Connect with us

Cyber Security

Blue Mockingbird Hacker Group Attack Windows Machines at Multiple Organizations to Deploy cryptocurrency-mining Malware

Avatar

Published

on

Blue Mockingbird Hacker Group Attack Windows Machines at Multiple Organizations to Deploy cryptocurrency-mining Malware

Security researchers from Red Canary discovered potential hacker group Blue Mockingbirddeploying Monero cryptocurrency-mining payloads deployed on the Internet-facing Windows machines at multiple organizations.

The group found to be active since December 2019 and they use several techniques to bypass security technologies.

Blue Mockingbird Campaign

To gain initial access attackers exploit public-facing web applications those specifically using Telerik UI for ASP.NET AJAX.

Telerik UI is a suite of user interface components that helps in the web development process, 2019.3.1023 version affected with deserialization vulnerability(CVE-2019-18935).

This vulnerability found to be exploited by Blue Mockingbird to gain initial access to the system and to escalate privileges they use the JuicyPotato technique.

Once they gain full access to the system they deploy a popular version of Monero-mining tool XMRIG packaged as a DLL.

To maintain persistence the hacker group uses a novel “COR_PROFILER COM hijack to execute a malicious DLL and restore items removed by defenders.”

As the COR_PROFILER method was configured every process that loads the Microsoft .NET Common Language Runtime would establish persistence.

In some cases, the actor even created a new service to perform the same actions as the COR_PROFILER payload, reads Red Canary blog post.

By using the JuicyPotato exploit the hacker group escalates privileges from an IIS Application Pool Identity virtual account to the NT AuthoritySYSTEM account.

Blue Mockingbird uses these techniques to move laterally and distribute mining payloads across the enterprise.

Once they escalate the privilege to NT AuthoritySYSTEM, attackers use RDP to deploy payload on the remote systems, in some cases the tasks were created remotely.

To mitigate the attacks, it is recommended to patching web servers, web applications, and dependencies of the applications. Red Canary published a detailed report with indicators Indicators of compromise.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Source: https://gbhackers.com/blue-mockingbird-hacker-group-infects-windows-machines-at-multiple-organizations-to-deploy-cryptocurrency-mining-malware/

Cyber Security

Gartner predicts Cloud Security failures

Avatar

Published

on

Gartner has issued a latest cloud security report in which the research organization states that mismanagement of identities, access and privilege will prove as the number one reasons for cloud security failures in next three years.

Managing Privileged Access in Cloud Infrastructure of Gartner claims that by the year 2023 over 50% of incidents will revolve around the above-stated problems.

As more and more firms are adopting cloud platforms for their workloads, defending cloud infrastructure will become a crucial concern for MSPs in near future said Gartner.

“Unless cloud admins deploy proper security and risk management tools, effective management of such cloud platforms is not possible,”, says Paul Mezzera, the author of Gartner’s Managing Privileged Access in Cloud Infrastructure report.

To counter such situations, the only solution left for CSPs is to employ specialized cloud infrastructure management tools which are “Identity Centric”.

In the previous year, 4 in every five businesses suffered a data breach via cloud platforms says a report released by Ermetic, a company offering security Identity solutions for data hosted in cloud platforms.

Based on the response of over 300 CISOs, Ermetic concluded in its report that 80% of firms could not identify security vulnerabilities that were caused by excess access to critical data on IaaS and PaaS cloud platforms.

Note– Founded in 1979, Gartner is a research company that provides information, advice and tools to companies related to IT, Finance, HR, Customer service and support along with Communications, legal and Compliance and marketing & sales.

Source: https://www.cybersecurity-insiders.com/gartner-predicts-cloud-security-failures/

Continue Reading

Cyber Security

BLOCKAPT’s Success With The London Office For Rapid Cybersecurity Advancement

Avatar

Published

on

BlockAPT announces a major accomplishment in being successful with the London Office for Rapid Cybersecurity Advancement (LORCA) accelerator programme, which is backed by the Department for Digital, Culture, Media & Sport.

LORCA helps scale early-stage cyber companies in the UK and internationally.  Reinforcing BlockAPT’s mission to proactively safeguard organisation’s digital assets against persistent cyber threats today and tomorrow, LORCA chose BlockAPT as a result of our unique security centralised management platform, the team’s commitment and track record to provide one of the most advanced and intelligent cyber defence technologies available.

The success will enable BlockAPT to work with LORCA and grow on a number of fronts including new customers, technologists, partners and investors.  

Zafar Karim, CEO of BlockAPT said: “We are delighted and proud to have got through LORCA’s stringent and competitive assessment process and be chosen as one of the latest cybersecurity innovators globally. This is testament to our mission to help protect the digital security of both organisations and people through sharing our knowledge, passion and expertise with our industry game changing BlockAPT platform.  We look forward to working with LORCA to extend our reach in the UK and abroad over the forthcoming year”.

Saj Huq, LORCA’s director, said: “The arrival of our fifth cohort highlights that there is world-leading talent and cutting-edge technology available to address these challenges and enable secure, societal-wide digital transformation”.

Digital Infrastructure Minister Matt Warman said:

“We are committed to helping our innovative cyber security startups thrive and maintain our position as Europe’s leading tech hub.

“This initiative will see some of the brightest minds from across the country benefit from expert advice to turn their creative ideas into practical business tools and develop the cyber security technology of tomorrow.”

To find out more about BlockAPT, please visit: https://www.blockapt.com/ 

About BlockAPT 

BlockAPT protects customers’ digital assets by unifying operational technologies against advanced persistent threats. It brings together automated threat intelligence, vulnerability management, device management and incident response management under one platform to help businesses’ Monitor, Manage, Automate and Respond (MMAR) to cyberthreats proactively and in a preventative manner. 

Created by Founder and CTO, Marco Essomba, the advanced platform offers deep integration throughout multiple layers of security. The BlockAPT platform can be deployed within hours, in the cloud or on premise, as a single pane of glass solution working seamlessly and intelligently in the background to safeguard businesses digital environments.

Source: https://www.itsecurityguru.org/2020/07/09/blockapts-success-with-the-london-office-for-rapid-cybersecurity-advancement/?utm_source=rss&utm_medium=rss&utm_campaign=blockapts-success-with-the-london-office-for-rapid-cybersecurity-advancement

Continue Reading

Cyber Security

Command Injection Vulnerabilities Is Recently Patched By Palo Alto Networks

Avatar

Published

on

Vulnerabilities

On Wednesday, Palo Alto Networks told clients that it fixed two high-severity bugs in PAN-OS, the program running on the company’s firewalls.

The more serious of the flaws on the basis of their CVSS score is CVE-2020-2034, which affects the GlobalProtect portal and allows an unauthenticated attacker with network access to the targeted system to execute arbitrary operating system commands with root permissions.

“An attacker would need some level of specific information on an impacted firewall configuration or conduct brute-force attacks to exploit this problem,” the vendor said in his advisory.

The vulnerability can only be exploited by allowing the GlobalProtect feature. Prisma Access services are not affected, the company says, and the PAN-OS versions that patch CVE-2020-2021, a crucial vulnerability that was recently revealed, also address this bug.

The second high-severity vulnerability is identified as CVE-2020-2030 and enables the execution of arbitrary OS commands with root privileges by an attacker with admin access to the PAN-OS management interface

Palo Alto Networks claims that both vulnerabilities were recently found, and there is no evidence of malicious exploitation. One study, however, noted that tens of thousands of devices may be vulnerable to attacks.

 The company also told customers that two medium-severity vulnerabilities in PAN-OS have been patched: one that can be exploited by an authenticated attacker with denial-of – service (DoS) privileges, and one related to the use of the obsolete TLS 1.0 protocol for some contact between cloud-based services and PAN-OS.

Such flaws do not seem to be as severe as CVE-2020-2021, which was fixed by Palo Alto Networks in late June and which allows an attacker to circumvent authentication. Soon after publication of a patch, U.S. Cyber Command warned that it’s possible international APTs will try to exploit it soon.

Hackers have exploited a critical vulnerability from F5 Networks that has impacted the BIG-IP application delivery controller (ADC) over the last week. Soon after publication, proof-of – concept (PoC) exploits were made public and a growing number of attacks were spotted. Attackers also provided different payloads, including web shells and DDoS malware.

Source: https://cybersguards.com/command-injection-vulnerabilities-is-recently-patched-by-palo-alto-networks/

Continue Reading
Blockchain19 mins ago

Chainalysis Raises Additional $14 Million in Series B Funding Round

Blockchain28 mins ago

Justin Sun’s BitTorrent Introduces Binance USD (BUSD) As A Payment Option

Blockchain28 mins ago

æ​ternity Reveals Six Chinese Projects in Progress on Its Platform

youtube-kids-app-is-now-on-amazons-fire-tv.jpg
Blockchain29 mins ago

YouTube Kids app is now on Amazon’s Fire TV

Blockchain30 mins ago

Brave (BAT) and bitFlyer Partner to Create Crypto Wallet

Blockchain35 mins ago

STEAM Revolution Partners With SIMBA to Bring Blockchain Education to Public Schools

Blockchain37 mins ago

This Crucial Bitcoin Support Could Propel BTC as High as $11,500

Blockchain44 mins ago

Clearview AI faces more scrutiny from UK and Australian privacy commissioners

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Blockchain50 mins ago

ShareRing, GDA Capital Partner to Increase Distribution of SHR Token

Blockchain54 mins ago

Malaysian Securities Commission Warns About Cryptocurrency ATMs

Blockchain1 hour ago

An Industry Milestone: Coinbase Kicks Off Preparations For A Stock Market Listing As Early As This Year

Blockchain1 hour ago

This Prominent Bitcoin Advocate Just Went Long on Ethereum; Here’s Why

Blockchain1 hour ago

Chainlink long-term Price Analysis: 09 July

Blockchain1 hour ago

IOTA Lidbot Announces Next Batch Of New Sensors

Blockchain1 hour ago

Interview: Colin Steil Offers an Insight Into the Cartesi Project

Blockchain1 hour ago

Stellar (XLM) Breaks One Year Downtrend As Bulls Target New Resistance Levels

Blockchain1 hour ago

Dogecoin Fever Now Has Binance, Bitfinex And OKEx Rushing For Profits

vertigo-remastered-release-date-announced.png
AR/VR2 hours ago

Vertigo Remastered Release Date Announced

Blockchain2 hours ago

100k In USDC Is Still Frozen, Centralized Stablecoins Face Scrutiny

Blockchain2 hours ago

Report: Bitcoin Trading Has Fallen By Nearly 40%

Blockchain2 hours ago

Former Swiss President Sees the Country Leading in DLT and Technology of the Future

Blockchain2 hours ago

Binance Confirms Autumn Launch Of Its New UK Crypto Trading Platform

Financial Express2 hours ago

Kerala gold smuggling case: Govt transfers probe to NIA; ‘serious implications for national security’, says MHA

Blockchain2 hours ago

BitTorrent Adds Binance USD as a Payment Option

Publications2 hours ago

Wind Power Market Size, Share & Trends Analysis Report By Location, By Application, By Region and Segment Forecasts, 2020 – 2027

Blockchain2 hours ago

Massive BTC Buy Order To Ensure Bitcoin Will Never Go To Zero

Publications2 hours ago

A Ford Focus driver wound up with a nearly $1,000 ticket after being clocked at 437 mph by a faulty speed camera

Blockchain2 hours ago

Cardano (ADA) Issues Warning against Possible Crypto Investment Scam in Japan

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications2 hours ago

Canadian Stocks Languishing In Negative Territory Despite Paring Some Early Losses

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications2 hours ago

The Global Battery Separator Market is expected to grow from USD 2,690.35 Million in 2019 to USD 5,174.14 Million by the end of 2025 at a Compound Annual Growth Rate (CAGR) of 11.51%

Publications2 hours ago

Beat the Extreme Heat with a Delicious Cool Treat

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications2 hours ago

IRES offers free access to Matterport for two months

Publications2 hours ago

Sage Intacct Names Alta Vista Technology a Premier Partner

Blockchain2 hours ago

Tezos [XTZ] short-term Price Analysis: 09 July

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications2 hours ago

Westland Insurance Group Announces Appointment of Chief Information Officer

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications2 hours ago

CAVU Resources’ Sinacori Builders Continues Making Headlines, Secures Key 26,000-Square-Foot Charlotte Site in Multimillion Dollar Deal

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications2 hours ago

Bank of the James Announces Completion of Private Placement of Debt

Publications2 hours ago

A day trader on Reddit claimed they made a 3500% gain, and turned $35,000 into $1.25 million during the pandemic

Financial Express2 hours ago

Lockdown in Uttar Pradesh: Yogi Adityanath govt imposes lockdown from tomorrow; what is open, what is closed

CNBC2 hours ago

Treasury’s Mnuchin backs narrower coronavirus aid package as talks with Congress resume

Trending