Security researchers from Red Canary discovered potential hacker group Blue Mockingbirddeploying Monero cryptocurrency-mining payloads deployed on the Internet-facing Windows machines at multiple organizations.
The group found to be active since December 2019 and they use several techniques to bypass security technologies.
Blue Mockingbird Campaign
To gain initial access attackers exploit public-facing web applications those specifically using Telerik UI for ASP.NET AJAX.
Telerik UI is a suite of user interface components that helps in the web development process, 2019.3.1023 version affected with deserialization vulnerability(CVE-2019-18935).
This vulnerability found to be exploited by Blue Mockingbird to gain initial access to the system and to escalate privileges they use the JuicyPotato technique.
Once they gain full access to the system they deploy a popular version of Monero-mining tool XMRIG packaged as a DLL.
To maintain persistence the hacker group uses a novel “COR_PROFILER COM hijack to execute a malicious DLL and restore items removed by defenders.”
As the COR_PROFILER method was configured every process that loads the Microsoft .NET Common Language Runtime would establish persistence.
In some cases, the actor even created a new service to perform the same actions as the COR_PROFILER payload, reads Red Canary blog post.
By using the JuicyPotato exploit the hacker group escalates privileges from an IIS Application Pool Identity virtual account to the NT AuthoritySYSTEM account.
Blue Mockingbird uses these techniques to move laterally and distribute mining payloads across the enterprise.
Once they escalate the privilege to NT AuthoritySYSTEM, attackers use RDP to deploy payload on the remote systems, in some cases the tasks were created remotely.
To mitigate the attacks, it is recommended to patching web servers, web applications, and dependencies of the applications. Red Canary published a detailed report with indicators Indicators of compromise.
Gartner predicts Cloud Security failures
Gartner has issued a latest cloud security report in which the research organization states that mismanagement of identities, access and privilege will prove as the number one reasons for cloud security failures in next three years.
Managing Privileged Access in Cloud Infrastructure of Gartner claims that by the year 2023 over 50% of incidents will revolve around the above-stated problems.
As more and more firms are adopting cloud platforms for their workloads, defending cloud infrastructure will become a crucial concern for MSPs in near future said Gartner.
“Unless cloud admins deploy proper security and risk management tools, effective management of such cloud platforms is not possible,”, says Paul Mezzera, the author of Gartner’s Managing Privileged Access in Cloud Infrastructure report.
To counter such situations, the only solution left for CSPs is to employ specialized cloud infrastructure management tools which are “Identity Centric”.
In the previous year, 4 in every five businesses suffered a data breach via cloud platforms says a report released by Ermetic, a company offering security Identity solutions for data hosted in cloud platforms.
Based on the response of over 300 CISOs, Ermetic concluded in its report that 80% of firms could not identify security vulnerabilities that were caused by excess access to critical data on IaaS and PaaS cloud platforms.
Note– Founded in 1979, Gartner is a research company that provides information, advice and tools to companies related to IT, Finance, HR, Customer service and support along with Communications, legal and Compliance and marketing & sales.
BLOCKAPT’s Success With The London Office For Rapid Cybersecurity Advancement
BlockAPT announces a major accomplishment in being successful with the London Office for Rapid Cybersecurity Advancement (LORCA) accelerator programme, which is backed by the Department for Digital, Culture, Media & Sport.
LORCA helps scale early-stage cyber companies in the UK and internationally. Reinforcing BlockAPT’s mission to proactively safeguard organisation’s digital assets against persistent cyber threats today and tomorrow, LORCA chose BlockAPT as a result of our unique security centralised management platform, the team’s commitment and track record to provide one of the most advanced and intelligent cyber defence technologies available.
The success will enable BlockAPT to work with LORCA and grow on a number of fronts including new customers, technologists, partners and investors.
Zafar Karim, CEO of BlockAPT said: “We are delighted and proud to have got through LORCA’s stringent and competitive assessment process and be chosen as one of the latest cybersecurity innovators globally. This is testament to our mission to help protect the digital security of both organisations and people through sharing our knowledge, passion and expertise with our industry game changing BlockAPT platform. We look forward to working with LORCA to extend our reach in the UK and abroad over the forthcoming year”.
Saj Huq, LORCA’s director, said: “The arrival of our fifth cohort highlights that there is world-leading talent and cutting-edge technology available to address these challenges and enable secure, societal-wide digital transformation”.
Digital Infrastructure Minister Matt Warman said:
“We are committed to helping our innovative cyber security startups thrive and maintain our position as Europe’s leading tech hub.
“This initiative will see some of the brightest minds from across the country benefit from expert advice to turn their creative ideas into practical business tools and develop the cyber security technology of tomorrow.”
To find out more about BlockAPT, please visit: https://www.blockapt.com/
BlockAPT protects customers’ digital assets by unifying operational technologies against advanced persistent threats. It brings together automated threat intelligence, vulnerability management, device management and incident response management under one platform to help businesses’ Monitor, Manage, Automate and Respond (MMAR) to cyberthreats proactively and in a preventative manner.
Created by Founder and CTO, Marco Essomba, the advanced platform offers deep integration throughout multiple layers of security. The BlockAPT platform can be deployed within hours, in the cloud or on premise, as a single pane of glass solution working seamlessly and intelligently in the background to safeguard businesses digital environments.
Command Injection Vulnerabilities Is Recently Patched By Palo Alto Networks
On Wednesday, Palo Alto Networks told clients that it fixed two high-severity bugs in PAN-OS, the program running on the company’s firewalls.
The more serious of the flaws on the basis of their CVSS score is CVE-2020-2034, which affects the GlobalProtect portal and allows an unauthenticated attacker with network access to the targeted system to execute arbitrary operating system commands with root permissions.
“An attacker would need some level of specific information on an impacted firewall configuration or conduct brute-force attacks to exploit this problem,” the vendor said in his advisory.
The vulnerability can only be exploited by allowing the GlobalProtect feature. Prisma Access services are not affected, the company says, and the PAN-OS versions that patch CVE-2020-2021, a crucial vulnerability that was recently revealed, also address this bug.
The second high-severity vulnerability is identified as CVE-2020-2030 and enables the execution of arbitrary OS commands with root privileges by an attacker with admin access to the PAN-OS management interface
Palo Alto Networks claims that both vulnerabilities were recently found, and there is no evidence of malicious exploitation. One study, however, noted that tens of thousands of devices may be vulnerable to attacks.
— Nate W. | #BlackLivesMatter | #NoJusticeNoPeace (@n0x08) July 8, 2020
The company also told customers that two medium-severity vulnerabilities in PAN-OS have been patched: one that can be exploited by an authenticated attacker with denial-of – service (DoS) privileges, and one related to the use of the obsolete TLS 1.0 protocol for some contact between cloud-based services and PAN-OS.
Such flaws do not seem to be as severe as CVE-2020-2021, which was fixed by Palo Alto Networks in late June and which allows an attacker to circumvent authentication. Soon after publication of a patch, U.S. Cyber Command warned that it’s possible international APTs will try to exploit it soon.
Hackers have exploited a critical vulnerability from F5 Networks that has impacted the BIG-IP application delivery controller (ADC) over the last week. Soon after publication, proof-of – concept (PoC) exploits were made public and a growing number of attacks were spotted. Attackers also provided different payloads, including web shells and DDoS malware.
Chainalysis Raises Additional $14 Million in Series B Funding Round
Justin Sun’s BitTorrent Introduces Binance USD (BUSD) As A Payment Option
æternity Reveals Six Chinese Projects in Progress on Its Platform
YouTube Kids app is now on Amazon’s Fire TV
Brave (BAT) and bitFlyer Partner to Create Crypto Wallet
STEAM Revolution Partners With SIMBA to Bring Blockchain Education to Public Schools
This Crucial Bitcoin Support Could Propel BTC as High as $11,500
Clearview AI faces more scrutiny from UK and Australian privacy commissioners
ShareRing, GDA Capital Partner to Increase Distribution of SHR Token
Malaysian Securities Commission Warns About Cryptocurrency ATMs
An Industry Milestone: Coinbase Kicks Off Preparations For A Stock Market Listing As Early As This Year
This Prominent Bitcoin Advocate Just Went Long on Ethereum; Here’s Why
Chainlink long-term Price Analysis: 09 July
IOTA Lidbot Announces Next Batch Of New Sensors
Interview: Colin Steil Offers an Insight Into the Cartesi Project
Stellar (XLM) Breaks One Year Downtrend As Bulls Target New Resistance Levels
Dogecoin Fever Now Has Binance, Bitfinex And OKEx Rushing For Profits
Vertigo Remastered Release Date Announced
100k In USDC Is Still Frozen, Centralized Stablecoins Face Scrutiny
Report: Bitcoin Trading Has Fallen By Nearly 40%
Former Swiss President Sees the Country Leading in DLT and Technology of the Future
Binance Confirms Autumn Launch Of Its New UK Crypto Trading Platform
Kerala gold smuggling case: Govt transfers probe to NIA; ‘serious implications for national security’, says MHA
BitTorrent Adds Binance USD as a Payment Option
Wind Power Market Size, Share & Trends Analysis Report By Location, By Application, By Region and Segment Forecasts, 2020 – 2027
Massive BTC Buy Order To Ensure Bitcoin Will Never Go To Zero
A Ford Focus driver wound up with a nearly $1,000 ticket after being clocked at 437 mph by a faulty speed camera
Cardano (ADA) Issues Warning against Possible Crypto Investment Scam in Japan
Canadian Stocks Languishing In Negative Territory Despite Paring Some Early Losses
The Global Battery Separator Market is expected to grow from USD 2,690.35 Million in 2019 to USD 5,174.14 Million by the end of 2025 at a Compound Annual Growth Rate (CAGR) of 11.51%
Beat the Extreme Heat with a Delicious Cool Treat
IRES offers free access to Matterport for two months
Sage Intacct Names Alta Vista Technology a Premier Partner
Tezos [XTZ] short-term Price Analysis: 09 July
Westland Insurance Group Announces Appointment of Chief Information Officer
CAVU Resourcesâ Sinacori Builders Continues Making Headlines, Secures Key 26,000-Square-Foot Charlotte Site in Multimillion Dollar Deal
Bank of the James Announces Completion of Private Placement of Debt
A day trader on Reddit claimed they made a 3500% gain, and turned $35,000 into $1.25 million during the pandemic
Lockdown in Uttar Pradesh: Yogi Adityanath govt imposes lockdown from tomorrow; what is open, what is closed
Treasury’s Mnuchin backs narrower coronavirus aid package as talks with Congress resume
Automotive1 week ago
Variables Complicate Safety-Critical Device Verification
Business Insider5 days ago
A 17-year-old entrepreneur made nearly $500,000 reselling sneakers during a quarantine. Here’s a look inside his pandemic-proof business model.
Gaming7 days ago
Fortnite Floating Rings Locations: Where To Collect Rings At Lazy Lake
Blockchain1 week ago
Bitcoin Solves This: $2.8 Billion Worth of Gold Counterfeited by Chinese Company from Wuhan
Gaming1 week ago
Rat King – The Last of Us Part 2
AI1 week ago
This Tiny House Is 3D Printed, Floats, and Will Last Over 100 Years
Gaming1 week ago
Nier Creator’s New Game SinoAlice Is Out Now
Gaming7 days ago
Popular gamer Byron ‘Reckful’ Bernstein dead at 31, hours after proposing on Twitter