OSN MARCH 22, 2021

by | Mar 22, 2021 | Open Source News

Title: What Does the Florida Water Supply Incident Mean for ICS Cybersecurity?
Date Published: March 22, 2021

https://isaautomation.medium.com/what-does-the-florida-water-supply-incident-mean-for-ics-cybersecurity-432cac6f39c7?source=rss——cybersecurity-5

Excerpt: “Unsophisticated attacks, like what appears to have taken place in Oldsmar [Florida], are easily prevented by following industry standards and best practices such as ISA/IEC 62443 or NIST 800–82,” Cusimano said via email, when asked for additional comments. “We always recommend starting with a vulnerability and risk assessment to understand the vulnerabilities that present the highest operational risk to the organization, and then follow that by preparing a mitigation plan that is prioritized by risk.”

Title: Microsoft Exchange Servers Now Targeted by Blackkingdom Ransomware
Date Published: March 22, 2021

https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-now-targeted-by-blackkingdom-ransomware/

Excerpt: “Another ransomware operation known as ‘BlackKingdom’ is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers. Over the weekend, security researcher Marcus Hutchins, aka MalwareTechBlog, tweeted that a threat actor was compromising Microsoft Exchange servers via the ProxyLogon vulnerabilities to deploy ransomware. Based on the logs from his honeypots, Hutchins states that the threat actor used the vulnerability to execute a PowerShell script that downloads the ransomware executable from ‘yuuuuu44[.]com’ and then pushes it out to other computers on the network.”

Title: Russian Hacker Pleads Guilty to Planting Malware in Tesla Gigafactory
Date Published: March 21, 2021

https://www.hackread.com/russian-hacker-guilty-malware-tesla-gigafactory/

Excerpt: “The employee, whose name was not revealed reported the incident to the company as a result of which Kriuchkov was arrested by the FBI. It is worth noting that the employee who happened to be a non-US citizen worker at Tesla Gigafactory in Nevada, United States was offered $1 million in Bitcoin if they facilitated the attack. On the other hand, Kriuchkov also planned to carry out Distributed Denial of Service (DDoS) attack which would have diverted the company’s attention, paving way for the hacker to extract critical corporate data from the company and hold it for ransom.”

Title: The Texas Power Grid Failure is A Preview of A Much Bigger Problem
Date Published: March 22, 2021

https://cole-kraten.medium.com/the-texas-power-grid-failure-is-a-preview-of-a-much-bigger-problem-af1827f30547

Excerpt: “Cyber attacks on critical infrastructure by foreign powers as a means of control have happened in real life. On December 23rd, 2015 Russian state-sponsored hackers managed to compromise the security of three large energy distribution companies in Ukraine which led to blackouts for over 230,000 residents. This attack was a strategic move that took place as Russia continued its occupation of the Crimean peninsula in Ukraine. They gained access to the grid through a variety of methods including spear-phishing of employees that worked for the utility companies, the removal of files from servers and workstations at the power plant, and network access to SCADA systems that control the equipment responsible for generating and supplying energy to the grid.”

Title: DDoS Booters Now Abuse Dtls Servers to Amplify Attacks
Date Published: March 21, 2021

https://www.bleepingcomputer.com/news/security/ddos-booters-now-abuse-dtls-servers-to-amplify-attacks/

Excerpt: “According to reports that surfaced in December, a DDOS attack used DTLS to amplify traffic from vulnerable Citrix ADC devices that used DTLS configurations without a ‘HelloClientVerify’ anti-spoofing mechanism designed to block such abuse. DDoS attacks using DTLS can reach an amplification factor of 35 according to German DDoS protection vendor Link11 or an amplification ratio of 37.34:1 based on info from DDoS mitigation firm Netscout. Citrix released a fix to remove the amplification vector on affected NetScaler ADC devices in January, adding a ‘HelloVerifyRequest’ setting to remove the attack vector.”

Title: Hacking Group Used 11 Zero-Days to Attack Windows, IOS, Android Users
Date Published: March 20,  2021

https://www.bleepingcomputer.com/news/security/hacking-group-used-11-zero-days-to-attack-windows-ios-android-users/

Excerpt: “Project Zero, Google’s zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year. The Project Zero team revealed that the hacking group behind these attacks ran two separate campaigns, in February and October 2020. Just as before, the attackers used a couple of dozen websites hosting two exploit servers, each of them targeting iOS and Windows or Android users.”

Title: Revil Ransomware Gang Hacked Acer and Is Demanding a $50 Million Ransom
Date Published: March 20,  2021

https://securityaffairs.co/wordpress/115777/cyber-crime/acer-revil-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=acer-revil-ransomware

Excerpt: “A REvil ransomware sample on malware analysis site Hatching Triage was discovered by TechTarget sister publication LeMagIT Friday, which contained a link to a REvil ransomware demand for $50 million in Monero (213,151 XMR as of publishing). Researchers at LegMagIT while investigating the security breach discovered a REvil ransomware sample employed in the attacks on Acer, it includes a link to a REvil ransomware demand for $50 million worth of Monero.”

Title: Firms Urged to Patch as Attackers Exploit Critical F5 Bugs
Date Published: March 22, 2021

https://www.infosecurity-magazine.com/news/firms-urged-to-patch-exploit/

Excerpt: “Security experts are urging F5 customers to patch a critical vulnerability in the vendor’s BIG-IP and BIG-IQ networking products after warning of mass exploitation attempts in the wild. CVE-2021-22986 is a flaw in the products’ REST-based iControl management interface which could allow for authentication bypass and remote code execution. With a CVSS rating of 9.8, it was patched on March 10 along with several other bugs that could be chained in attacks. These are: CVE-2021-22987, CVE-2021-22988, CVE-2021-22989 and CVE-2021-22990.”

Title: RCE Flaw in Apache Ofbiz Could Allow to Take Over the ERP System
Date Published: March 22, 2021

https://securityaffairs.co/wordpress/115846/security/rce-flaw-apache-ofbiz-erp.html?utm_source=rss&utm_medium=rss&utm_campaign=rce-flaw-apache-ofbiz-erp

Excerpt: “The Apache Software Foundation addressed last week a high severity vulnerability in Apache OFBiz, tracked as CVE-2021-26295, that could have allowed a remote, unauthenticated attacker to take over the ERP system. Unsafe deserialization occurs when malformed data or unexpected data could be used to abuse application logic, deny service, or execute arbitrary code when deserialized. This category of issue could compromise the availability, authorization process, and bypass access control.”

Title: Popular Remote Lesson Monitoring Program Could Be Exploited to Attack Student PCs
Date Published: March 22, 2021

https://www.zdnet.com/article/popular-remote-student-learning-program-found-to-be-riddled-with-security-holes/

Excerpt: “According to McAfee’s Advanced Threat Research (ATR) team, Netop Vision Pro contained vulnerabilities that “could be exploited by a hacker to gain full control over students’ computers.” After setting up a virtual ‘classroom’ made up of four devices on a local network, the researchers realized that all network traffic was unencrypted and there was no option to enable encryption during configuration. In addition, students that began connecting to the classroom “would unknowingly begin sending screenshots to the teacher.”