SUBSCRIBE NOW

Tag: cyber security

Over 2M Websites at Risk: New Cyber Threat in Popular WordPress Plugin

Posted on by Admin

“According to the latest event, researchers have discovered that certain cyber attacks can exploit the latest version of WordPress. Authorities have asked users of the Advanced Custom Fields plugin for WordPress to update. They urged to make the update to version 6.1.6 of WordPress.”

WordPress, a widely used CMS is a free and open-source CMS written in hypertext preprocessor language and coupled with a MySQL or MariaDB database. WordPress, which powers 43% of the web, updates itself yearly as a content management system (CMS).

Also Read, Halcyon Gets $50M Fund for Anti-Ransomware Tool Development

According to the latest event, researchers have discovered that certain cyber attacks can exploit the latest version of WordPress. Authorities have asked users of the Advanced Custom Fields plugin for WordPress to update. They urged to make the update to version 6.1.6 of WordPress.

The vulnerability, known as CVE-2023-30777, represents a case of reflected cross-site scripting (XSS). Malicious actors can exploit this vulnerability to inject absurd executable scripts into otherwise benign websites.

Users have installed the Advanced Custom Fields plugin, available in both pro and free versions, more than two million times. Security researchers discovered and reported the vulnerability to the WordPress team on May 2, 2023.

Patchstack researcher Rafie Muhammad said, “This vulnerability allows any unauthenticated user to steal sensitive information. In this case, the vulnerability enables privilege escalation on the WordPress site by tricking a privileged user into visiting the crafted URL path.”

Users can experience reflected XSS cyber attacks when they unknowingly click on a fake link sent through email or other means, such as messages. This action allows malicious code to infiltrate the vulnerable website, which then reflects the attack back to the user’s browser.

Imperva, a cyber security leader notes, “[A reflected XSS attack] is typically a result of incoming requests not being sufficiently sanitized, which allows for the manipulation of a web application’s functions and the activation of malicious scripts,”

It is worth noting that the vulnerability CVE-2023-30777 can start on the configuration of Advanced Custom Fields or on a default installation. However, only logged-in accounts with plugin access can perform this task.

Halcyon Gets $50M Fund for Anti-Ransomware Tool Development

Posted on by Admin

“The startup said the Series A funding was led by SYN Ventures, a renowned investment company that gives early-stage funding to cybersecurity companies. Halcyon also took on equity investments from Corner Capital and Dell Technologies Capital.”

Halcyon, a startup based in Texas, US, developing an anti-ransomware engine powered by AI that will help companies ward off data extortion attacks, has got $50 million in funding from known venture capital investors.

Also Read, CISA Launch Open-Source Tool to Detect Microsoft Cloud Hacking

The startup said the Series A funding was led by SYN Ventures, a renowned investment company that gives early-stage funding to cybersecurity companies. Halcyon also took on equity investments from Corner Capital and Dell Technologies Capital.

The new funding gives a boost to Halcyon to accelerate the development and adoption of what it is calling a “cyber resilience platform” built to defeat extortion and ransomware campaigns.

Halcyon is marketing a platform that ensures a multi-layered approach to defeat ransomware and it is developed using a lightweight engine that merges prevention engines with AI models trained solely on ransomware.

Pre-execution ransomware prevention is a feature that uses AI/ML engines to identify and avoid any known bad executables such as off-the-shelf commodity ransomware and forwards unknown but skeptical executables to the extra security layers for further analysis.

Jon Miller, the Co-Founder, of Halcyon, said, “We engineered to embrace failure as a core concept of protection. Stopping ransomware requires multiple prevention and detection techniques, all trained extensively on years of actual ransomware attacks.”

Halcyon has also provided features to trick ransomware into revealing or aborting the attack by exploiting features hardcoded in the ransomware itself.

CISA Launch Open-Source Tool to Detect Microsoft Cloud Hacking

Posted on by Admin

“Known as the ‘Untitled Goose Tool’ and developed along with Sandia, a U.S. Department of Energy national laboratory, the tool can dump telemetry information from Microsoft 365, Microsoft Azure, and Azure Active Directory.”

CISA, the American Cybersecurity & Infrastructure Security Agency has released a new open-source incident response (OSIR) tool designed to detect signs of unauthorized activity in Microsoft cloud environments.

Also Read, Hackers in Order to Install Frebniis Malware Hacks IIS Feature

Known as the ‘Untitled Goose Tool’ and developed along with Sandia, a U.S. Department of Energy national laboratory, the tool can dump telemetry information from Microsoft 365, Microsoft Azure, and Azure Active Directory. 

CISA said, “Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments. Untitled Goose Tool gathers additional telemetry from Microsoft Defender for Endpoint (MDE) and Defender for Internet of Things (IoT) (D4IoT).”

With the help of Microsoft cloud interrogation and analysis tool of CISA, security networks, and experts will be able to –

  • Export and review Microsoft Defender for IoT alerts, Azure activity logs, M365 unified audit log, AAD sign-in and audit logs, and Microsoft Defender for Endpoint data for suspicious activity.
  • Query, export, and investigate Azure,  AAD, and M365 configurations.
  • Draw out cloud artifacts from Microsoft’s M365, AAD, and Azure environments without executing additional analytics. 
  • Managing time bounding of the UAL.

Earlier in March 2023, an open-source tool called ‘Decider’ was released by CISA to help defenders generate MITRE ATT&CK mapping reports to fine-tune their security posture based on the tactics and techniques of adversaries.

Decider was launched when a “best practices” guide about MITRE ATT&CK mapping in January was published, highlighting the imperativeness of using the standard. It also announced that starting January 2023, it would alert critical infrastructure entities of Internet-based systems susceptible to ransomware attacks.

NBA Warns Fans of Cyber Attack and Data Breach

Posted on by Admin

“The data hacked was limited, and it is ample to do phishing attacks and other scams. The NBA urges its fans to stay cautious when they open doubtful emails that only appear to be from the association or its partners.”

Though the credentials of fans were not impacted by the attack, the hackers managed to steal some of their information. The National Basketball Association (NBA) has already hired a third-party cybersecurity service to investigate and resolve the issue.

Also Read, New US Cybersecurity Strategy Targets Cyber Attacks from China

However, the data hacked was limited, and it is ample to do phishing attacks and other scams. The NBA urges its fans to stay cautious when they open doubtful emails that only appear to be from the association or its partners.

To ensure that fans won’t get trapped in phishing attempts, the association clarified that it will never ask its fans for their usernames, account information, or passwords through their emails. Another indication that the email is true is if the email address ends in “@nba.com.”

Fans requested to ensure that if they do get an email with attachments that have suspicious links and take it to another website, they must verify it first before opening it since it could lead fans to a malicious website.

Previous NBA-Related Cyber Attacks

Back in April 2021, the NBA team Houston Rockets also faced a cyber attack, where the hackers tried to install malware on the computer systems of the franchise. However, the trials failed and threat actors did not breach their systems.

Houston Rockets hired cybersecurity experts to investigate the attack as they worked with the FBI (Federal Bureau of Investigation) as well. 

Tracey Hughes, Houston Rockets Spokesperson, said, “the organization detected suspicious activity on certain systems in its internal network.”

The malware did not impose any threat because of the cyber defenses that were already installed before the attack. The Houston Rockets mentioned that a few systems were impacted but it did not disturb their operations.

New US Cybersecurity Strategy Targets Cyber Attacks from China

Posted on by Admin

“The strategy also pointed towards China which is considered, “the broadest, most active, and most persistent threat to both government and private sector networks.”

The US unveils a new cybersecurity strategy that puts a huge responsibility on tech giants in preventing cyber crimes and cyber attacks.

The National Cybersecurity Strategy made by The Joe Biden-Kamala Harris administration in the US put stress on equalizing the responsibility to safeguard cyberspace by “shifting the responsibility for cybersecurity away from local governments, individuals or small businesses and also to the companies that are best fit to minimize risks for all of us.

Also Read, Hackers in Order to Install Frebniis Malware Hacks IIS Feature

The strategy also pointed towards China which is considered, “the broadest, most active, and most persistent threat to both government and private sector networks.”

The strategy ensured that we must reorient incentives to support long-term investments by “striking a careful balance between defending ourselves against urgent threats today and simultaneously strategically planning for and investing in a resilient future”.

The US government said by using all instruments of national power, “we will make malicious cyber actors incapable of threatening the national security or public safety of the United States” and track ransomware threats via a complete Federal approach and in “lockstep with our international partners”.

The US will put the responsibility on those organizations in the digital ecosystem which are best placed to minimize risk and move the consequences of poor cybersecurity away from the most feeble “in order to make our digital ecosystem more trustworthy”.

The country has lately been the victim of several nation-state cyber attacks on its industry and government organizations, especially from China-based cyber attacks.

The country “seeks a world where responsible state behavior in cyberspace is expected and reinforced and where irresponsible behavior is isolating and costly”.

Hackers in Order to Install Frebniis Malware Hacks IIS Feature

Posted on by Admin

“Frebniis, the malware uses a method that injects harmful code into iisfreb.dll’s memory. Iisfreb.dll is a DLL file attached with an IIS feature used for checking unsuccessful web page requests.”

“Frebniss” is a new sort of malware that recently posed a threat to Microsoft’s Internet Information Services (IIS). 

Also Read, What is the ‘North Korean Hacking’ fiasco in the cryptocurrency fiasco?

The malware is being employed by hackers to help them carry out stealthy commands using web requests that are transmitted through the internet.

Microsoft IIS is a robust software app platform uses for web application hosting and web server functionality. Among its multiple uses, the software application platform serves crucial services of Microsoft such as Outlook.

Microsoft IIS is a trusted platform and enables users to get easy access to services and web applications, making it a preferred choice for businesses and individuals simultaneously.

Frebniis Corrupts IIS Feature

Frebniis, the malware uses a method that injects harmful code into iisfreb.dll’s memory. Iisfreb.dll is a DLL file attached with an IIS feature uses for checking unsuccessful web page requests. 

With the help of the IIS feature, all HTTP requests are stealthily tracked by Frebniis and detect particular formats of requests from the hacker, leading to the possibility of executing remote code.

frebniis-malware

The hacker must get access to the Windows system operating the IIS server utilizing another method to apply this trick. But, how the hacker got this access in this instance remains uncertain.

frebniis

The injected .NET backdoor allows C# code execution and helps in proxying without doing disk interaction which makes it undetectable. A particular password is checked when default[.]aspx or logon[.]aspx are requested. 

frebniis-malware-attack-microsoft-iis-internet-information-services

Frebniis can command and link with other systems via compromised IIS, utilizing a base64 encoded string as a second HTTP parameter, accessing secured internal systems which are publicly unavailable.

Reddit Claimed of Hacking says User Data is Safe

Posted on by Admin

Synopsis

“Reddit explaining the nature of the phishing attack further mentioned that the attack was targeted at Reddit employees pressuring them into clicking on the link to a site that was similar to the internal gateway of Reddit. It seems some of the employees clicked on the link and enabled the hackers to enter the internal systems, thereby getting hold of the company data.”

Reddit, the California-based technology enabled community builder, has accepted that its site was hacked this week and claimed that the phishing attack was sophisticated targeting its employees.

Also Read, Cybersecurity Attacks: New Wave of Ransomware Target ESXi Hypervisors of VMware

The social media platform also mentioned this phishing attack happened on February 5 breaching the security systems of Reddit.

Having said that, the information technology company made sure that there was no exposure of the user database in the hack attempt but the hackers were able to access code, some internal documents, and some internal business systems.

Reddit explaining the nature of the phishing attack further mentioned that the attack was targeted at Reddit employees pressuring them into clicking on the link to a site that was similar to the internal gateway of Reddit.

It seems some of the employees clicked on the link and enabled the hackers to enter the internal systems, thereby getting hold of the company data. 

It once again persuades users that there has been no data loss or attack on the data of users. And in fact most of the data leaked comprises limited information about hundreds of company contacts and employees.

The company has tackled a complete analysis of the phishing attack after the employees notified them of possible intrusion from hackers.

The security team of Reddit managed to immediately close the breach and ascertain there was the least possible damage to its systems.

First of all, the attacker’s access to the systems was blocked and then initiated its enquiry into the incident mentioning the aforementioned details.

Cybersecurity Attacks: New Wave of Ransomware Target ESXi Hypervisors of VMware

Posted on by Admin

Synopsis

“VMware ESXi hypervisors which are bare-metal hypervisors that install directly onto physical servers are the target of a new wave of attacks made to place ransomware on compromised systems.”

VMware is a top-notch provider of multi-cloud services for all apps, allowing digital innovation with enterprise control. The VMware ESXi hypervisors which are bare-metal hypervisors that install directly onto physical servers are the target of a new wave of attacks made to place ransomware on compromised systems.

The Computer Emergency Response Team (CERT), France said on Friday, “These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021,”.

Also Read, OpenAI ChatGPT Plus Version will Accessible $20 Monthly

VMware in its released alert explained the issues as an OpenSLP heap-overflow exposure that could cause the execution of arbitrary code.

The virtualization services provider noticed, “A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution,”.

Resecurity, a California-based cybersecurity company said in January, “The actors are inviting both Russian- and English-speaking affiliates to collaborate with a big number of Initial Access Brokers (IABs) in [the] dark web.

Notably, the group behind the Nevada Ransomware is also buying compromised access by themselves, the group has a dedicated team for post-exploitation, and for conducting network intrusions into the targets of interest.”

Although, Bleeping Computer, an information security and technology news publication said that the ransom notes seen in the attacks do not resemble Nevada ransomware, adding the strain is being tracked under the name ESXiArgs.

OVHcloud, a French cloud services provider said that these Ransomware attacks are discovered across the globe mainly focusing on Europe to disrupt its cybersecurity power. It is speculated that these ransomware attacks are done with Nevada, a Rust-based ransomware strain that surfaced on the scene in December 2022.

Hive, Luna, BlackCat, RansomExx, Nokoyawa, and Agenda are other ransomware families that have embraced Rust in recent months.

Global Chief Insights is a world’s most trusted print and digital magazine for industry leaders and professionals to share their experiences, ideas.
Facebook Twitter Linkedin

QUICK LINKS

CONTACT US

Address : 411 W 1st St, Suite 261, Sanford, FL 32771, United States
Phone : +1302-261-5313
Email: [email protected]

LATEST ISSUES

@2024 Global Chief Insights LLC. | All Rights Reserved
Privacy Policy
General Disclaimer
Terms and Conditions