Security Snacks is a weekly digest of the most notable InfoSec news.
Its purpose is to provide a one-stop source for getting a high-level view of the state of security and hacking.
This week’s security news are all about substantial hacking techniques you might want to know to protect yourself (or your company’s assets). It ranges from cutting-edge Web attacks published in 2020 to new impactful Nginx middleware misconfigurations, Accellion software targeted in ransomware attacks and VMware Remote Code Execution for which attackers are currently mass-scanning the Internet.
Notable Security News
VMware vCenter Servers publicly accessible over port 443 are vulnerable to a critical Remote Code Execution vulnerability, CVE-2021-21972. Updating the software or at least installing the recommended mitigations is essential. Several exploits are already public and the risk level is similar to the infamous Citrix CVE-2019-19781 that was used in ransomware attacks against hospitals last year.
Detectify security researchers analyzed thousands of public Nginx configuration files and discovered middleware misconfigurations in Nginx that expose Web applications to attacks. Existing mitigations and tools do not provide sufficient protection, so anyone who uses Nginx middleware should be aware of this type misconfigurations.
PortSwigger published this awaited list of Top 10 web hacking techniques of 2020. It is voted by the community and includes the most innovative research that as released that year. The article is interesting to read to get a high-level view of the cutting-edge attacks used by Web hackers.
Remember the Shadow Brokers leak? In 2016, this mysterious group published a trove of 0-day exploits developed by the NSA’s Equation Group, including EternalBlue that was later used by the WannaCry ransomware. Well, according to Check Point one of these NSA exploits was stolen years before by Chinese APT31/Zirconium. They reportedly copied it and repurposed it in malware dubbed “Jian” to attack US targets.
More details and victims of the Accellion attacks keep emerging. Accellion and Mandiant linked them to the Clop ransomware gang and the FIN11 threat group. As if to corroborate this, Airplane maker Bombardier had very sensitive data posted on a ransomware leak site. Cybersecurity authorities of five countries issued a joint warning including details of the vulnerabilities leveraged and mitigations.
Other Interesting News
- New malware found on 30,000 Macs has security pros stumped
- This botnet is abusing Bitcoin blockchains to stay in the shadows
- Flash version distributed in China after EOL is installing adware
- Google Alerts used to launch fake Adobe Flash Player updater
- Brave browser’s Tor feature found to leak .onion queries to ISPs
- ServiceNow admin credentials among hundreds of passwords exposed in cloud security blunder
- Powerhouse VPN products can be abused for large-scale DDoS attacks
- Alexa, swap out this code that Amazon approved for malware… Installed Skills can double-cross their users
- Python Software Rushes to Tackle RCE Vulnerability
- Clubhouse suffers breach as outside developer pulls audio to website
- They break into your network but do nothing themselves: ‘Initial access brokers’ resell stolen creds for $7k a pop
- IBM X-Force Threat Intelligence Index2021
- Say my CNAME: Rise of sneaky adtech tactic poses threat to web security and privacy
- Apple Is Going to Make It Harder to Hack iPhones With Zero-Click Attacks
- More private browsing? Firefox gets tougher on cookie tracking with new ‘total’ protection
- Nvidia announces official “anti-cryptomining” software drivers
- Cybersecurity conferences 2021: A schedule of virtual, and potentially in-person or ‘hybrid’, events
- Microsoft shares CodeQL queries to scan code for SolarWinds-like implants
- Google funds two Linux Foundation security roles