News – Page 502

U.S., UK and Australia Issue Joint Cybersecurity Advisory

Posted on 2 August 2021

From securityboulevard.com

As vulnerabilities are discovered, advisories are issued, remedies and mitigations are shared and then the onus is on the end user and/or company to do what’s necessary to close the window into their infrastructure. That is what happens in a perfect world, where CISOs and CIOs have fully collaborative relationships with operations and when the mitigations don’t derail the organization’s operational efficiency and capabilities.

Joint Cybersecurity Advisory

On July 28, 2021, four agencies across three countries issued a joint cybersecurity advisory identifying 30 vulnerabilities that companies (be they big or small) should be mitigating. From the U.S., the agencies are the FBI and CISA; from Australia, the ACSC and from the U.K. the NCSC.

The advisory doesn’t mince words: “Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide. It’s recommended that organizations apply the available patches for the 30 vulnerabilities listed in the joint cybersecurity advisory and implement a centralized patch management system.”

CISOs—you’ve received your marching orders. Close the delta of vulnerability.

Navigating the 2021 threat landscape: Security operations, cybersecurity maturity

Posted on 2 August 2021

From helpnetsecurity.com

Ransomware attacks have been increasingly in the headlines, and reaching historic levels of impact. Findings from a new report from ISACA in partnership with HCL Technologies show that 35 percent of respondents report that their enterprises are experiencing more cyberattacks, three percentage points higher than last year.

DOJ: SolarWinds hackers breached emails from 27 US Attorneys’ offices

Posted on 31 July 2021

From bleepingcomputer.com

DOJ: SolarWinds hackers breached emails from 27 US Attorneys’ offices

The US Department of Justice says that the Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were breached by the Russian Foreign Intelligence Service (SVR) during the SolarWinds global hacking spree.

“The APT is believed to have access to compromised accounts from approximately May 7 to December 27, 2020,” the DOJ said in a statement issued earlier today.

“The compromised data included all sent, received, and stored emails and attachments found within those accounts during that time,

“While other districts were impacted to a lesser degree, the APT group gained access to the O365 email accounts of at least 80 percent of employees working in the U.S. Attorneys’ offices located in the Eastern, Northern, Southern, and Western Districts of New York.” [emphasis ours]

Crooks using phony call centers to spread ransomware via BazaCall attacks

Posted on 31 July 2021

From hackread.com

In BazaCall, a “vishing-like” method is used in which victims receive email messages notifying them that subscription fees apply or their subscription will expire if they don’t call a particular phone number.

A new campaign was identified in which fake call centers are tricking victims into downloading malware, performing data exfiltration, and deploying ransomware on the affected machine. The attack is called BazaCall.

This new campaign was discovered and reported by Microsoft 365 Defender Threat Intelligence Team. The researchers noted that BazaCall attacks could quickly spread within a network and carry out extensive credential and data theft. It can also distribute ransomware within just 48 hours of the compromise.

New PayPal Credential Phishing Scam Conducted Via Live Chat Service

Posted on 31 July 2021

From heimdalsecurity.com

Recently, Cofense Phishing Defense Center analysts discovered a rather unusual PayPal credential phishing scam.

Phishing is a malicious technique used by cybercriminals to gather sensitive information (credit card data, usernames, and passwords, etc.) from users. The attackers pretend to be a trustworthy entity to bait the victims into trusting them and revealing their confidential data. What’s worse, the data gathered through phishing can be used for financial theft, identity theft, to gain unauthorized access to the victim’s accounts or to accounts they have access to, to blackmail the victim, and more.

Microsoft: This Windows and Linux malware does everything it can to stay on your network

Posted on 31 July 2021

From zdnet.com

Microsoft has continued its analysis of the LemonDuck malware, known for installing crypto-miners in enterprise environments. It makes a strong case for why it is worth removing it from your network.

This group, according to Microsoft, has a well-stocked arsenal of hacking tools, tricks and exploits aimed at one thing: for their malware to retain exclusive access to a compromised network for as long as possible.

While crypto-mining malware could be just a nuisance, LemonDuck attributes suggest the attacker group really do try to own compromised networks by disabling anti-malware, removing rival malware, and even automatically patching vulnerabilities — a competitive effort to keep rival attackers from feeding off its turf.

Linux eBPF bug gets root privileges on Ubuntu – Exploit released

Posted on 31 July 2021

From bleepingcomputer.com

Linux eBPF bug gets root privileges on Ubuntu - Exploit released

A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF (Extended Berkeley Packet Filter) that can give an attacker increased privileges on Ubuntu machines.

The bug is tracked as CVE-2021-3490. It was disclosed in May and is a privilege escalation, so leveraging it requires local access on the target machine.

eBPF is a technology that enables user-supplied programs to run sandboxed inside the operating system’s kernel, triggered by a specific event or function (e.g. system call, network events).