Daily NCSC-FI news followup 2021-08-26

Microsoft Breaks Silence on Barrage of ProxyShell Attacks

threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Microsoft has broken its silence on the recent barrage of attacks on several ProxyShell vulnerabilities in that were highlighted by a researcher at Black Hat earlier this month. The company released an advisory late Wednesday letting customers know that threat actors may use unpatched Exchange servers “to deploy ransomware or conduct other post-exploitation activities” and urging them to update immediately. “Our recommendation, as always, is to install the latest CU and SU on all your Exchange servers to ensure that you are protected against the latest threats, ” the company said. “Please update now!”

FBI shares technical details for Hive ransomware

www.bleepingcomputer.com/news/security/fbi-shares-technical-details-for-hive-ransomware/ The Federal Bureau of Investigation (FBI) has released some technical details and indicators of compromise associated with Hive ransomware attacks. In a rare occurrence, the FBI has included the link to the leak site where the ransomware gang publishes data stolen from companies that did not pay. Hive ransomware relies on a diverse set of tactics, techniques, Biden gets Google, Apple, others to join “whole-of-nation” cybersecurity effortand procedures, which makes it difficult for organizations to defend against its attacks, the FBI says.

New variant of PRISM Backdoor WaterDrop’ targets Linux systems

www.hackread.com/prism-backdoor-varian-waterdrop-hits-linux/ Security researchers at AT&T Labs have published a report sharing details of a newly discovered Linux ELF executables cluster having zero to low antivirus detections on VirusTotal. Researchers noted that these executables have a modified version of the open-source backdoor PRISM, which threat actors use extensively in different campaigns. Reportedly, the malware has been on their radar for more than 3.5 years. The oldest samples date back to November 8th, 2017. It concerns researchers that the executables aren’t detected by VirusTotal that usually detects malicious URLs and files easily.

Biden gets Google, Apple, others to join “whole-of-nation” cybersecurity effort

www.zdnet.com/article/tech-giants-make-cybersecurity-commitments-after-white-house-meeting/#ftag=RSSbaffb68 Following a cybersecurity meeting at the White House on Wednesday, President Biden secured promises from major tech companies to spend significant sums improving the nation’s cyber resiliency. Microsoft and Google, for instance, each committed billions to specific cybersecurity investments. The meeting comes in the wake of a series of dramatic cybersecurity incidents, including the Colonial Pipeline ransomware attack that shut down gas and oil deliveries throughout the southeast, the SolarWinds software supply chain attack and an extensive hack on Microsoft Exchange servers. n a statement, the White House said a “whole-of-nation effort” is needed to address cybersecurity threats.

US government and private sector agree to invest time, money in cybersecurity

blog.malwarebytes.com/awareness/2021/08/us-government-and-private-sector-agree-to-invest-time-money-in-cybersecurity/ In the wake of several high-profile ransomware attacks against critical infrastructure and major organizations in the last few months, President Biden met with private sector and education leaders to discuss a whole-of-nation effort needed to address cybersecurity threats and bolster the nation’s cybersecurity. Several participants in President Biden’s meetings have recently announced commitments and initiatives. The key iniatives are protection from supply chain attacks, the industrial control systems cybersecurity initiative and security training.

Updates on our continued collaboration with NIST to secure the Software Supply Chain

security.googleblog.com/2021/08/updates-on-our-continued-collaboration.html Yesterday, we were honored to participate in President Biden’s White House Cyber Security Summit where we shared recommendations to advance the administration’s cybersecurity agenda. This included our commitment to invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain, and enhance open-source security.

Synology: Multiple products impacted by OpenSSL RCE vulnerability

www.bleepingcomputer.com/news/security/synology-multiple-products-impacted-by-openssl-rce-vulnerability/ Taiwan-based NAS maker Synology has revealed that recently disclosed remote code execution (RCE) and denial-of-service (DoS) OpenSSL vulnerabilities impact some of its products. The complete list of devices affected by the security flaws tracked as CVE-2021-3711 and CVE-2021-3712 includes DSM 7.0, DSM 6.2, DSM UC, SkyNAS, VS960HD, SRM 1.2, VPN Plus Server, and VPN Server.

Atlassian warns of critical Confluence flaw

www.theregister.com/2021/08/26/atlassian_critical_confluence_flaw/ Atlassian has warned users of its Confluence Server that they need to patch the product to remedy a Critical-rated flaw. The company’s not saying a lot about CVE-2021-26084, besides describing it as a “Confluence Server Webwork OGNL injection vulnerability that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.”. Atlassian has released fixed versions of the product namely versions 6.13.23, 7.4.11, 7.11.6, 7.12.5, and 7.13.0 but the company’s advisory suggests upgrading to the latest long-term service release.

You might be interested in …

Daily NCSC-FI news followup 2021-08-05

Energy group ERG reports minor disruptions after ransomware attack www.bleepingcomputer.com/news/security/energy-group-erg-reports-minor-disruptions-after-ransomware-attack/ Italian energy company ERG reports “only a few minor disruptions” affecting its information and communications technology (ICT) infrastructure following a ransomware attack on its systems. Linux version of BlackMatter ransomware targets VMware ESXi servers www.bleepingcomputer.com/news/security/linux-version-of-blackmatter-ransomware-targets-vmware-esxi-servers/ The BlackMatter gang has joined the ranks of ransomware operations […]

Read More

Daily NCSC-FI news followup 2021-09-16

APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus us-cert.cisa.gov/ncas/alerts/aa21-259a The FBI, CISA, and CGCYBER assess that advanced persistent threat (APT) cyber actors are likely among those exploiting the vulnerability. The exploitation of ManageEngine ADSelfService Plus poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use […]

Read More

Daily NCSC-FI news followup 2021-09-17

NSO Group iMessage Zero-Click Exploit Captured in the Wild citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRY vulnerability CVE-2021-30860 and describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.”. In this article, Citizen Lab analyses the exploit chain in detail. Mitigating […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.