You are here

Home » Cybersecurity

Cybersecurity

Flaw in Microsoft Exchange Autodiscover Function Allows Clear-Text Leakage of Windows Credentials

Approximately 100,000 Windows users worldwide have had their credentials leaked due to a flaw in the Microsoft Exchange Autodiscover feature. The Autodiscover feature is used by Microsoft Exchange to automatically configure a user’s email client with their organization’s predefined mail settings. After a user enters their credentials into an email client, the program attempts to authenticate to multiple Exchange Autodiscover URLs. It’s during this process that clear-text credentials could be routed to third-party untrusted websites to be collected.

CISA, FBI, and NSA Note Increase in Conti Ransomware Attacks in Advisory

The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the NSA have released a Joint Cybersecurity Advisory (CSA) on the Conti ransomware, noting they have observed the increased use of this malware in attacks. The advisory contains technical details on the malware; it also maps the malware’s techniques to the MITRE ATT&CK framework. Additionally, it discusses mitigation measures to reduce the risk of compromise by the Conti ransomware.

Cyber Hygiene – Addressing Authentication in Active Directory

Microsoft’s Active Directory (AD) service is rife with potential risk factors providing threat actors with multiple avenues of exploitation. The cybersecurity firm Mandiant reported that 90 percent of the breaches they surveyed exploited AD vulnerabilities. Topping the list of fixable AD vulnerabilities is inadequate authentication security. One of the most pervasive issues is corporate applications allowing users anonymous access to AD.

Trend Micro’s First Half of 2021 Cyber Threat Review

Trend Micro released its midyear review on cybersecurity threats detected in 2021 thus far. The study, Attacks From All Angles: 2021 Midyear Cybersecurity Report, covers Trend’s observations across ransomware, technical vulnerabilities, the impacts from the pandemic, and more. The report asserts that almost 41 billion threats were identified and blocked in the first six months of this year. Ransomware operations decreased from 14 million in the first half of 2020 to over 7 million during the same period this year.

Ransomware Resilience – Deferred Patching Could Result in a Ransomware Attack

Ransomware resilience is more than just having validated backups to use to restore your systems after a ransomware attack, patching has a lot to do with it too. A security researcher has compiled no less than forty-three (at the time of this writing) technical vulnerabilities across multiple products that ransomware actors are actively exploiting on unpatched devices.

Biden Administration Hoping to Deflate Ransomware Groups’ Pocketbooks

Amid the continued upward trend in ransomware attacks, the U.S Treasury issued a bulletin this morning that begins proposed actions of levying sanctions against cryptocurrency exchanges, wallets, and traders utilized by ransomware groups. At the behest of the Biden Administration, today’s actions include the Department of the Treasury’s Office of Foreign Assets Control’s (OFAC) designation of SUEX OTC, S.R.O.

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - September 16, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Alerts, Updates, and Bulletins:

Pot Calling the Kettle Black – Ransomware Groups Blame Negotiators for Only Being there to Make Money

Under the guise of ‘negotiators don’t care about the victim, they’re only in it for the money,’ at least two ransomware groups have recently upped the ante on their quest for a quick buck – or hundreds of thousands of bucks. Amid the flurry of ransomware attacks, the Grief ransomware group is now threatening to destroy the decryption keys of any victim who hires a professional negotiator. Similarly, the Ragnar Locker ransomware group threatened to release stolen data if the victim contacted law enforcement or a negotiator.

Another Reason to Patch – Potential Nexus Between Microsoft’s MSHTML Zero-Day Attacks and Ransomware Activity

Microsoft recently disclosed that its Windows MSHTML zero-day vulnerability may have possibly been exploited by ransomware gangs. The exploit, tracked as CVE-2021-40444, was revealed on September 7 when Microsoft acknowledged that it had observed the exploit used in limited targeted attacks. Microsoft released a patch for this vulnerability with its September 14th updates.

Pages

Subscribe to Cybersecurity