Urgent: Protect Against Active Exploitation of ProxyShell Vulnerabilities
us-cert.cisa.gov/ncas/current-activity/2021/08/21/urgent-protect-against-active-exploitation-proxyshell Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft’s Security Update from May 2021which remediates all three ProxyShell vulnerabilitiesto protect against these attacks.
Almost 2, 000 Exchange servers hacked using ProxyShell exploit
therecord.media/almost-2000-exchange-servers-hacked-using-proxyshell-exploit/ Almost 2, 000 Microsoft Exchange email servers have been hacked over the past two days and infected with backdoors after owners did not install patches for a collection of vulnerabilities known as ProxyShell. The attacks, detected by security firm Huntress Labs, come after proof-of-concept exploit code was published online earlier this month, and scans for vulnerable systems began last week.
LockFile ransomware uses PetitPotam attack to hijack Windows domains
www.bleepingcomputer.com/news/security/lockfile-ransomware-uses-petitpotam-attack-to-hijack-windows-domains/ At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide. Behind the attacks appears to be a new ransomware gang called LockFile that was first seen in July, which shows some resemblance and references to other groups in the business. Security researchers at Symantec, a division of Broadcom, said that the actor’s initial access on the network is through Microsoft Exchange servers but the exact method remains unknown at the moment. Next, the attacker takes over the organization’s domain controller by leveraging the new PetitPotam method, which forces authentication to a remote NTLM relay under LockFile’s control. LockFile threat actor seems to rely on publicly available code to exploit the original PetitPotam (tracked as CVE-2021-36942) variant.
Ransomware hits Lojas Renner, Brazil’s largest clothing store chain
therecord.media/ransomware-hits-lojas-renner-brazils-largest-clothing-store-chain/ Lojas Renner, Brazil’s largest clothing department store chain, said it suffered a ransomware attack that impacted its IT infrastructure and resulted in the unavailability of some of its systems, including its official web store. Several Brazilian bloggers and news outlets blew the incident out of proportion by claiming that the attack had forced the company to shut down all its physical stores across the country. Details about the ransomware incident remain to be confirmed, but one Brazilian blog claimed that the attack on Renner’s infrastructure was carried out by the RansomExx gang, which gained access to Renner servers via Tivit, a major Brazilian IT and digital services provider.
Hackers swipe almost $100 million from major cryptocurrency exchange
www.welivesecurity.com/2021/08/20/hackers-swipe-100million-cryptocurrency-exchange/ Japanese cryptocurrency exchange platform Liquid has fallen victim to enterprising hackers who compromised its warm wallets and made off with more than US$97 million in various cryptocurrency assets. “At roughly 7:50 AM SGT on August 19th, Liquid’s Operations and Technology teams detected unauthorized access of some of the crypto wallets managed at Liquid, ” reads the company’s incident report. The culprit or culprits behind the attack haven’t been identified yet; however, according to Liquid’s blog (in Japanese), the attack vector could be traced back to a compromised wallet used by its Singaporean subsidiary QUOINE.
China pushes through data protection law that applies cross-border
www.zdnet.com/article/china-pushes-through-data-protection-law-that-applies-cross-border/ China has pushed through a new personal data protection law that details regulations around collection, use, and storage. It includes data processing by companies based outside of China and encompasses requirements for organisations, including multinational cooperations, operating China to appoint someone responsible for its compliance. If a business refused to correct the violation, it could be fined up to 1 million yuan ($150, 000). Employees directly responsible and overseeing the data violation also might be slapped with a fine of 10, 000 yuan ($1, 500) to 100, 000 yuan ($15, 000). In more serious violations, financial penalties could go up to 50 million yuan ($7.5 million) or 5% of annual revenue in the company’s previous fiscal year.