This attack is happening to one of my clients.
After a Twitter user hacked over 50,000 printers last week to promote PewDiePie’s YouTube channel as part of a guerilla marketing campaign, a new service has spawned over the weekend advertising the same type of functionality, but for everyone.
Going under the generic term of “Printer Advertising,” this new service claims it can hack printers all over the world to print out messages on demand, similar to the PewDiePie promo hack that took place over the weekend.
“We have the ability to reach every single printer in the world,” claims a website launched on Sunday. “Reservations are limited.” More…
Affecting Windows desktops and servers, the attacks exploit an MSHTML vulnerability by using specially crafted Microsoft Office documents.
Designed to combat zero-day flaws exploited in Apple’s operating systems, the patch applies to the iPhone, iPad, Apple Watch and Mac.
The Shadowserver Foundation, a nonprofit that helps network owners identify and fix security threats, says it has found 21,248 different Exchange servers which appear to be compromised by a backdoor and communicating with brian[.]krebsonsecurity[.]top (NOT a safe domain, hence the hobbling).
Shadowserver has been tracking wave after wave of attacks targeting flaws in Exchange that Microsoft addressed earlier this month in an emergency patch release. The group looks for attacks on Exchange systems using a combination of active Internet scans and “honeypots” — systems left vulnerable to attack so that defenders can study what attackers are doing to the devices and how.
David Watson, a longtime member and director of the Shadowserver Foundation Europe, says his group has been keeping a close eye on hundreds of unique variants of backdoors (a.k.a. “web shells”) that various cybercrime groups worldwide have been using to commandeer any unpatched Exchange servers. These backdoors give an attacker complete, remote control over the Exchange server (including any of the server’s emails).
On Mar. 26, Shadowserver saw an attempt to install a new type of backdoor in compromised Exchange Servers, and with each hacked host it installed the backdoor in the same place: “/owa/auth/babydraco.aspx.”
“The web shell path that was dropped was new to us,” said Watson said. “We have been testing 367 known web shell paths via scanning of Exchange servers.” More…
Cyber liability insurance, also known as cyber insurance, can cover your business for any financial or legal liability that results from a security-compromising cyber incident.
A new NTFS patch is coming to the Linux kernel that will bring much-needed relief to Linux system administrators everywhere. Linus Torvalds had something to say about it.
Original release date: September 16, 2021
The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have released a Joint Cybersecurity Advisory (CSA) detailing the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. The FBI, CISA, and CGCYBER assess that advanced persistent threat (APT) cyber actors are likely among those exploiting the vulnerability. The exploitation of this vulnerability poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software.
CISA strongly encourages users and administrators to review Joint FBI-CISA-CGCYBER CSA: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus and immediately implement the recommended mitigations, which include updating to ManageEngine ADSelfService Plus build 6114.
By using an alternative means of authentication, you can now go password-less on your Microsoft account.