Title: Exploitation of Accellion File Transfer Appliance
Date Published: February 24, 2021
https://us-cert.cisa.gov/ncas/alerts/aa21-055a
Excerpt: “One of the exploited vulnerabilities (CVE-2021-27101) is an SQL injection vulnerability that allows an unauthenticated user to run remote commands on targeted devices. Actors have exploited this vulnerability to deploy a webshell on compromised systems. The webshell is located on the target system in the file /home/httpd/html/about.html or /home/seos/courier/about.html. The webshell allows the attacker to send commands to targeted devices, exfiltrate data, and clean up logs. The clean-up functionality of the webshell helps evade detection and analysis during post incident response. The Apache /var/opt/cache/rewrite.log file may also contain the following evidence of compromise:”
Title: NASA and the FAA Were Also Breached by the SolarWinds Hackers
Date Published: February 24, 2021
Excerpt: “While the US government has not publicly disclosed that NASA and the FAA were breached, the agencies’ identities were confirmed by the Post with US officials after Anne Neuberger, White House’s deputy national security adviser, said that nine federal agencies were breached in the SolarWinds hack campaign. A Transportation Department spokesperson said the agency is investigating the situation. A NASA spokeswoman added that the federal agency is working with CISA on “mitigation efforts to secure NASA’s data and network”.”
Title: Bitter APT Enhances Its Capabilities With Windows Kernel Zero-day Exploit
Date Published: February 24, 2021
Excerpt: “Recently, researchers found that the Bitter APT group was exploiting a zero-day vulnerability in the Windows 10 64-bit operating system, in the wild. This vulnerability also affects the latest version of the Windows 10 operating system, such as Windows10 20H2 64-bits. The vulnerability CVE-2021–1732 has been fixed in the February 2021 security update by the Microsoft Security Response Center (MSRC).”
Title: Legal Firm Leaks 15,000 Cases Via the Cloud
Date Published: February 24, 2021
https://www.infosecurity-magazine.com/news/legal-firm-leaks-15000-cases-via/
Excerpt: “Researchers at reviews site WizCase found the AWS S3 bucket containing 55,000 documents wide open. It required no authorization to view the 20GB trove, meaning anyone with the URL could have accessed highly sensitive personal information, the firm claimed. WizCase traced the data back to Inova Yönetim, a Turkish actuarial consultancy which analyzes data to help calculate insurance risk and premiums.”
Title: Ransomware Attacks Double Against Global Universities
Date Published: February 24, 2021
https://www.infosecurity-magazine.com/news/ransomware-attacks-double-global/
Excerpt: “The surge in ransomware could partly be explained by the fact that over a fifth (22%) of all analyzed universities and colleges had open or unsecured remote desktop ports (RDPs). What’s more, two-thirds (66%) lacked protocols like SPF, DKIM and DMARC to help guard against phishing. These tend to be the top two vectors for ransomware. After ransomware, data breaches were the number two threat event for the sector over the reporting period, accounting for half of all events in 2019. Over a third of these were linked to learning tools and associated apps like Zoom, Chegg and ProctorU.”
Title: Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
Date Published: February 23, 2021
https://thehackernews.com/2021/02/critical-rce-flaw-affects-vmware.html
Excerpt: “VMware has addressed multiple critical remote code execution (RCE) vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. “A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server,” the company said in its advisory.”
Title: APT32 State Hackers Target Human Rights Defenders With Spyware
Date Published: February 23, 2021
Excerpt: “VOICE and the two bloggers all received emails containing spyware between February 2018 and November 2020,” Amnesty International added, with the final payload being installed on the victims’ Windows computers using APT32’s Kerrdown downloader. The attackers downloaded and deployed Cobalt Strike beacons to gain persistent remote access to the compromised systems. In the case of victims who used Macs, the APT32 operators used a macOS backdoor spotted by TrendMicro in previous attacks on Vietnamese targets, a malware strain designed to provide the attackers with the ability to download, upload, and execute arbitrary files and commands.”
Title: Clop Ransomware Gang Leaks Online What Looks Like Stolen Bombardier Blueprints of GlobalEye Radar Snoop Jet
Date Published: February 23, 2021
https://www.theregister.com/2021/02/23/bombardier_clop_ransomware_leaks/
Excerpt: “Bombardier confirmed its security had been breached, putting out a public statement only minutes after The Register grilled the Canadian business jet maker on the Clop gang’s claims. “An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network,” the biz said.”
Title: 119,000 Threats Per Minute Detected in 2020
Date Published: February 23, 2021
https://www.infosecurity-magazine.com/news/119k-threats-per-minute-detected/
Excerpt: “Email-borne threats such as phishing attacks accounted for 91% of the 62.6 billion threats blocked by Trend Micro last year. Nearly 14 million unique phishing URLs were detected by the company in 2020, with home networks a primary target. Researchers found cyber-attacks on home networks surged 210% year-on-year in 2020 to just under 2.9 billion, a figure that equates to 15.5% of all homes. The vast majority (73%) of strikes against home networks involved brute-forcing logins to gain control of a smart device or router.”
Title: Microsoft President Asks Congress To Force Private-Sector Orgs To Publicly Admit When They’ve Been Hacked
Date Published: February 24, 2021
https://www.bankinfosecurity.com/blogs/sonicwall-was-hacked-was-also-extorted-p-2999
Excerpt: “Speaking at a Senate Intelligence Committee hearing on Tuesday regarding the SolarWinds backdoor, through which suspected Russian agents infiltrated the computers of US government departments and Fortune 500 companies, Smith argued it was “time not only to talk about but to find a way to take action to impose in an appropriate manner some kind of notification obligation on entities in the private sector”.”