OSN August 23, 2021

by | Aug 23, 2021 | Open Source News

Title: WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws
Date Published: August 22, 2021

https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html

Excerpt: “Now according to researchers from Huntress Labs, at least five distinct styles of web shells have been observed as deployed to vulnerable Microsoft Exchange servers, with over over 100 incidents reported related to the exploit between August 17 and 18. Web shells grant the attackers remote access to the compromised servers, but it isn’t clear exactly what the goals are or the extent to which all the flaws were used. More than 140 web shells have been detected across no fewer than 1,900 unpatched Exchanger servers to date, Huntress Labs CEO Kyle Hanslovan tweeted, adding “impacted [organizations] thus far include building manufacturing, seafood processors, industrial machinery, auto repair shops, a small residential airport and more”.”

Title: U.S. State Department Was Recently Hit by a Cyber Attack
Date Published: August 21, 2021

https://securityaffairs.co/wordpress/121354/hacking/us-state-department-hit-cyber-attack.html

Excerpt: “The U.S. The State Department was recently hit by a cyber attack, the Department of Defense Cyber Command is notifying impacted individuals, White House Correspondent and fill-in anchor at Fox News Jacqui Heinrich revealed. The reporter also said that the State Department’s ongoing mission to evacuate Americans and allied refugees from Afghanistan has not been affected. The incident was also confirmed by a Reuters’ source, but it added that the attack did not impact the operations of the State Department.”

Title: Google Publishes Zero-Day Vulnerability in Windows Firewall and Appcontainer Affecting Every Version. Patch Not Available
Date Published: August 20, 2021

https://iics.medium.com/google-publishes-zero-day-vulnerability-in-windows-firewall-and-appcontainer-affecting-every-94c85fe4ffdb

Excerpt: “Almost simultaneously with the Project Zero report, Microsoft announced that it would continue to work to address the vulnerability. At the moment it is unknown why the company changed its mind, although more details are expected to be revealed as soon as the flaw is addressed and the security patch is available. While it seems somewhat strange, it’s common practice for Google Project Zero to publicly reveal reports about flaws that Microsoft and other tech companies can’t or choose not to update. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.”

Title: The Mozi IoT Botnet Evolved to Gain Persistence on Netgear, Huawei, and ZTE Gateways
Date Published: August 21, 2021

https://iics.medium.com/the-mozi-iot-botnet-evolved-to-gain-persistence-on-netgear-huawei-and-zte-gateways-ffb28fb3ccd5

Excerpt: “Cybersecurity specialists the detection of a new version of the Mozi that is now capable of manipulating the web traffic of the affected implementations using DNS spoofing techniques and HTTP session hijacking. This criminal operation was detected by security teams, who claim that hackers began targeting Netgear, Huawei and ZTE devices. Mozi was first detected in 2019 by Netlab researchers, reaching around 15,000 infected devices in just a couple months.”

Title: 637 Flaws in Industrial Control System (Ics) Products Were Published in H1 2021
Date Published: August 20, 2021

https://securityaffairs.co/wordpress/121287/ics-scada/ics-flaws-report-h1-2021.html

Excerpt: “The analysis of vulnerabilities disclosed for each vendor revealed that Siemens was the vendor with the most reported vulnerabilities, 146, many of which were disclosed as part of internal research conducted by the Siemens CERT. the other vendors with the highest number of flaws are Schneider Electric (65) and Rockwell Automation (35). A majority of the flaws impact products on the operations management level (historians, OPC servers), followed by the basic control (PLC, RTU), and supervisory control (HMI, SCADA) levels.”

Title: CISA Shares Guidance on How to Prevent Ransomware Data Breaches
Date Published: August 19, 2021

https://www.bleepingcomputer.com/news/security/cisa-shares-guidance-on-how-to-prevent-ransomware-data-breaches/

Excerpt: “The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes. CISA’s fact sheet includes best practices for preventing ransomware attacks and protecting sensitive information from exfiltration attempts. The federal agency issued these recommendations in response to most ransomware gangs using data stolen from their victims’ networks as leverage in ransom negotiations under the threat of publishing the stolen info on dedicated leak sites.”

Title: Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems
Date Published: August 23, 2021

https://thehackernews.com/2021/08/top-15-vulnerabilities-attackers.html

Excerpt: “Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans. That’s according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top threats and vulnerabilities affecting the operating system in the first half of 2021, based on data amassed from honeypots, sensors, and anonymized telemetry. The company, which detected nearly 15 million malware events aimed at Linux-based cloud environments, found coin miners and ransomware to make up 54% of all malware, with web shells accounting for a 29% share.”

Title: New Evidence Shows Strong Connection Between Diavol Ransomware and TrickBot Gang
Date Published: August 23, 2021

https://heimdalsecurity.com/blog/new-evidence-shows-strong-connection-between-diavol-ransomware-and-trickbot-gang/

Excerpt: “Back in July, cybersecurity specialists at Fortinet announced the emergence of a new ransomware group allegedly developed by the creators of the advanced Trojan TrickBot. The new ransomware family is called Diavol and it is believed to have connections to the Wizard Spider threat actor as the researchers discovered a few similarities in the operation mode employed by the malware. Wizard Spider is a Russia-based cybercrime group that uses Trickbot, Ryuk, and Conti ransomware as their primary tools. According to the Fortinet researchers, both Diavol and Conti ransomware gangs used the same command-line parameters for different functions such as logging, encryption, and network scanning.”

Title: Razer Bug Lets You Become a Windows 10 Admin by Plugging in a Mouse
Date Published: August 22, 2021

https://www.bleepingcomputer.com/news/security/razer-bug-lets-you-become-a-windows-10-admin-by-plugging-in-a-mouse/

Excerpt: “Razer claims that their Razer Synapse software is used by over 100 million users worldwide. Security researcher Jonhat discovered a zero-day vulnerability in the plug-and-play Razer Synapse installation that allows users to gain SYSTEM privileges on a Windows device quickly. SYSTEM privileges are the highest user rights available in Windows and allow someone to perform any command on the operating system. Essentially, if a user gains SYSTEM privileges in Windows, they attain complete control over the system and can install whatever they want, including malware. After not receiving a response from Razer, jonhat disclosed the zero-day vulnerability on Twitter yesterday and explained how the bug works with a short video.”

Title: T-Mobile’s Current Data Breach Tally: 54 Million Victims
Date Published: August 20, 2021

https://www.bankinfosecurity.com/blogs/t-mobiles-revised-breach-tally-54-million-victims-p-3089

Excerpt: “T-Mobile’s revising of the number of breach victims upward is not unusual. Often, as investigators continue to probe a breach, they find it’s worse than they initially believed. Sometimes, however, investigators will find that a breach isn’t as bad as it first appeared. Regardless, the responsibility facing an organization that has been breached is to issue timely information that enables victims to best protect themselves – without overwhelming them with micro-updates and triggering “breach fatigue.” But that’s the best-case scenario. Regulations can sometimes require organizations to alert authorities or the public more quickly, perhaps before they’ve had time to assess what really happened.”