HomePodcastCyber Security HeadlinesCyber Security Headlines – September 13, 2021

Cyber Security Headlines – September 13, 2021

Windows MSHTML zero-day exploits shared on hacking forums

This event will allow other hackers to start exploiting the new vulnerability in their own attacks. Last Tuesday, Microsoft disclosed this new zero-day vulnerability that allows threat actors to create malicious documents, including Office and RTF docs, to execute commands on a victim’s computer remotely. There are currently no security updates available for the vulnerability, which was discovered used in active attacks, but Microsoft decided to disclose the vulnerability and provide mitigations to help prevent its exploitation. These mitigations work by blocking ActiveX controls and Word/RTF document previews in Windows Explorer. However, researchers have been able to modify the exploit not to use ActiveX, effectively bypassing Microsoft’s mitigations.

(Bleeping Computer)

REvil ransomware operators targeting new victims

Last week we discussed mysterious stirrings within the REvil servers and now, according to Bleeping Computer, on September 9th, someone uploaded a new REvil ransomware sample to VirusTotal. The sample, which had been compiled on September 4 appears to be proof that the REVil gang has resumed their operations. They have also added Ohio Gratings Inc. to its list of the victims on their leak site. BleepingComputer also noticed that after the return of the group, a new public representative named ‘REvil’ had begun posting at cybercrime forums. This representative said that the gang had temporarily shut down its operations after its previous representative had been likely arrested and its servers had been compromised.

(Security Affairs)

Yandex pummeled by Meris DDoS botnet

Technical details tied to a record-breaking distributed-denial-of-service attack against Yandex, Russia’s version of Google, are now surfacing. A massive botnet, dubbed Mēris, is believed responsible, flooding Yandex with millions of HTTP requests for webpages at the same time. This DDoS pipelining technique reportedly originated from networking gear made by MikroTik. Attackers, according to Qrator Labs, exploited a 2018 bug unpatched in more than 56,000 MikroTik hosts that were involved in the DDoS attack. Experts believe this to be a highly sophisticated attack using a botnet consisting of ethernet connected network devices.


Hackers steal data from United Nations

Bloomberg reports that the unidentified people behind the theft appear to have gained access simply by using login credentials stolen from a UN employee. Entry was gained by logging in to the employee’s Umoja account. Umoja is the ERP system implemented by the UN in 2015. It has been theorized that the username and password used in the cyber-attack were purchased from a website on the dark web. Researchers found that the UN’s systems were first accessed by hackers on April 5, 2021, and that network intrusions continued to take place until August 7. 

(InfoSecurity Magazine)

Thanks to our episode sponsor, Sonrai

Sonrai is changing Public Cloud Security by focusing on protecting data from over-privileged human and non-human identities. Sonrai provides a single pane of glass built on an analytic platform that protects organizations by leveraging CSPM, CIEM, and cloud DLP at the confidence level required by your environment. Learn more about Sonrai Cloud Security at www.sonrai.com

WhatsApp to offer end-to-end encrypted backups in iCloud, Google Drive with user-managed keys

The move makes encryption-enforced message privacy more viable for consumer-oriented messaging services. According to Mark Zuckerberg on his blog, WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems.” WhatsApp, which boasts two billion users who send over 100 billion messages a day, has beaten Apple to market, if speculation about its intention to offer encrypted iCloud backups proves true.

(The Register)

LA cops told to harvest social media handles from people they stop, suspect or not

This from the Brennan Center for Justice, a non-profit institute at New York University, which last year submitted a request under the California Public Records Act for information on LAPD’s use of social media to monitor people and groups. For years, officers have been told to collect social media usernames, email addresses, and profile page URLs, and even social security numbers. In the summary of their findings, the researchers say the LAPD is also set to use a product called Media Sonar, “which can build detailed profiles on individuals and identify links between them.” A spokesperson for the LAPD was not available to comment.

(The Register)

91% of IT teams have felt ‘forced’ to trade security for business operations

According to a study released on Thursday by HP Wolf Security, the teams felt pressured to compromise security due to the need for business continuity during the pandemic, especially in regard to employees who work from home. 76% of respondents said that security had taken a backseat, and furthermore, 83% believe that working from home has created a “ticking time bomb” for corporate security incidents. It also appears there are general feelings of apathy and frustration when it comes to managing cybersecurity in a remote workplace, and that younger workers in particular are more likely to circumvent existing security controls in order to manage their workloads, with 48% of this group saying that security tools, such as website restrictions or VPN requirements, are a hindrance — and 31% have at least attempted to bypass them.


Study of Microsoft employees shows that remote work puts productivity and innovation at risk

That’s one of the key findings in a peer-reviewed study of more than 61,000 Microsoft employees, published Thursday morning by Microsoft researchers in the journal Nature Human Behavior. It coincides with Microsoft’s announcement that employees won’t be returning to the office Oct. 4 as previously expected. But the researchers call it a warning sign for other companies, as well. The Microsoft study says remote work has also changed the way employees communicate, causing them to rely more frequently than before on asynchronous communication, such as email and instant messages, and less frequently than before on synchronous communication, such as audio and video calls. “We believe that the shift to less ‘rich’ communication media may have made it more difficult for workers to convey and process complex information,” the Microsoft researchers write.



Most Popular