Security daily (23-08-2021)

The Five Ws episode 1: Accreditation models for secure cloud adoption whitepaper

AWS whitepapers are a great way to expand your knowledge of the cloud. Authored by Amazon Web Services (AWS) and the AWS community, they provide in-depth content that often addresses specific customer situations. We’re featuring some of our whitepapers in a new video series, The Five Ws. These short videos outline the who, what, when, […] (AWS Security Blog)

Hackers seize severe Microsoft Exchange vulnerabilities in echo of widespread March attacks

A fresh wave of attacks against Microsoft Exchange has government cybersecurity officials on guard for a possible repeat of the chaos hackers rendered earlier this year by exploiting different vulnerabilities in the popular workplace mail server. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an urgent warning Saturday that cybercriminals are actively exploiting months-old vulnerabilities in Microsoft’s ProxyShell. CISA recommended that customers update their systems using software patches that Microsoft released in May to address the vulnerabilities. National Security Agency Cybersecurity Director Rob Joyce also urged companies to patch against the vulnerabilities. Huntress Lab, which first reported the surge in attacks, reported 300 total compromised servers as of Monday. Targeted organizations identified by Huntress include seafood processors, industrial machinery, auto repair shops, dental and law offices and more. “We’re starting to call this another Microsoft Exchange incident no one is talking about,” said John Hammond, senior security researcher […] The post Hackers seize severe Microsoft Exchange vulnerabilities in echo of widespread March attacks appeared first on CyberScoop. (CyberScoop)

Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up

It’s a sure sign of trouble when leading insurance industry executives are worried about their own prices going up. Two separate CEOs of major insurance giants remarked in recent weeks about a considerable jump in cyber insurance premium prices: AIG’s chief executive said rates increased by 40% for its clients, while Chubb’s chief executive said that company was charging more, too. Rather than welcoming the trend, Chubb CEO Evan Greenberg offered a warning. Those price increases, he said, still don’t reflect the grave risk that a catastrophic cyber event poses. “That is not addressing by itself the fundamental issue,” he said. Those are just two data points about how, in the past year, the evolution of ransomware has radically altered the landscape of cyber insurance, according to analysts inside and outside the industry. Cyber insurance covers a range of ransomware-related costs, like extortion demands, remediation efforts and other losses. Ransomware […] The post Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up appeared first on CyberScoop. (CyberScoop)

What’s THAT on my 3D printer? Cloud bug lets anyone print to everyone

That's funny. I could have sworn I didn't run a print job yesterday... but will you look at that? (Naked Security)

The State Department Has Reportedly Been Hacked

(News ≈ Packet Storm)

Crypto Platform Poly Network Says Hacked Funds Returned

(News ≈ Packet Storm)

The US Military May Soon Declassify A Secret Space Weapon

(News ≈ Packet Storm)

Attackers Actively Exploiting Realtek SDK Flaws

(News ≈ Packet Storm)

Navigating Vendor Risk Management as IT Professionals

One of the great resources available to businesses today is the large ecosystem of value-added services and solutions. Especially in technology solutions, there is no end to the services of which organizations can avail themselves. In addition, if a business needs a particular solution or service they don't handle in-house, there is most likely a third-party vendor that can take care of that for (The Hacker News)

Researchers Detail Modus Operandi of ShinyHunters Cyber Crime Group

ShinyHunters, a notorious cybercriminal underground group that's been on a data breach spree since last year, has been observed searching companies' GitHub repository source code for vulnerabilities that can be abused to stage larger scale attacks, an analysis of the hackers' modus operandi has revealed. "Primarily operating on Raid Forums, the collective's moniker and motivation can partly be (The Hacker News)

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans. That's according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top (The Hacker News)

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws

The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL (The Hacker News)

Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang

Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate. The latest findings from IBM X-Force show that the ransomware sample shares similarities to other malware that has been attributed to the cybercrime gang, thus establishing a clearer (The Hacker News)

Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices

Taiwanese chip designer Realtek is warning of four security vulnerabilities in three software development kits (SDKs) accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors. The flaws, which affect Realtek SDK v2.x, Realtek "Jungle" SDK v3.0/v3.1/v3.2/v3.4.x/v3.4T/v3.4T-CT, and Realtek "Luna" SDK up to version 1.3.2, could be abused by attackers to (The Hacker News)

Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs

Data leaked includes COVID-19 vaccination records, Social Security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools. (Threatpost)

ProxyShell Attacks Pummel Unpatched Exchange Servers

CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers. (Threatpost)

Windows 10 Admin Rights Gobbled by Razer Devices

So much for Windows 10's security: A zero-day in the device installer software grants admin rights just by plugging in a mouse or other compatible device. UPDATE: Microsoft is investigating. (Threatpost)

Managing Privileged Access to Secure the Post-COVID Perimeter

Joseph Carson, chief security scientist & advisory CISO at ThycoticCentrify, discusses how to implement advanced privileged-access practices. (Threatpost)

Attackers Actively Exploiting Realtek SDK Flaws

Multiple vulnerabilities in software used by 65 vendors under active attack. (Threatpost)


/security-daily/ 24-08-2021 23:44:23