Connect with us

Cyber Security

Blue Mockingbird Malware Gang Infected Thousands of Enterprise Systems

Avatar

Published

on

Malware

Thousands of enterprise systems are thought to have been infected with a crypto-currency-mining malware operated by a group tracked under Blue Mockingbird’s codename.

Discovered earlier this month by cloud security firm Red Canary malware researchers, it is assumed the Blue Mockingbird community has been operating since December 2019.

Researchers say that Blue Mockingbird attacks servers running ASP.NET apps which use the Telerik framework for their component user interface ( UI).

Hackers exploit the vulnerability of CVE-2019-18935 to plant a web shell on the server which has been targeted. They then use a variant of the Juicy Potato technique to gain access at admin-level and change server settings to obtain persistence (re)boot.

Once they have full access to a system, they will download and install a version of XMRRig, the popular Monero (XMR) cryptocurrency mining app.

Some attacks are crucial against internal networks

Red Canary experts claim that if the public-facing IIS servers are connected to the internal network of a organization, the group often attempts to spread internally through RDP (Remote Desktop Protocol) or SMB (Server Message Block) connections that are weakly secured.

In an email interview earlier this month, Red Canary told ZDNet they don’t have a full view of the activities of this botnet, but they assume the botnet has made at least 1,000 infections so far, only because of the limited visibility they have.

“We have limited visibility in the threat landscape like any security company and no way to reliably know the full scope of this threat,” a spokesperson for Red Canary told us.

“In particular, this threat has affected a relatively limited percentage of organizations whose endpoints we control. However, we have detected about 1,000 infections within these organizations and over a short period of time.”

Red Canary, however, says the number of companies that have been affected could be much higher and even companies that believe they are safe are at risk of attack.

Dangerous vulnerability in the Telerik UI

This is because the vulnerable Telerik UI component may be part of ASP.NET applications running on their new updates, but the Telerik component may be other obsolete versions, often exposing businesses to attacks.

Many companies and developers may not even know whether the aspect of the Telerik UI is even part of their applications, again leaving companies exposed to attacks.

And this uncertainty has been exploited ruthlessly over the past year by attacks, ever since information about the vulnerability became public.

For example, the US National Security Agency ( NSA) listed the Telerik UI vulnerability CVE-2019-18935 as one of the most exploited vulnerabilities used to plant web shells on servers in an advisory published late April.

The Australian Cyber Security Center (ACSC) also identified the Telerik UI vulnerability CVE-2019-18935 as one of the most exploited vulnerabilities to target Australian organizations in 2019 and 2020, in another security advisory released last week.

Organizations may not in certain cases have the option of upgrading their insecure devices. For these situations, several businesses will have to ensure that they at their firewall level block the exploitation attempts for CVE-2019-18935.

If they don’t have a cloud firewall, businesses need to search for server- and workstation-level signs of a compromise. Here, Red Canary has published a report with compromising indications that businesses can use to search servers and networks for signs of a Blue Mockingbird attack.

“As always, our primary aim in releasing information like this is to help security teams establish threat detection techniques that are likely to be used against them. In this way, we believe it is important for security to determine their ability to detect persistence based on COR PROFILER and initial access through Telerik vulnerability exploitation,” Red Canary told.

Source: https://cybersguards.com/blue-mockingbird-malware-gang-infected-thousands-of-enterprise-systems/

Cyber Security

Gartner predicts Cloud Security failures

Avatar

Published

on

Gartner has issued a latest cloud security report in which the research organization states that mismanagement of identities, access and privilege will prove as the number one reasons for cloud security failures in next three years.

Managing Privileged Access in Cloud Infrastructure of Gartner claims that by the year 2023 over 50% of incidents will revolve around the above-stated problems.

As more and more firms are adopting cloud platforms for their workloads, defending cloud infrastructure will become a crucial concern for MSPs in near future said Gartner.

“Unless cloud admins deploy proper security and risk management tools, effective management of such cloud platforms is not possible,”, says Paul Mezzera, the author of Gartner’s Managing Privileged Access in Cloud Infrastructure report.

To counter such situations, the only solution left for CSPs is to employ specialized cloud infrastructure management tools which are “Identity Centric”.

In the previous year, 4 in every five businesses suffered a data breach via cloud platforms says a report released by Ermetic, a company offering security Identity solutions for data hosted in cloud platforms.

Based on the response of over 300 CISOs, Ermetic concluded in its report that 80% of firms could not identify security vulnerabilities that were caused by excess access to critical data on IaaS and PaaS cloud platforms.

Note– Founded in 1979, Gartner is a research company that provides information, advice and tools to companies related to IT, Finance, HR, Customer service and support along with Communications, legal and Compliance and marketing & sales.

Source: https://www.cybersecurity-insiders.com/gartner-predicts-cloud-security-failures/

Continue Reading

Cyber Security

BLOCKAPT’s Success With The London Office For Rapid Cybersecurity Advancement

Avatar

Published

on

BlockAPT announces a major accomplishment in being successful with the London Office for Rapid Cybersecurity Advancement (LORCA) accelerator programme, which is backed by the Department for Digital, Culture, Media & Sport.

LORCA helps scale early-stage cyber companies in the UK and internationally.  Reinforcing BlockAPT’s mission to proactively safeguard organisation’s digital assets against persistent cyber threats today and tomorrow, LORCA chose BlockAPT as a result of our unique security centralised management platform, the team’s commitment and track record to provide one of the most advanced and intelligent cyber defence technologies available.

The success will enable BlockAPT to work with LORCA and grow on a number of fronts including new customers, technologists, partners and investors.  

Zafar Karim, CEO of BlockAPT said: “We are delighted and proud to have got through LORCA’s stringent and competitive assessment process and be chosen as one of the latest cybersecurity innovators globally. This is testament to our mission to help protect the digital security of both organisations and people through sharing our knowledge, passion and expertise with our industry game changing BlockAPT platform.  We look forward to working with LORCA to extend our reach in the UK and abroad over the forthcoming year”.

Saj Huq, LORCA’s director, said: “The arrival of our fifth cohort highlights that there is world-leading talent and cutting-edge technology available to address these challenges and enable secure, societal-wide digital transformation”.

Digital Infrastructure Minister Matt Warman said:

“We are committed to helping our innovative cyber security startups thrive and maintain our position as Europe’s leading tech hub.

“This initiative will see some of the brightest minds from across the country benefit from expert advice to turn their creative ideas into practical business tools and develop the cyber security technology of tomorrow.”

To find out more about BlockAPT, please visit: https://www.blockapt.com/ 

About BlockAPT 

BlockAPT protects customers’ digital assets by unifying operational technologies against advanced persistent threats. It brings together automated threat intelligence, vulnerability management, device management and incident response management under one platform to help businesses’ Monitor, Manage, Automate and Respond (MMAR) to cyberthreats proactively and in a preventative manner. 

Created by Founder and CTO, Marco Essomba, the advanced platform offers deep integration throughout multiple layers of security. The BlockAPT platform can be deployed within hours, in the cloud or on premise, as a single pane of glass solution working seamlessly and intelligently in the background to safeguard businesses digital environments.

Source: https://www.itsecurityguru.org/2020/07/09/blockapts-success-with-the-london-office-for-rapid-cybersecurity-advancement/?utm_source=rss&utm_medium=rss&utm_campaign=blockapts-success-with-the-london-office-for-rapid-cybersecurity-advancement

Continue Reading

Cyber Security

Command Injection Vulnerabilities Is Recently Patched By Palo Alto Networks

Avatar

Published

on

Vulnerabilities

On Wednesday, Palo Alto Networks told clients that it fixed two high-severity bugs in PAN-OS, the program running on the company’s firewalls.

The more serious of the flaws on the basis of their CVSS score is CVE-2020-2034, which affects the GlobalProtect portal and allows an unauthenticated attacker with network access to the targeted system to execute arbitrary operating system commands with root permissions.

“An attacker would need some level of specific information on an impacted firewall configuration or conduct brute-force attacks to exploit this problem,” the vendor said in his advisory.

The vulnerability can only be exploited by allowing the GlobalProtect feature. Prisma Access services are not affected, the company says, and the PAN-OS versions that patch CVE-2020-2021, a crucial vulnerability that was recently revealed, also address this bug.

The second high-severity vulnerability is identified as CVE-2020-2030 and enables the execution of arbitrary OS commands with root privileges by an attacker with admin access to the PAN-OS management interface

Palo Alto Networks claims that both vulnerabilities were recently found, and there is no evidence of malicious exploitation. One study, however, noted that tens of thousands of devices may be vulnerable to attacks.

 The company also told customers that two medium-severity vulnerabilities in PAN-OS have been patched: one that can be exploited by an authenticated attacker with denial-of – service (DoS) privileges, and one related to the use of the obsolete TLS 1.0 protocol for some contact between cloud-based services and PAN-OS.

Such flaws do not seem to be as severe as CVE-2020-2021, which was fixed by Palo Alto Networks in late June and which allows an attacker to circumvent authentication. Soon after publication of a patch, U.S. Cyber Command warned that it’s possible international APTs will try to exploit it soon.

Hackers have exploited a critical vulnerability from F5 Networks that has impacted the BIG-IP application delivery controller (ADC) over the last week. Soon after publication, proof-of – concept (PoC) exploits were made public and a growing number of attacks were spotted. Attackers also provided different payloads, including web shells and DDoS malware.

Source: https://cybersguards.com/command-injection-vulnerabilities-is-recently-patched-by-palo-alto-networks/

Continue Reading
Financial Express40 mins ago

Kerala gold smuggling case: Govt transfers probe to NIA; ‘serious implications for national security’, says MHA

Publications43 mins ago

Wind Power Market Size, Share & Trends Analysis Report By Location, By Application, By Region and Segment Forecasts, 2020 – 2027

Publications47 mins ago

A Ford Focus driver wound up with a nearly $1,000 ticket after being clocked at 437 mph by a faulty speed camera

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications49 mins ago

Canadian Stocks Languishing In Negative Territory Despite Paring Some Early Losses

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications49 mins ago

The Global Battery Separator Market is expected to grow from USD 2,690.35 Million in 2019 to USD 5,174.14 Million by the end of 2025 at a Compound Annual Growth Rate (CAGR) of 11.51%

Publications51 mins ago

Beat the Extreme Heat with a Delicious Cool Treat

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications52 mins ago

IRES offers free access to Matterport for two months

Publications52 mins ago

Sage Intacct Names Alta Vista Technology a Premier Partner

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications52 mins ago

Westland Insurance Group Announces Appointment of Chief Information Officer

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications52 mins ago

CAVU Resources’ Sinacori Builders Continues Making Headlines, Secures Key 26,000-Square-Foot Charlotte Site in Multimillion Dollar Deal

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications52 mins ago

Bank of the James Announces Completion of Private Placement of Debt

Publications53 mins ago

A day trader on Reddit claimed they made a 3500% gain, and turned $35,000 into $1.25 million during the pandemic

Financial Express53 mins ago

Lockdown in Uttar Pradesh: Yogi Adityanath govt imposes lockdown from tomorrow; what is open, what is closed

CNBC56 mins ago

Treasury’s Mnuchin backs narrower coronavirus aid package as talks with Congress resume

CNBC58 mins ago

Supreme Court says Manhattan DA can get Trump’s tax records, but rejects bid by House Democrats

Financial Express59 mins ago

Now, Jio petrol pump: RIL, BP start fuel retailing joint venture under this brand

Business Insider59 mins ago

Lululemon is doing something that it almost never does as the pandemic squeezes its business

Business Insider60 mins ago

United and American Airlines are cancelling flights to Hong Kong over a requirement that crew members get tested for COVID-19 on arrival (UAL, AAL)

goldman-sachs-wall-street-is-bracing-for-a-historically-wild-stock-market-as-the-presidential-election-nears-heres-a-surprising-yet-simple-strategy-for-protecting-your-portfolio-regardles.png
Business Insider1 hour ago

GOLDMAN SACHS: Wall Street is bracing for a historically wild stock market as the presidential election nears. Here’s a surprising yet simple strategy for protecting your portfolio — regardless of outcome.

Business Insider1 hour ago

How the pandemic is impacting the advertising business as live sports and events are cancelled and people cut back on spending

CNBC1 hour ago

Coronavirus live updates: American and United cancel Hong Kong flights, Fauci says new shutdowns may be necessary

Business Insider1 hour ago

US mortgage rates slip to a record low 3.03% for 30-year loans

Private Equity1 hour ago

K Fund’s Jaime Novoa discusses early-stage firm’s focus on Spanish startups

CNBC1 hour ago

WHO warns the coronavirus is ‘getting worse,’ continues to accelerate

Business Insider1 hour ago

Travelers are sticking close to home for vacations this summer. Here’s how Cambria Hotels locations across the US offer the perfect ‘staycation.’

Publications1 hour ago

Logitech pulls support for Harmony Express remote a year after launch

Business Insider1 hour ago

Meet the 25 power players at Instagram who are deciding the future of the wildly popular Facebook-owned app (FB)

CNBC1 hour ago

Coronavirus relief policies kept 10 million Americans out of poverty. They’re set to expire in July

Financial Express1 hour ago

TCS says deportation of students will restrict tech development in US

CNBC1 hour ago

Trump ally Roger Stone should go to prison next week, prosecutors tell court

Publications1 hour ago

Docker partners with AWS to improve container workflows

Business Insider1 hour ago

The best camping cookware

Publications1 hour ago

Peacock will stream over 175 Premier League matches next season

Publications1 hour ago

Trump taxes: Supreme Court says New York prosecutors can see records

Publications1 hour ago

Creandum backs Amie, a new productivity app from ex-N26 product manager Dennis Müller

Financial Express1 hour ago

News genre witnessed 43% rise in viewership in H12020: BARC-Nielsen Report

CNBC1 hour ago

Stock market live updates: Tech gives back early gains, Dow falls 400 points, Walgreens drops 8%

CNBC1 hour ago

Insana: Main Street investors diving into speculative penny stocks and SPACs is disturbing trend

here-are-the-banks-with-the-best-cd-rates.png
Business Insider1 hour ago

Here are the banks with the best CD rates

when-regulators-suspended-wirecards-uk-arm-payments-to-its-fintech-partner-accounts-bounced-the-suspension-has-lifted-but-for-some-the-money-is-still-missing.jpg
Business Insider1 hour ago

When regulators suspended Wirecard’s UK arm, payments to its fintech partner accounts bounced. The suspension has lifted — but for some, the money is still missing.

Trending