Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Sever HAck. Show all posts

Top Cybersecurity News Stories of the Week

 

Data breaches have been a worry ever since Elon Musk invested $44 billion in Twitter and fired a sizable portion of the workforce. Now it appears that a security incident from before Musk's takeover is giving people trouble. This month, information about the release by hackers of a database containing 200 million email addresses and links to Twitter handles that was most likely gathered between June 2021 and January 2022. The sale of the data could put anonymous Twitter accounts at risk and subject the company to more regulatory scrutiny. 

With the launch of a new anti-censorship tool, WhatsApp hopes to assist Iranians in getting around restrictions placed on the messaging app by their government. The business has made it possible for users to access WhatsApp through proxies and get around government censorship. The tool is offered everywhere.

Another cybersecurity company this month disclosed that it had observed the Russian cyberespionage group Turla using cutting-edge new hacking techniques in Ukraine. The group, which is thought to be affiliated with the FSB intelligence agency, was observed riding other hacker groups' dormant USB infections. The command-and-control servers of outdated malware were taken over by Turla after they registered their expired domains. But that’s not all. 

Here is the latest security news that you may have missed. 

Slack suffers a new year data breach 

Slack published a fresh security update to its blog on December 31 as millions of people were getting ready for the start of 2023. The organisation claims in the post that it discovered a "security issue involving unauthorised access to a subset of Slack's code repositories." It discovered that an unidentified threat actor had started stealing Slack employee tokens on December 27 and using them to access the company's external GitHub repository and download some of its code. Slack's disclosure states that the hacker did not access customer data and that there is no need for action on the part of users. "When we were made aware of the incident, we immediately invalidated the stolen tokens and started investigating the potential impact to our customers," it adds. 

According to cybersecurity journalist Catalin Cimpanu, the incident is similar to a security incident that occurred on December 21 and was disclosed by the authentication company Okta. Okta disclosed that its code repositories had been accessed and copied just before Christmas. The incident was quickly found and reported by Slack. Slack's security disclosure didn't appear on its regular news blog, as noted by Bleeping Computer.

Additionally, the company added code to prevent search engines from including it in their results in some regions of the world. After a bug exposed hashed passwords for five years in August 2022, Slack compelled password resets. 

Police Face Recognition Used Once More to Arrest the Wrong Man 

A Black man in Georgia was imprisoned for nearly a week after police allegedly used a face recognition match that wasn't accurate. In a theft case they were looking into, Louisiana police used technology to obtain an arrest warrant for Randal Reid. "I've never spent a day in Louisiana in my life. I was then informed that it was for theft. Reid told the local news outlet Nola, "I don't steal, so I haven't been to Louisiana either.

A detective "took the algorithm at face value to secure a warrant," according to the publication, and little is known about how Louisiana police use face recognition technology. None of the systems' names have been made public. But this is merely the most recent instance of face recognition technology being misused to make erroneous arrests. While the use of face recognition technology by the police has rapidly expanded across US states, studies have repeatedly shown that it more frequently misidentifies women and people of colour than white men.

User ID mandatory for pornographic websites in Louisiana 

A recent Louisiana law requires pornographic websites to confirm the ages of users from the state to confirm they are older than 18. A website must use age verification, according to the law, if there is 33.3 percent or more pornographic content there. The largest pornographic website in the world, PornHub, now offers users the chance to link their government-issued ID, such as a driver's licence, through a third-party service to demonstrate that they are of legal age. Although PornHub claims that it does not gather user data, the move has sparked concerns about surveillance. 

Countries all over the world are passing laws requiring visitors to porn sites to show they are old enough to view the explicit content. If the measures are not implemented, lawmakers in France and Germany have threatened to block pornographic websites. Because age verification systems were lacking, Twitter began to censor German producers of adult content in February 2022. Similar age-checking initiatives were attempted in the UK between 2017 and 2019, but failed due to admins' confusion, design flaws, and concerns over data breaches.

Russian spies expelled from Europe 

By its very nature, the world of spies is shrouded in secrecy. Nations send agents into other nations to collect intelligence, find other resources, and sway events. However, sometimes these spies are discovered. More Russian spies in Europe have been found and expelled from countries since Russia's full-scale invasion of Ukraine in February 2022. Since 2018, known instances of Russian spies operating in Europe have been compiled in a new database from open-source researcher @inteltakes. The database includes information on 41 exposed spies, including their nationality, occupation, and the service they were recruited by, whenever available.

Cyber Assaults via Microsoft SQL Server Surged by 56 percent in 2022

 

Threat analysts at Kaspersky have identified a surge in the number of assaults that employ Microsoft SQL Server processes to attempt to access company infrastructure. 

Earlier this year in September, more than 3,000 SQL servers, which are employed by organizations and small and medium-sized enterprises across the globe to manage databases, were impacted, which is a surge of 56 percent compared to the same period last year, as per the latest findings from Kaspersky’s Managed Detection and Response Report. 

According to Sergey Soldatov, Head of Security Operations Center at Kaspersky, the number gradually increased during the last year, and in April 2022, the number exceeded 3,000, only to see a slight decrease in July and August. 

“Despite the popularity of Microsoft SQL Server, companies do not pay enough attention to protecting against software-related threats. Attacks using malicious processes on SQL Server have been known for a long time, but perpetrators continue to use them to gain access to company infrastructure,” stated Sergey Soldatov. 

There had been a number recent incidents where Microsoft SQL Servers has been exploited by actors. In April, hackers were identified deploying Cobalt Strike beacons on such devices. News of attacks against MS-SQL has also popped up in May, June, as well as October, this year. 

Normally hackers search the internet for endpoints with an open TCP port 1433, and then conduct brute-force attacks against them, until they guess the password. 

Mitigation tips 

To protect against enterprise-targeted threats, cybersecurity experts recommend the following measures: 

• Always update the software on all the devices you use to prevent attackers from infiltrating your network using vulnerabilities. Install updates for new vulnerabilities immediately, because after that they can no longer be abused. 

• Employ latest information about threats to keep up to date with the tactics, techniques and practices utilized by hackers. 

• Implement an authentic endpoint security solution such as Kaspersky Endpoint Security for organizations which represents effective protection against known and unknown threats. 

• Dedicated services can help combat high-profile attacks. Service Kaspersky Managed Detection and Response can help identify and stop intrusions in the early stages, before the cybercriminals achieve their aims.

Large-Scale Malware Campaign Targets Elastix VoIP Systems

 

Threat analysts at Palo Alto Networks' Unit 42 have unearthed a massive campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples between December 2021 and March 2022. 

Elastix is a unified communications server software, based on projects such as Digium’s Asterisk, FreePBX, and more. 

The hackers' goal was to inject a PHP web shell that could run arbitrary commands on the compromised communications server and exploit a remote code execution (RCE) vulnerability tracked as CVE-2021-45461, with a critical severity rating of 9.8 out of 10. 

The campaign is still active and shares multiple similarities to another operation in 2020 that was reported by researchers at cybersecurity firm Check Point. 

According to the researchers, enterprise servers are sometimes a higher-value target than computers, laptops, or other firm endpoints. Servers are usually more powerful devices and could be exploited, for example, as part of a potent botnet generating thousands of requests per second. 

In this campaign, the researchers spotted two separate attack groups employing initial exploitation scripts to drop a small-size shell script. The script installs an obfuscated PHP backdoor on the web server, manufactures multiple root user accounts, and sets a scheduled task to ensure recurring re-infection of the system. 

"This dropper also tries to blend into the existing environment by spoofing the timestamp of the installed PHP backdoor file to that of a known file already on the system," security researchers explained. 

The IP addresses of the hackers are in the Netherlands, but DNS data points to Russian adult sites. The payload delivery infrastructure is only partially active, at the moment. 

The PHP web shell – which is injected with a random junk string to bypass signature-based defenses –consists of several layers of Base64 encoding and is guarded by a hardcoded “MD5 authentication hash” mapped to the victim’s IP address. 

The web shell also accepts an admin parameter and supports arbitrary commands, along with a series of built-in default commands for file reading, directory listing, and reconnaissance of the Asterisk open-source PBX platform. 

“The strategy of implanting web shells in vulnerable servers is not a new tactic for malicious actors. The only way to catch advanced intrusions is through a defense-in-depth strategy. Only by orchestrating multiple security appliances and applications in a single pane can defenders detect these attacks,” Palo Alto Networks concludes.