Microsoft Breaks Silence on Barrage of ProxyShell Attacks
threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Microsoft has broken its silence on the recent barrage of attacks on several ProxyShell vulnerabilities in that were highlighted by a researcher at Black Hat earlier this month. The company released an advisory late Wednesday letting customers know that threat actors may use unpatched Exchange servers “to deploy ransomware or conduct other post-exploitation activities” and urging them to update immediately. “Our recommendation, as always, is to install the latest CU and SU on all your Exchange servers to ensure that you are protected against the latest threats, ” the company said. “Please update now!”
FBI shares technical details for Hive ransomware
www.bleepingcomputer.com/news/security/fbi-shares-technical-details-for-hive-ransomware/ The Federal Bureau of Investigation (FBI) has released some technical details and indicators of compromise associated with Hive ransomware attacks. In a rare occurrence, the FBI has included the link to the leak site where the ransomware gang publishes data stolen from companies that did not pay. Hive ransomware relies on a diverse set of tactics, techniques, Biden gets Google, Apple, others to join “whole-of-nation” cybersecurity effortand procedures, which makes it difficult for organizations to defend against its attacks, the FBI says.
New variant of PRISM Backdoor WaterDrop’ targets Linux systems
www.hackread.com/prism-backdoor-varian-waterdrop-hits-linux/ Security researchers at AT&T Labs have published a report sharing details of a newly discovered Linux ELF executables cluster having zero to low antivirus detections on VirusTotal. Researchers noted that these executables have a modified version of the open-source backdoor PRISM, which threat actors use extensively in different campaigns. Reportedly, the malware has been on their radar for more than 3.5 years. The oldest samples date back to November 8th, 2017. It concerns researchers that the executables aren’t detected by VirusTotal that usually detects malicious URLs and files easily.
Biden gets Google, Apple, others to join “whole-of-nation” cybersecurity effort
www.zdnet.com/article/tech-giants-make-cybersecurity-commitments-after-white-house-meeting/#ftag=RSSbaffb68 Following a cybersecurity meeting at the White House on Wednesday, President Biden secured promises from major tech companies to spend significant sums improving the nation’s cyber resiliency. Microsoft and Google, for instance, each committed billions to specific cybersecurity investments. The meeting comes in the wake of a series of dramatic cybersecurity incidents, including the Colonial Pipeline ransomware attack that shut down gas and oil deliveries throughout the southeast, the SolarWinds software supply chain attack and an extensive hack on Microsoft Exchange servers. n a statement, the White House said a “whole-of-nation effort” is needed to address cybersecurity threats.
US government and private sector agree to invest time, money in cybersecurity
blog.malwarebytes.com/awareness/2021/08/us-government-and-private-sector-agree-to-invest-time-money-in-cybersecurity/ In the wake of several high-profile ransomware attacks against critical infrastructure and major organizations in the last few months, President Biden met with private sector and education leaders to discuss a whole-of-nation effort needed to address cybersecurity threats and bolster the nation’s cybersecurity. Several participants in President Biden’s meetings have recently announced commitments and initiatives. The key iniatives are protection from supply chain attacks, the industrial control systems cybersecurity initiative and security training.
Updates on our continued collaboration with NIST to secure the Software Supply Chain
security.googleblog.com/2021/08/updates-on-our-continued-collaboration.html Yesterday, we were honored to participate in President Biden’s White House Cyber Security Summit where we shared recommendations to advance the administration’s cybersecurity agenda. This included our commitment to invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain, and enhance open-source security.
Synology: Multiple products impacted by OpenSSL RCE vulnerability
www.bleepingcomputer.com/news/security/synology-multiple-products-impacted-by-openssl-rce-vulnerability/ Taiwan-based NAS maker Synology has revealed that recently disclosed remote code execution (RCE) and denial-of-service (DoS) OpenSSL vulnerabilities impact some of its products. The complete list of devices affected by the security flaws tracked as CVE-2021-3711 and CVE-2021-3712 includes DSM 7.0, DSM 6.2, DSM UC, SkyNAS, VS960HD, SRM 1.2, VPN Plus Server, and VPN Server.
Atlassian warns of critical Confluence flaw
www.theregister.com/2021/08/26/atlassian_critical_confluence_flaw/ Atlassian has warned users of its Confluence Server that they need to patch the product to remedy a Critical-rated flaw. The company’s not saying a lot about CVE-2021-26084, besides describing it as a “Confluence Server Webwork OGNL injection vulnerability that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.”. Atlassian has released fixed versions of the product namely versions 6.13.23, 7.4.11, 7.11.6, 7.12.5, and 7.13.0 but the company’s advisory suggests upgrading to the latest long-term service release.