A quick Saturday digest of cybersecurity news articles from other sources.
Today Is International Firefly Day
Calling all Browncoats! April 24 is International Watch Firefly Day (the other date is the series launch date of September 20). I just finished a fresh binge session myself. Since FOX cancelled Firefly during the first season, this is a relatively easy thing to accomplish.
WordPress Releases Security and Maintenance Update
Original release date: April 16, 2021
WordPress versions 4.7-5.7 are affected by multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected website. CISA encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.7.1.
Threat Actors Targeting Cybersecurity Researchers
Original release date: April 14, 2021
Google and Microsoft recently published reports on advanced persistent threat (APT) actors targeting cybersecurity researchers. The APT actors are using fake social media profiles and legitimate-looking websites to lure security researchers into visiting malicious websites to steal information, including exploits and zero-day vulnerabilities. APT groups often use elaborate social engineering and spear phishing schemes to trick victims into running malicious code through malicious links and websites.
CISA recommends cybersecurity practitioners to guard against this specific APT activity and review the following reports for more information:
- Google – Update on campaign targeting security researchers, published March 31, 2021
- Microsoft – ZINC attacks against security researchers, published January 28, 2021
- Google – New campaign targeting security researchers, published January 25, 2021
- CISA Tip – Avoiding social engineering and phishing attacks, updated August 25, 2020
Additionally, CISA strongly encourages cybersecurity practitioners use sandbox environments that are isolated from trusted systems or networks when examining untrusted code or websites.
Updates on Microsoft Exchange Server Vulnerabilities
Original release date: April 12, 2021
CISA has added two new Malware Analysis Reports (MARs) to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities.
- MAR-10330097-1.v1: DearCry Ransomware identifies ransomware that has been used to exploit compromised on-premises Exchange servers. The malware encrypts files on a device and demands ransom in exchange for decryption.
- MAR-10331466-1.v1: China Chopper Webshell identifies a China Chopper webshell observed in post-compromised Microsoft Exchange Servers. After successfully exploiting a Microsoft Exchange Server vulnerability for initial accesses, a malicious cyber actor can upload a webshell to enable remote administration of the affected system.
CISA encourages users and administrators to review the following resources for more information:
- CISA Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities
- CISA web page Remediating Microsoft Exchange Vulnerabilities
- CISA web page Ransomware Guidance and Resources
The FBI Is Now Securing Networks Without Their Owners’ Permission
[2021.04.14] In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised networks that would give them subsequent remote access. Even if the vulnerabilities were patched, the shell would remain until the network operators removed it.
Now, months later, many of those shells are still in place. And they’re being used by criminal hackers as well.
On Tuesday, the FBI announced that it successfully received a court order to remove “hundreds” of these web shells from networks in the US.
This is nothing short of extraordinary, and I can think of no real-world parallel. It’s kind of like if a criminal organization infiltrated a door-lock company and surreptitiously added a master passkey feature, and then customers bought and installed those locks. And then if the FBI got a court order to fix all the locks to remove the master passkey capability. And it’s kind of not like that. In any case, it’s not what we normally think of when we think of a warrant. The links above have details, but I would like a legal scholar to weigh in on the implications of this.
CISA Directive: 36-Hour Countdown to ‘Patch or Disconnect’
Urgent fallout is happening right now related to the recently discovered Zero-Days with Microsoft Exchange servers—vulnerabilities that are being exploited by what’s believed to be a Chinese nation-state hacking operation. In this latest action, the U.S. Department of Homeland Security and CISA started a timeclock for federal agencies to take action, and as of publication, we’re down to about 36 hours… Read more
Cyber criminals are installing crypto-jacking malware on unpatched Microsoft Exchange servers
It5s not bad enough that the Chinese government has hijacked all these Exchange servers, but they have left backdoors and shells behind that cybercriminals are using for other exploits. Cyber attackers are scanning the internet for vulnerable Microsoft Exchange servers they can exploit to mine for cryptocurrency. “It’s basically free money rolling in for the attackers,” warn cybersecurity researchers.
How to Minimize the Impact of Severe Weather on IT Systems
Every year, severe weather events result in human and economic losses. While there is no way to stop these events, companies can minimize their impact on IT systems. Here are some ways you can prepare your IT systems and your employees for weather disasters.
The post How to Minimize the Impact of Severe Weather on IT Systems appeared first on CHIPS.
How open source security flaws pose a threat to organizations
A majority of the open source codebases found in commercial applications analyzed by Synopsys contained security vulnerabilities.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com