Infosec News 20211215
Top News
-
Second Log4j Vulnerability (CVE-2021-45046) Discovered — New Patch Released
"The Apache Software Foundation (ASF) has pushed out a new fix for the Log4j logging utility after the previous patch for the recently disclosed Log4Shell exploit was deemed as "incomplete in certain non-default configurations.""
TLP1 : Green
-
Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems
"Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell vulnerability (CVE-2021-44228) to deliver the new Khonsari ransomware on Windows machines.
Experts warn that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines."
TLP1 : Green
-
DHS announces its ‘Hack DHS’ bug bounty program
"The Department of Homeland Security (DHS) has launched a new bug bounty program dubbed ‘Hack DHS’ that allows vetted white hat hackers to discover and report security vulnerabilities in external DHS systems."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
US CISA orders federal agencies to fix Log4Shell by December 24th
"US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. The order aims at preventing threat actors could exploit the vulnerability in attacks against government systems.
The CVE-2021-44228 flaw made the headlines last week, after Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for the critical remote code execution zero-day vulnerability (aka Log4Shell) that affects the Apache Log4j Java-based logging library."
TLP1 : Green
-
HR Management Firm Kronos Needs Weeks to Recover From Ransomware Attack
"The attack, which took place on Saturday, December 11, 2021, targeted Kronos Private Cloud, a service on which the company runs several of its cloud applications, including Banking Scheduling Solutions, Healthcare Extensions, UKG TeleStaff, and UKG Workforce Central.
“At this time, we are not aware of an impact to UKG Pro, UKG Ready, UKG Dimensions, or any other UKG products or solutions, which are housed in separate environments and not in the Kronos Private Cloud,” the company said."
TLP1 : Green
-
400 Banks’ Customers Targeted with Anubis Trojan
"The new campaign masqueraded as an Orange Telecom account management app to deliver the latest iteration of Anubis banking malware.
Customers of Chase, Wells Fargo, Bank of America and Capital One, along with nearly 400 other financial institutions, are being targeted by a malicious app disguised to look like the official account management platform for French telecom company Orange S.A.
Researchers say this is just the beginning."
TLP1 : Green
-
‘Seedworm’ Attackers Target Telcos in Asia, Middle East
"The focused attacks aimed at cyberespionage and lateral movement appear to hint at further ambitions by the group, including supply-chain threats.
Attackers targeting telcos across the Middle East and Asia for the past six months are linked to Iranian state-sponsored hackers, according to researchers. The cyberespionage campaigns leverage a potent cocktail of spear phishing, known malware and legitimate network utilities that are leveraged to steal data and potentially disrupt supply-chains."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Source Code Leaks: The Real Problem Nobody Is Paying Attention To
"(...)Source code is a corporate asset like any other. It takes thousands of hours to design, write, test, release, fix, and improve. Companies in the technology sector, like Twitch, consider source code as a blueprint that describes the internals of their digital platforms and the products they build and offer. Code is arguably one of the most valuable assets for such companies, at the source of business opportunities and value creation."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Adobe addresses over 60 vulnerabilities in multiple products
"Adobe has issued critical warnings for more than 60 vulnerabilities in multiple products running on Windows and macOS machines. The vulnerabilities can be exploited by threat actors for code execution, privilege escalation and denial-of-service attacks.
The company said it was not aware of in-the-wild exploitation of any of the documented vulnerabilities."
TLP1 : Green
-
Microsoft Patches 67 Security Flaws, Including Zero-Day Exploited by Emotet
"Microsoft’s security response engine revved into overdrive this month with the release of patches for 67 documented Windows software vulnerabilities, including a zero-day bug that’s already been exploited by one of the most professional and long lasting cybercrime gangs.
In the final Patch Tuesday release for 2021, the Redmond, Wash. software giant called special attention to CVE-2021-43890, a spoofing vulnerability in the Microsoft Windows AppX installer and warned that the bug is being exploited in the wild by the Emotet malware operation."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Tool Overload & Attack Surface Expansion Plague SOCs
"Security analysts and other professionals continue to suffer from burnout due to a lack of staff and too many tools, among other issues, new data shows. Now, three-quarters (72%) of security analysts have rated the pain of doing their jobs as a 7 or higher on a 10-point scale, with a score of 10 indicating that performing their jobs is a horribly painful experience."
TLP1 : Green
-
How Extended Security Posture Management Optimizes Your Security Stack
"As a CISO, one of the most challenging questions to answer is "How well are we protected right now?" Between the acceleration of hackers' offensive capabilities and the dynamic nature of information networks, a drift in the security posture is unavoidable and needs to be continuously compensated. Therefore, answering that question implies continuously validating the security posture and being in a position to check it including, against the latest emerging threats."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Inside Ireland’s Public Healthcare Ransomware Scare
"The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware. It also found affected hospitals had tens of thousands of outdated Windows 7 systems, and that the health system’s IT administrators failed to respond to multiple warning signs that a massive attack was imminent."
TLP1 : Green
-
New Microsoft Exchange credential stealing malware could be worse than phishing
"Kaspersky has discovered a malicious add-on for Microsoft's Internet Information Service (IIS) web server software that it said is designed to harvest credentials from Outlook Web Access (OWA), the webmail client for Exchange and Office 365.
Appropriately dubbed, but debatably pronounced, Owowa, Kaspersky researchers discovered the addon in the wake of the March 2021 Exchange server hack."
TLP1 : Green
-
Windows Privilege Escalation: Scheduled Task/Job
"An attacker may exploit the Windows Task Scheduler to schedule malicious programmes for initial or recurrent execution. For persistence purposes, an attacker may utilise Windows Task Scheduler to launch applications at system startup or on a scheduled basis. Additionally, the Windows Task Scheduler may be utilised to execute remote code to run a process under the context of a specified account for Privilege Escalation."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.