Security Snacks #20 – How to get hacked with Nginx or VMWare vCenter & A look at 2020’s Top 10 Web hacking techniques

By Anna Hammond

February 26, 2021

Security Snacks is a weekly digest of the most notable InfoSec news.
Its purpose is to provide a one-stop source for getting a high-level view of the state of security and hacking.

Click here to subscribe

This week’s security news are all about substantial hacking techniques you might want to know to protect yourself (or your company’s assets). It ranges from cutting-edge Web attacks published in 2020 to new impactful Nginx middleware misconfigurations, Accellion software targeted in ransomware attacks and VMware Remote Code Execution for which attackers are currently mass-scanning the Internet.

Notable Security News

Code-execution flaw in VMware has a severity rating of 9.8 out of 10

VMware vCenter Servers publicly accessible over port 443 are vulnerable to a critical Remote Code Execution vulnerability, CVE-2021-21972. Updating the software or at least installing the recommended mitigations is essential. Several exploits are already public and the risk level is similar to the infamous Citrix CVE-2019-19781 that was used in ransomware attacks against hospitals last year.

Nginx: Server misconfigurations found in the wild that expose websites to attacks

Detectify security researchers analyzed thousands of public Nginx configuration files and discovered middleware misconfigurations in Nginx that expose Web applications to attacks. Existing mitigations and tools do not provide sufficient protection, so anyone who uses Nginx middleware should be aware of this type misconfigurations.

H2C smuggling named top web hacking technique of 2020

PortSwigger published this awaited list of Top 10 web hacking techniques of 2020. It is voted by the community and includes the most innovative research that as released that year. The article is interesting to read to get a high-level view of the cutting-edge attacks used by Web hackers.

The perils of non-disclosure? China ‘cloned and used’ NSA zero-day exploit for years before it was made public

Remember the Shadow Brokers leak? In 2016, this mysterious group published a trove of 0-day exploits developed by the NSA’s Equation Group, including EternalBlue that was later used by the WannaCry ransomware. Well, according to Check Point one of these NSA exploits was stolen years before by Chinese APT31/Zirconium. They reportedly copied it and repurposed it in malware dubbed “Jian” to attack US targets.

Global Accellion data breaches linked to Clop ransomware gang

More details and victims of the Accellion attacks keep emerging. Accellion and Mandiant linked them to the Clop ransomware gang and the FIN11 threat group. As if to corroborate this, Airplane maker Bombardier had very sensitive data posted on a ransomware leak site. Cybersecurity authorities of five countries issued a joint warning including details of the vulnerabilities leveraged and mitigations.

Other Interesting News






You may also like