A quick Saturday digest of cybersecurity news articles from other sources.
New online service will hack printers to spew out spam
This attack is happening to one of my clients.
After a Twitter user hacked over 50,000 printers last week to promote PewDiePie’s YouTube channel as part of a guerilla marketing campaign, a new service has spawned over the weekend advertising the same type of functionality, but for everyone.
Going under the generic term of “Printer Advertising,” this new service claims it can hack printers all over the world to print out messages on demand, similar to the PewDiePie promo hack that took place over the weekend.
“We have the ability to reach every single printer in the world,” claims a website launched on Sunday. “Reservations are limited.” More…
Microsoft warns of attacks targeting Office documents
Affecting Windows desktops and servers, the attacks exploit an MSHTML vulnerability by using specially crafted Microsoft Office documents.
Apple releases emergency patch to protect all devices against Pegasus spyware
Designed to combat zero-day flaws exploited in Apple’s operating systems, the patch applies to the iPhone, iPad, Apple Watch and Mac.
No, I Did Not Hack Your MS Exchange Server
The Shadowserver Foundation, a nonprofit that helps network owners identify and fix security threats, says it has found 21,248 different Exchange servers which appear to be compromised by a backdoor and communicating with brian[.]krebsonsecurity[.]top (NOT a safe domain, hence the hobbling).
Shadowserver has been tracking wave after wave of attacks targeting flaws in Exchange that Microsoft addressed earlier this month in an emergency patch release. The group looks for attacks on Exchange systems using a combination of active Internet scans and “honeypots” — systems left vulnerable to attack so that defenders can study what attackers are doing to the devices and how.
David Watson, a longtime member and director of the Shadowserver Foundation Europe, says his group has been keeping a close eye on hundreds of unique variants of backdoors (a.k.a. “web shells”) that various cybercrime groups worldwide have been using to commandeer any unpatched Exchange servers. These backdoors give an attacker complete, remote control over the Exchange server (including any of the server’s emails).
On Mar. 26, Shadowserver saw an attempt to install a new type of backdoor in compromised Exchange Servers, and with each hacked host it installed the backdoor in the same place: “/owa/auth/babydraco.aspx.”
“The web shell path that was dropped was new to us,” said Watson said. “We have been testing 367 known web shell paths via scanning of Exchange servers.” More…
What is cyber insurance and does your small business need it? (Infographic)
Cyber liability insurance, also known as cyber insurance, can cover your business for any financial or legal liability that results from a security-compromising cyber incident.
Linux kernel 5.15: NTFS support gets a significant boost
A new NTFS patch is coming to the Linux kernel that will bring much-needed relief to Linux system administrators everywhere. Linus Torvalds had something to say about it.
FBI-CISA-CGCYBER Advisory on APT Exploitation of ManageEngine ADSelfService Plus Vulnerability
Original release date: September 16, 2021
The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have released a Joint Cybersecurity Advisory (CSA) detailing the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. The FBI, CISA, and CGCYBER assess that advanced persistent threat (APT) cyber actors are likely among those exploiting the vulnerability. The exploitation of this vulnerability poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software.
CISA strongly encourages users and administrators to review Joint FBI-CISA-CGCYBER CSA: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus and immediately implement the recommended mitigations, which include updating to ManageEngine ADSelfService Plus build 6114.
You can now eliminate the password for your Microsoft account
By using an alternative means of authentication, you can now go password-less on your Microsoft account.
Share
SEP
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com