News – Page 483

Critical Vulnerability Exposed Azure Cosmos DBs for Months

Posted on 27 August 2021

From securityweek.com

Microsoft this week started notifying customers of a critical vulnerability in Azure Cosmos DB that could have provided attackers with administrative access to Cosmos DB instances.

A fully managed NoSQL database, Cosmos DB was launched in 2017, for use with web and mobile applications, but also supports modeling social interactions and integration with third-party services.

Earlier this month, researchers with the cloud security firm Wiz discovered a vulnerability in the Azure cloud platform that could allow a remote attacker to take over Cosmos DB instances without authorization, with full administrative rights, meaning they could read, write, or delete databases.

Offensive Wifi Toolkit: the most compact WiFi auditing tool

Posted on 27 August 2021

From securityonline.info

This tool compiles some necessary tools for wifi auditing in a Unix bash script with a user-friendly interface. The goal of owt is to have the smallest file size possible while still functioning at maximum proficiency.

FBI releases alert about Hive ransomware after attack on hospital system in Ohio and West Virginia

Posted on 27 August 2021

From zdnet.com

The FBI has released an alert about the Hive ransomware after the group took down Memorial Health System last week.

The alert explains that Hive is an affiliate-operated ransomware first seen in June that deploys “multiple mechanisms to compromise business networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol to move laterally once on the network.”

“After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network. The actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software. The ransom note also threatens to leak exfiltrated victim data on the Tor site, ‘HiveLeaks,'” the FBI explained.

Ragnarok ransomware operation shuts down and releases free decrypter

Posted on 27 August 2021

From malware.news

The Ragnarok (or Asnarök) ransomware gang 1 shut down their operation today and released a free decryption utility to help victims recover their files.

The free decrypter, hardcoded with a master decryption key, was released today on the gang’s dark web portal, where the group previously used to publish files from victims who refused to pay.

Big bad decryption bug in OpenSSL – but no cause for alarm

Posted on 27 August 2021

From nakedsecurity.sophos.com

The well-known and widely-used encryption library OpenSSL released a security patch earlier this week.

Annoyingly for those who like lean, modern, sans serif typefaces, the new version is OpenSSL 1.1.1l, which is tricky to interpret if you use a font in which upper case EYE, lower case ELL and the digit ONE look at all similar.

To spell it out phonetically, you’re after OpenSSL version ONE dot ONE dot ONE LIMA.

(At the time of writing, Naked Security’s official typeface is Flama, a Bauhaus-inspired font family derived from DIN 1451, which itself arose out of early 20th century German railway and road lettering styles. Our lower case ELLs have a neat looking rightwards curl at the bottom to improve their legibility, and ONEs get a classically European look with a crossbar at the bottom and a little leftward flick at the top. But not all typefaces are made that way.)

PJCIS recommends passage of Bill that will allow incidental collection of Australian data

Posted on 26 August 2021

From zdnet.com

In less than a week, the Parliamentary Joint Committee on Intelligence and Security (PJCIS) has conducted a review into the Foreign Intelligence Legislation Amendment Bill that will allow for the practice of incidentally collecting the data of Australians, and recommended it be passed.

The Telecommunications Interception and Access Act (TIA Act) previously banned the practice, but the government and its security agencies have argued that Australia has been falling behind foreign agencies.

Critical Flaw Discovered in Cisco APIC for Switches — Patch Released

Posted on 26 August 2021

From thehackernews.com

Cisco Systems on Wednesday issued patches to address a critical security vulnerability affecting the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches that could be potentially abused to read or write arbitrary files on a vulnerable system.

Tracked as CVE-2021-1577 (CVSS score: 9.1), the issue — which is due to improper access control — could enable an unauthenticated, remote attacker to upload a file to the appliances. ” A successful exploit could allow the attacker to read or write arbitrary files on an affected device,” the company said in an advisory.