12 January 2023

HACKER HELLAPALOOZA!

 

www.bleepingcomputer.com

CISA orders agencies to patch Exchange bug abused by ransomware gang

Sergiu Gatlan
7 - 8 minutes

CISA

"The Cybersecurity and Infrastructure Security Agency (CISA) has added two more security vulnerabilities to its catalog of exploited bugs today.

The first is a Microsoft Exchange elevation of privileges bug tracked as CVE-2022-41080 that can be chained with the CVE-2022-41082 ProxyNotShell bug to gain remote code execution.

✓ Texas-based cloud computing provider Rackspace confirmed one week ago that the Play ransomware gang exploited it as a zero-day to bypass Microsoft's ProxyNotShell URL rewrite mitigations and escalate permissions on compromised Exchange servers.

 The exploit used in the attack, dubbed OWASSRF by CrowdStrike security researchers who spotted it, was also shared online with some of Play ransomware's other malicious tools.

This will likely make it easier for other cybercriminals to create their own custom exploits or adapt Play ransomware's tool for their own purposes, adding to the urgency of updating the vulnerability as soon as possible.


Organizations with on-premises Microsoft Exchange servers are advised to deploy the latest Exchange security updates immediately (with November 2022 being the minimum patch level) or disable Outlook Web Access (OWA) until they can apply CVE-2022-41080 patches.

✓✓ The second vulnerability CISA added to its Known Exploited Vulnerabilities (KEV) catalog is a privilege escalation zero-day (CVE-2023-21674) in the Windows Advanced Local Procedure Call (ALPC), tagged as being exploited in attacks and patched by Microsoft during this month's Patch Tuesday.

Federal agencies have to patch until the end of January

A BOD 22-01 binding operational directive issued by CISA in November 2021 requires all Federal Civilian Executive Branch Agencies (FCEB) agencies to secure their networks against bugs added to the KEV catalog.

Today, CISA gave FCEB agencies three weeks, until January 31st, to address the two security flaws and block potential attacks targeting their systems.

While this directive only applies to U.S. federal agencies, CISA also strongly urged all organizations to fix these vulnerabilities to thwart exploitation attempts.

"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA warned today.

Since the BOD 22-01 directive was issued, CISA added more than 800 security flaws to its list of bugs exploited in the wild, requiring federal agencies to address them on a tighter schedule to prevent potential security breaches."

 

  • CISA orders agencies to patch Exchange bug abused by ransomware gang

    The Cybersecurity and Infrastructure Security Agency (CISA) has added two more security vulnerabilities to its catalog of exploited bugs today.

  •  

  • Royal Mail halts international services after cyberattack

    The Royal Mail, UK's leading mail delivery service, has stopped its international shipping services due to "severe service disruption" caused by what it described as a "cyber incident."

  •  

  • Scattered Spider hackers use old Intel driver to bypass security

    A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a BYOVD (Bring Your Own Vulnerable Driver) attack to evade detection from EDR (Endpoint Detection and Response) security products.

  • Twitter claims leaked data of 200M users not stolen from its systems

    Twitter finally addressed reports that a dataset of email addresses linked to hundreds of millions of Twitter users was leaked and put up for sale online, saying that it found no evidence the data was obtained by exploiting a vulnerability in its systems. 

  • Get 400 hours of cybersecurity training for just $79 in this deal

    There are over 400 hours of training in this cybersecurity course and you can get access to it all for $79, a savings of hundreds off the total MSRP.

    • BleepingComputer Deals
    • January 11, 2023
    • 02:11 PM
    • Comment Count 0
  • Threema claims encryption flaws never had a real-world impact

    A team of researchers from ETH Zurich has published a paper describing multiple security flaws in Threema, a secure end-to-end encrypted communications app.

  • Cisco warns of auth bypass bug with public exploit in EoL routers

    Cisco warned customers today of a critical authentication bypass vulnerability with public exploit code affecting multiple end-of-life (EoL) VPN routers.

  • Gootkit malware abuses VLC to infect healthcare orgs with Cobalt Strike

    The Gootkit loader malware operators are running a new SEO poisoning campaign that abuses VLC Media Player to infect Australian healthcare entities with Cobalt Strike beacons.

  •  

  • New Dark Pink APT group targets govt and military with custom malware


    Attacks targeting government agencies and military bodies in multiple countries in the APAC region have been attributed to what appears to be a new advanced threat actor that leverages custom malware to steal confidential information.

  • CISA orders agencies to patch Exchange bug abused by ransomware gang

    The Cybersecurity and Infrastructure Security Agency (CISA) has added two more security vulnerabilities to its catalog of exploited bugs today.

  • Over 1,300 fake AnyDesk sites push Vidar info-stealing malware

    A massive campaign using over 1,300 domains to impersonate the official AnyDesk site is underway, all redirecting to a Dropbox folder recently pushing the Vidar information-stealing malware.

  • Lorenz ransomware gang plants backdoors to use months later

    Security researchers are warning that patching critical vulnerabilities allowing access to the network is insufficient to defend against ransomware attacks.

  • Microsoft fixes ODBC connections broken by November updates

    Microsoft has fixed a known issue affecting Windows apps using ODBC database connections after installing the November 2022 Patch Tuesday updates.

  • Trojan Puzzle attack trains AI assistants into suggesting malicious code


    Researchers at the universities of California, Virginia, and Microsoft have devised a new poisoning attack that could trick AI-based coding assistants into suggesting dangerous code.

  • Windows 11 KB5022303 and KB5022287 cumulative updates released

    Microsoft has released the Windows 11 KB5022303 and KB5022287 cumulative updates for versions 22H2 and 21H2 to fix security vulnerabilities and resolve bugs and performance issues.

  • Windows 10 KB5022282 and KB5022286 updates released

    Microsoft has published the Windows 10 KB5022282 and KB5022286 cumulative updates for versions 22H2, version 21H2, version 21H1, and 1809 to fix security vulnerabilities and resolve known bugs.

  • Microsoft fixes issue causing 0xc000021a blue screen crashes

    Microsoft has addressed a known issue causing Blue Screen of Death (BSOD) crashes with 0xc000021a errors after installing the Windows 10 KB5021233 cumulative update released during the December Patch Tuesday.

  • Prepare for cybersecurity certifications with this course bundle deal

    If you want to enter the cybersecurity profession, then it might be time to start studying. Get the Ultimate Advanced CyberSecurity Professional Certification Bundle while it's on sale for $69.

    • BleepingComputer Deals
    • January 10, 2023
    • 02:08 PM
    • Comment Count 0
  • Microsoft January 2023 Patch Tuesday fixes 98 flaws, 1 zero-day

    ​Today is Microsoft's January 2023 Patch Tuesday, and with it comes fixes for an actively exploited zero-day vulnerability and a total of 98 flaws.

  • READ MORE

    No comments: