WyzGuys Tech Talk

A quick Saturday digest of cybersecurity news articles from other sources.

Today Is International Firefly Day

Calling all Browncoats!  April 24 is International Watch Firefly Day (the other date is the series launch date of September 20).  I just finished a fresh binge session myself.  Since FOX cancelled Firefly during the first season, this is a relatively easy thing to accomplish.

WordPress Releases Security and Maintenance Update

Original release date: April 16, 2021

WordPress versions 4.7-5.7 are affected by multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected website.  CISA encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.7.1.

Threat Actors Targeting Cybersecurity Researchers

Original release date: April 14, 2021

Google and Microsoft recently published reports on advanced persistent threat (APT) actors targeting cybersecurity researchers. The APT actors are using fake social media profiles and legitimate-looking websites to lure security researchers into visiting malicious websites to steal information, including exploits and zero-day vulnerabilities. APT groups often use elaborate social engineering and spear phishing schemes to trick victims into running malicious code through malicious links and websites.

CISA recommends cybersecurity practitioners to guard against this specific APT activity and review the following reports for more information:

• Google – Update on campaign targeting security researchers, published March 31, 2021
• Microsoft – ZINC attacks against security researchers, published January 28, 2021
• Google – New campaign targeting security researchers, published January 25, 2021
• CISA Tip – Avoiding social engineering and phishing attacks, updated August 25, 2020

Additionally, CISA strongly encourages cybersecurity practitioners use sandbox environments that are isolated from trusted systems or networks when examining untrusted code or websites.

Updates on Microsoft Exchange Server Vulnerabilities

Original release date: April 12, 2021

CISA has added two new Malware Analysis Reports (MARs) to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities.

• MAR-10330097-1.v1: DearCry Ransomware identifies ransomware that has been used to exploit compromised on-premises Exchange servers. The malware encrypts files on a device and demands ransom in exchange for decryption.
• MAR-10331466-1.v1: China Chopper Webshell identifies a China Chopper webshell observed in post-compromised Microsoft Exchange Servers. After successfully exploiting a Microsoft Exchange Server vulnerability for initial accesses, a malicious cyber actor can upload a webshell to enable remote administration of the affected system.

CISA encourages users and administrators to review the following resources for more information:

• CISA Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities
• CISA web page Remediating Microsoft Exchange Vulnerabilities
• CISA web page Ransomware Guidance and Resources

The FBI Is Now Securing Networks Without Their Owners’ Permission

[2021.04.14] In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised networks that would give them subsequent remote access. Even if the vulnerabilities were patched, the shell would remain until the network operators removed it.

Now, months later, many of those shells are still in place. And they’re being used by criminal hackers as well.

On Tuesday, the FBI announced that it successfully received a court order to remove “hundreds” of these web shells from networks in the US.

This is nothing short of extraordinary, and I can think of no real-world parallel. It’s kind of like if a criminal organization infiltrated a door-lock company and surreptitiously added a master passkey feature, and then customers bought and installed those locks. And then if the FBI got a court order to fix all the locks to remove the master passkey capability. And it’s kind of not like that. In any case, it’s not what we normally think of when we think of a warrant. The links above have details, but I would like a legal scholar to weigh in on the implications of this.

CISA Directive: 36-Hour Countdown to ‘Patch or Disconnect’

Urgent fallout is happening right now related to the recently discovered Zero-Days with Microsoft Exchange servers—vulnerabilities that are being exploited by what’s believed to be a Chinese nation-state hacking operation. In this latest action, the U.S. Department of Homeland Security and CISA started a timeclock for federal agencies to take action, and as of publication, we’re down to about 36 hours… Read more

Cyber criminals are installing crypto-jacking malware on unpatched Microsoft Exchange servers

It5s not bad enough that the Chinese government has hijacked all these Exchange servers, but they have left backdoors and shells behind that cybercriminals are using for other exploits.  Cyber attackers are scanning the internet for vulnerable Microsoft Exchange servers they can exploit to mine for cryptocurrency. “It’s basically free money rolling in for the attackers,” warn cybersecurity researchers.

How to Minimize the Impact of Severe Weather on IT Systems

Every year, severe weather events result in human and economic losses. While there is no way to stop these events, companies can minimize their impact on IT systems. Here are some ways you can prepare your IT systems and your employees for weather disasters.

The post How to Minimize the Impact of Severe Weather on IT Systems appeared first on CHIPS.

How open source security flaws pose a threat to organizations

A majority of the open source codebases found in commercial applications analyzed by Synopsys contained security vulnerabilities.