Russian regex, John McAfee, Verkada Hack, & Microsoft Exchange – PSW #686
Microsoft Exchange had some vulnerabilities, how could you not hear about them?, Russians try to throttle Twitter, silicon valley security camera company has been breached and we get to see what it looks like as they make Teslas in China, Did I mention that there was an Exchange hack?, free tool release to help secure the supply chain (but not Russians with bags of cash), the best practices aren't always the best, advanced Linux malware and how not to encrypt C2 and hide files, and network-based multi-domain macro-segmentation situational awareness for compliance, & more!
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!
Hosts
- 1. Researcher Publishes Code to Exploit Microsoft Exchange Vulnerabilities on Github
- 2. Russian attempt to throttle Twitter appears to backfire
- 3. Multiple Attack Groups Exploited Microsoft Exchange Flaws Prior to the Patches
- 4. Git clone vulnerability announced – The GitHub Blog
- 5. Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals
- 6. Bitflips when PCs try to reach windows.com: What could possibly go wrong?
- 1. F5 urges customers to patch critical BIG-IP pre-auth RCE bugF5 Networks released patches for four critical remote code execution flaws affecting most BIG-IQ and BIG-IP software versions. CVE-2021-22986 allows unauthenticated remote attackers to execute arbitrary commands on compromised BIG-IP devices. The other vulnerabilities, CVE-2021-22987, CVE-2021-22991, and CVE-2021-22992, are also listed as Critical and allow authenticated remote attackers to execute arbitrary system commands.
- 2. Email Hackers Defraud TM Supermarkets Of $22 Million In BEC ScamHackers have reportedly defrauded Zimbabwe's TM Supermarkets out of some $22 million in what appears to be a business email compromise (BEC) scam in which unidentified hackers emailed instructions to the supermarkets' bank (Steward Bank) requesting that it transfer funds to four attacker-controlled accounts.
- 3. Tesla Shanghai factory among sites exposed in huge security camera hackAn international hacker collective says it breached a massive amount of security camera data collected by San Mateo, Calif.-based start-up Verkada and accessed live camera feeds live feeds from 150,000 surveillance cameras located inside hospitals, prisons, schools, police departments, and companies, including Tesla Inc.
- 4. iPhone, iPad and Mac security: Apple releases fixes for bug that could allow code execution via malicious web contentAs part of its macOS Big Sur 11.2.3, iOS 14.4.1, and iPadOS 14.4.1 security fixes, Apple has addressed a memory-related vulnerability (CVE-2021-1844) affecting its WebKit browser engine used by Safari on iPhones and MacBooks that could lead to arbitrary code execution if victims visit a website hosting malicious code.
- 5. 9 Android Apps On Google Play Caught Distributing AlienBot Banker and MRAT MalwareCybersecurity researchers have discovered a new malware dropper contained in as many as 9 Android apps distributed via Google Play Store. This dropper, dubbed Clast82, utilizes a series of techniques to avoid detection by Google Play Protect detection, completes the evaluation period successfully, and changes the payload dropped from a non-malicious payload to the AlienBot Banker and MRAT.
- 6. Google, Linux Foundation, Red Hat release free tool to secure software supply chainsSigstore tool will provide the infrastructure for developers to cryptographically sign software releases, container images, or binaries and then save signing proof in public and auditable logs. Google described the new project as “Let’s Encrypt for Code Signing.” The Linux Foundation, which is formally hosting and shepherding the project, said Sigstore was created to address the problem of software supply chain security.
- 7. A Basic Timeline of the Exchange Mass-Hack — Krebs on SecurityTimeline of what happened when and why we're in a fix-it-now rather than patch Tuesday cycle.
- 8. Microsoft’s MSERT tool now finds web shells from Exchange Server attacksMicrosoft has pushed out a new update for their Microsoft Safety Scanner (MSERT) tool to detect web shells deployed in the recent Exchange Server attacks. Tool scans and removes (by default) discovered web shells.
- 9. Everything you need to know about the Microsoft Exchange Server hackWhat happened, vulnerabilities explained, mitigation/patch options. Scope of attack.
- 10. Microsoft Exchange Server Vulnerabilities Mitigations – March 2021 – Microsoft Security Response CenterMitigation to the vulnerabilities. These require service disablement and can be intrusive. PS you still need to patch.
- 11. Unpatched QNAP devices are being hacked to mine cryptocurrencyUnpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware. Update firmware/software, review accounts, review installed software, add the QNAP MalwareRemoval app.
- 12. Idaho Man Charged With Hacking Into Computers in GeorgiaAn Idaho man faces federal charges after authorities say he hacked into the computers of a Georgia city and Atlanta area medical clinics. He purchased credentials for the targeted systems online.
- 13. Docker Hub and Bitbucket Resources Hijacked for Crypto-MiningAqua Security observed that attackers created 92 malicious Docker Hub registries and 92 Bitbucket repositories in just four days, indicating a resurgent crypto-mining campaign in which attackers are using those resources to infect targeted systems with the "Monero" cryptominer and mine for cryptocurrency.
- 14. About 580,000 SIA KrisFlyer and PPS members affected by external data leakSingapore Airlines (SIA) has disclosed it suffered a data breach after third-party information technology firm Sita's passenger service system servers were compromised and leaked some 580,000 SIA KrisFlyer and POS programmes members' personally identifiable information (PII). The connection is via Star Alliance Data which allowed Sitka to access data from all other airlines.