

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online

Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of in the wild exploitation comes on the heels of a proof-of-concept exploit code that surfaced online (The Hacker News)

Tesla Ransomware Hacker Pleads Guilty; Swiss Hacktivist Charged for Fraud

The U.S. Department of Justice yesterday announced updates on two separate cases involving cyberattacks—a Swiss hacktivist and a Russian hacker who planned to plant malware in the Tesla company. A Swiss hacker who was involved in the intrusion of cloud-based surveillance firm Verkada and exposed camera footage from its customers was charged by the U.S. Department of Justice (DoJ) on Thursday (The Hacker News)

CISA Warns of Security Flaws in GE Power Management Devices

The flaws could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition. (Threatpost)

Critical Security Bugs Fixed in Virtual Learning Software

Remote ed software bugs give attackers wide access student computers, data. (Threatpost)

Adobe Fixes Critical ColdFusion Flaw in Emergency Update

Attackers can leverage the critical Adobe ColdFusion flaw to launch arbitrary code execution attacks. (Threatpost)


/security-daily/ 23-03-2021 23:44:26