Security Snacks is a weekly digest of the most notable InfoSec news.
Its purpose is to provide a one-stop source for getting a high-level view of the state of security and hacking.
This week’s security news are all about substantial hacking techniques you might want to know to protect yourself (or your company’s assets). It ranges from cutting-edge Web attacks published in 2020 to new impactful Nginx middleware misconfigurations, Accellion software targeted in ransomware attacks and VMware Remote Code Execution for which attackers are currently mass-scanning the Internet.
Notable Security News
Code-execution flaw in VMware has a severity rating of 9.8 out of 10
VMware vCenter Servers publicly accessible over port 443 are vulnerable to a critical Remote Code Execution vulnerability, CVE-2021-21972. Updating the software or at least installing the recommended mitigations is essential. Several exploits are already public and the risk level is similar to the infamous Citrix CVE-2019-19781 that was used in ransomware attacks against hospitals last year.
Nginx: Server misconfigurations found in the wild that expose websites to attacks
Detectify security researchers analyzed thousands of public Nginx configuration files and discovered middleware misconfigurations in Nginx that expose Web applications to attacks. Existing mitigations and tools do not provide sufficient protection, so anyone who uses Nginx middleware should be aware of this type misconfigurations.
H2C smuggling named top web hacking technique of 2020
PortSwigger published this awaited list of Top 10 web hacking techniques of 2020. It is voted by the community and includes the most innovative research that as released that year. The article is interesting to read to get a high-level view of the cutting-edge attacks used by Web hackers.
The perils of non-disclosure? China ‘cloned and used’ NSA zero-day exploit for years before it was made public
Remember the Shadow Brokers leak? In 2016, this mysterious group published a trove of 0-day exploits developed by the NSA’s Equation Group, including EternalBlue that was later used by the WannaCry ransomware. Well, according to Check Point one of these NSA exploits was stolen years before by Chinese APT31/Zirconium. They reportedly copied it and repurposed it in malware dubbed “Jian” to attack US targets.
Global Accellion data breaches linked to Clop ransomware gang
More details and victims of the Accellion attacks keep emerging. Accellion and Mandiant linked them to the Clop ransomware gang and the FIN11 threat group. As if to corroborate this, Airplane maker Bombardier had very sensitive data posted on a ransomware leak site. Cybersecurity authorities of five countries issued a joint warning including details of the vulnerabilities leveraged and mitigations.
Other Interesting News