Title: Microsoft Office 365 Feature Can Help Cloud Ransomware Attacks
Date Published: June 16, 2022
Excerpt: “Security researchers are warning that threat actors could hijack Office 365 accounts to encrypt for ransom the files stored in SharePoint and OneDrive services that companies use for cloud-based collaboration, document management and storage. A ransomware attack targeting files on these services could have severe consequences if backups aren’t available, rendering important data inaccessible to owners and working groups. ”
Title: Hackers Exploit Three-Year-Old Telerik Flaws to Deploy Cobalt Strike
Date Published: June 15, 2022
Excerpt: “A threat actor known as ‘Blue Mockingbird’ targets Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources. The flaw leveraged by the attacker is CVE-2019-18935, a critical severity (CVSS v3.1: 9.8) deserialization that leads to remote code execution in the Telerik UI library for ASP.NET AJAX. The same threat actor was seen targeting vulnerable Microsoft IIS servers that used Telerik UI in May 2020, by which time a year had passed since security updates were made available by the vendor. Surprisingly, Sophos researchers reported today that Blue Mockingbird is still leveraging the same flaw to launch cyberattacks, according to their detection data.”
Title: Cisco Secure Email Bug Can Let Attackers Bypass Authentication
Date Published: June 15, 2022
Excerpt: “Cisco notified customers this week to patch a critical vulnerability that could allow attackers to bypass authentication and login into the web management interface of Cisco email gateway appliances with non-default configurations. The security flaw (tracked as CVE-2022-20798) was found in the external authentication functionality of virtual and hardware Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager appliances. CVE-2022-20798 is due to improper authentication checks on affected devices using Lightweight Directory Access Protocol (LDAP) for external authentication.”
Title: Researchers Disclosed a Remote Code Execution Vulnerability, Tracked as CVE-2022-25845, in the Popular Fastjson Library
Date Published: June 16, 2022
https://securityaffairs.co/wordpress/132333/security/fastjson-library-rce.html
Excerpt: “Cybersecurity researchers from JFrog disclosed details of a now patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Fastjson is a Java library that can be used to convert Java Objects into their JSON representation. It can also be used to convert a JSON string to an equivalent Java object. Fastjson can work with arbitrary Java objects including pre-existing objects that you do not have source-code of. The flaw, tracked as CVE-2022-25845 (CVSS score: 8.1), resides in a feature called “AutoType” and is related to the deserialization of untrusted data. The AutoType function allows specifying a custom type when parsing a JSON input that can then be deserialized into an object of a specific class.”
Title: Citrix fixed a Critical Flaw in Citrix Application Delivery Management (ADM), Tracked as CVE-2022-27511, That Can Allow Attackers to Reset Admin Passwords
Date Published: June 15, 2022
Excerpt: “Citrix fixed a critical vulnerability in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can be exploited by attackers to reset admin passwords. Citrix Application Delivery Management (ADM) is a comprehensive platform that enables automation, orchestration, management, and analytics for application delivery across hybrid multi-cloud environments. The flaw is an Improper Access Control issue reported by the security researcher Florian Hauser from Code White. The flaw impacts all supported versions of Citrix Application Delivery Management server.”
Title: Researchers Discovered a New Golang-Based Peer-To-Peer (P2P) Botnet, Dubbed Panchan, Targeting Linux Servers in the Education Sector Since March 2022.
Date Published: June 15, 2022
https://securityaffairs.co/wordpress/132290/cyber-crime/panchan-p2p-botnet.html
Excerpt: “Akamai security researchers discovered a new Golang-based P2P Botnet, tracked as Panchan, that is targeting Linux servers that has been active since March 2022. Panchan uses a basic SSH dictionary attack to implement wormable behavior; it also harvests SSH keys and uses them for lateral movement. The bot uses “its built-in concurrency features to maximize spreadability and execute malware modules.”
The botnet is engaged in crypto mining activity, the malicious code has been designed to hijack the computer’s resources to mine cryptocurrencies. The bot was observed using XMRig and nbhash miners that aren’t extracted to the disk to avoid detection.”
Title: BNPL Fraud Alert as Account Takeovers Surge
Date Published: June 15, 2022
https://www.infosecurity-magazine.com/news/bnpl-fraud-alert-as-account/
Excerpt: “Account takeover (ATO) attacks targeting the financial services sector surged 58% from April to May this year, raising fears that fraudsters are focusing more on buy now, pay later (BNPL) schemes. BNPL has become increasingly popular as the cost-of-living crisis bites, enabling consumers to buy the products they want by splitting purchases into smaller, interest-free payments.”
Title: ‘Hertzbleed’ Side-Channel Attack Threatens Cryptographic Keys for Servers
Date Published: June 15, 2022
Excerpt: “A novel timing attack allows remote attackers with low privileges to infer sensitive information by observing power-throttling changes in the CPU. A side-channel timing attack dubbed “Hertzbleed” by researchers could allow remote attackers to sniff out cryptographic keys for servers. It affects most Intel processors, as well as some chipsets from AMD and likely others.”
Title: Elasticsearch Database Mess Up Exposed Login, PII Data of 30,000 Students
Date Published: June 15, 2022
https://www.hackread.com/elasticsearch-database-expose-login-pii-data-students/
Excerpt: “SafetyDetectives’ cybersecurity research team led by Anurag Sen identified a misconfigured Elasticsearch server that exposed the data of Transact Campus app. According to their analysis, the server was internet-connected and didn’t need a password to allow access to data. Resultantly, around 1 million records were leaked, revealing personally identifiable information of over 30,000 to 40,000 students.”
Title: Facebook Messenger Scam Duped Millions
Date Published: June 16, 2022
https://threatpost.com/acebook-messenger-scam/179977/
Excerpt: “For months now, millions of Facebook users have been duped by the same phishing scam that cons users into handing over their account credentials. According to a report outlining the phishing campaign, the scam is still active and continues to push victims to a fake Facebook login page where victims are enticed to submit their Facebook credentials. Unconfirmed estimates suggest nearly 10 million users fell prey to the scam, earning a single perpetrator behind the phishing ploy a huge payday. According to a report published by researchers at PIXM Security, the phishing campaign began last year and ramped up in September. Researchers believe millions of Facebook users were exposed each month by the scam. Researchers assert that the campaign remains active.”