Sys & Infrast Lifecycle Mngt 1

On march 30, 2022, SentineOne  announced their findings about Microsoft Azure Defense for IoT including a detail of a handful of bugs and two critical remote code execution vulnerabilities. Furthermore, they also pointed out that these security flaw would take six months to address and it meant that these ones could have been exploited by an unauthenticated attacker to compromise and would take over critical infrastructure networks. The two of the critical bugs in Defender for IoT are: CVE-2021-42311 and CVE-2021-42313. These bugs are SQL injection vulnerabilities and received 10/10 score in term of severity. Attackers could exploit these bugs without any authentication . Below is the link to get more info about these bugs.

https://www.theregister.com/2022/03/30/sentinelone_microsoft_azure_iot/

 

 

Ukraine Suffers Significant Internet Disruption Following Cyber-Attack

A major cyber attack on Ukraine’s national telecommunications provider has led to the “worst” disruption of Internet connectivity in the region since the conflict with Russia. Netblocks, a global Internet monitor, reported that the attack was the “worst” disruption to Ukraine’s Internet service since the Russian invasion began in late February, with connectivity dropping to 13 percent of prewar levels. In a series of tweets, it wrote: “Ukraine’s state Internet provider Ukrtelecom has confirmed a cyber attack on its core infrastructure. Real-time network data shows that service disruptions are continuing and intensifying nationwide, the worst since the Russian invasion.”

https://www.infosecurity-magazine.com/news/ukraine-internet-disruption-cyber/

 

 

Dan Xu

The Finnish Department of Defense ministries and Foreign Affair ministry websites were hit by a DDoS cyber-attack.  No word on who the attacker(s) may be, but due to the timing of the situation, it is assumed that Russian hackers are behind these attacks alongside Ukraine-Russian war.  After an investigation took place, the Finnish government stated that both websites are back in operation due to taking measures to limit attacks from website protection after being offline briefly.

https://www.infosecurity-magazine.com/news/finland-government-sites-offline/

Christopher Clayton

VMware has issued a warning to immediately patch critical vulnerabilities for multiple products that hackers could use to launch remote code execution attacks.  Out of 8 bugs, 5 were rated “critical” for security flaws.  Successful exploitation of these weaknesses could result in malicious increase in privileges to root user, have access to hostnames of target systems, and successfully allow full takeover.  VMware offers other options for those who cannot patch their applications, but it is still highly recommended to utilize patches in order to remove vulnerabilities.

https://www.bleepingcomputer.com/news/security/vmware-warns-of-critical-vulnerabilities-in-multiple-products/

Christopher Clayton

With public Wi-Fi becoming more and more standard in today’s society, providing public Wi-Fi is a premium service for your customers. According to recent statistics, there are about 410,000 public Wi-Fi hotspots in the United States alone, located in public places such as parks, libraries, public transportation, train stations, etc. Public Wi-Fi has become an integral part of modern life.

While public Wi-Fi has to offer many benefits, when users use public Wi-Fi, it means that users may be vulnerable to many cyber threats, such as malware, viruses, hacking, and other forms of intrusion. It also provides opportunities for cybercriminals to commit virtual crimes and harm internet users. However, having a solid DNS filtering service can stop cyber threats like malware, ransomware, phishing, and botnets before they reach network devices. Also, DNS can filter out unwanted content such as pornographic material, violence, and drug-related content.

 

Link: https://thehackernews.com/2022/01/dont-use-public-wi-fi-without-dns.html

Yangyuan Lin

Players can get “Smooth Love Potion” (SLPs) from the online game Axie Infinity by using the colorful Blob-like Axies battle. SLPs can be exchanged for cryptocurrencies, cash, or invested back into the virtual world of the game. Players using this game must purchase at least three Axies (NFTs). Hackers gained 173,600 ether and $25.5 million worth of stablecoin through the attack on the blockchain, which is worth over $600 million based on prices Tuesday. According to the investigation, hackers got private “keys” to extract digital funds,. This case became one of the biggest thefts in the cryptocurrency world.

Link: https://www.securityweek.com/hackers-steal-over-600m-major-crypto-heist

Yangyaun Lin

New malware targets serverless AWS Lambda with cryptominers (bleepingcomputer.com)

“Security researchers have discovered the first malware specifically developed to target Amazon Web Services (AWS) Lambda cloud environments with cryptominers. AWS Lambda is a serverless computing platform for running code from hundreds of AWS services and software as a service (SaaS) apps without managing servers.” The malware is designed to deploy a custom XMRig cryptominer to mine for Monero cryptocurrency. So far, there has been no other malicious intent behind these attacks other than to mine for cryptocurrencies. These attacks seem to be related to be based on a previous attack that utilizes stolen or leaked AWS Access and Secret keys to deploy the cryptominer.

Kenneth Saltisky

Malicious web redirect service infects 16,500 sites to push malware (bleepingcomputer.com)

“A new traffic direction system (TDS) called Parrot is relying on servers that host 16,500 websites of universities, local governments, adult content platforms, and personal blogs”. Parrot is a TDS designed for malicious campaigns targetting a specific profile of users (location, OS, browser). This redirects users to malicious websites. TDS is also used legitimately by advertisers and marketers, but they have been prone to malicious usage. This specific campaign is called FakeUpdate, which tricks users into clicking on a fake browser update and downloads remote access trojans to a target’s PC. The malware is NetSupport Client run on silent mode, which gives full access to a target PC without a target being aware.

Kenneth Saltisky

Cyber incidents that happen within US critical infrastructure companies are now to be reported within 72 hours to the CISA as our President signed into law. As the article mentions, covered entities will also be obligated to report any ransomware payments to CISA within 24 hours under the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The new reporting requirements apply to organizations that fall within the 16 U.S. critical infrastructure sectors such as chemical, communications, energy, financial services, healthcare sectors, etc. This includes relevant vulnerabilities, efforts taken to mitigate the attack, categories of data believed to have been accessed or acquired person and any actor reasonable believed to be responsible for the incident. Covered companies that do not report cybersecurity or ransomware payments during that period, will be issued with a subpoena by the CISA.

Resource:
https://www.infosecurity-magazine.com/news/us-cyber-incident-reporting/

 

By: Victoria Zak