Cybersecurity Update

This week, read about law enforcement taking down phishing-as-a-service site &?read other news in cybersecurity from us at?Third Wave.

CISA: New Whirlpool backdoor used in Barracuda ESG hacks: The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered that the backdoor malware named 'Whirlpool' used in attacks on compromised Barracuda Email Security Gateway (ESG) devices.? Read More??

The Roundup:? If you identify suspicious activity on your Barracuda ESG appliance or discover signs of compromise by any of the three mentioned backdoors, you are urged to contact CISA's 24/7 Operations Center at "[email protected]" to help with their investigations..?

?

Microsoft Exchange updates pulled after breaking non-English installs:? On August 8th, Microsoft released new Exchange Server security updates during the August 2023 Patch Tuesday. However, after Microsoft Exchange admins began installing the new updates on non-English servers, they found that the Exchange Windows services were no longer starting. Read More?

The Roundup:? Microsoft has since updated the August 2023 Exchange Server Security Updates bulletin, warning admins that they temporarily removed the update from Windows and Microsoft Update while they investigate the issue.?

??

Dell Compellent hardcoded key exposes VMware vCenter admin creds: An unfixed hardcoded encryption key flaw in Dell's Compellent Integration Tools for VMware (CITV) allows attackers to decrypt stored vCenter admin credentials and retrieve the cleartext password. Read More?

The Roundup:? “Dell Technologies released instructions for a full workaround to address a vulnerability in the Dell Storage Compellent Integration Tools for VMware product. Customers should review Dell Security Advisory DSA-2023-282 at their earliest convenience for details.”?

?

Gafgyt malware exploits five-years-old flaw in EoL Zyxel router: Fortinet has issued an alert warning that the Gafgyt botnet malware is actively trying to exploit a vulnerability in the end-of-life Zyxel P660HN-T1A router in thousands of daily attacks. Read More?

The Roundup: In response to the exploitation outbreak, Zyxel updated its security advisory, reminding customers that CVE-2017-18363 only impacts devices running firmware versions 7.3.15.0 v001/3.40(ULM.0)b31 or older. ?

??

Attackers Use EvilProxy to Target C-Suite Executives: Threat actors are taking control of cloud-based Microsoft 365 accounts of C-suite executives using a multifactor authentication phishing tool. Researchers from Proofpoint said the phishing emails mimic well-known and trusted services such as DocuSign and Adobe.?? Read More?

The Roundup: Researchers observed attackers using automation to identify in real time whether a phished user is a high-level profile, likely a C-level executive or a vice president, and obtain access to the account. Proofpoint reported a doubling in the number of cases in which unauthorized individuals gained control of executives' cloud-based accounts, potentially leading to unauthorized access, data breaches and other security breaches.?

?

Cyber Review: Teens Caused Chaos With Low-Complexity Attacks:? [Heather] Adkins (Google Security Chief) is deputy chair of the public-private U.S. Cyber Safety Review Board, which on Thursday issued its second-ever after-action report, this time focused on lessons to be learned from the success of the Lapsus$ group's attacks. Read More?

The Roundup: What does it mean for the state of our collective cybersecurity when "a loosely affiliated hacker group," some of them teenagers, can compromise "dozens of well-defended companies with low-complexity attacks"? ?

?

Law Enforcement Takes Down Phishing-as-a-Service Site: An international law enforcement operation took down a phishing-as-a-service website that security researchers said was responsible for more than 150,000 phishing domains. Read More?

The Roundup:? The site, 16shop, has been in existence since at least 2017. It sold phishing kits that targeted more than 70,000 people across 43 countries, including victims in Germany, Japan, France, the United States, the United Kingdom and Thailand.?

?

Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116: "Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115," Devon O'Brien said in a post published Thursday.? Read More?

The Roundup:? Kyber was chosen by the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) as the candidate for general encryption in a bid to tackle future cyber attacks posed by the advent of quantum computing. Kyber-768 is roughly the security equivalent of AES-192.?

?

CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft's .NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.? Read More?

The Roundup: While exact details surrounding the nature of exploitation are unclear, the Windows maker has acknowledged the existence of a proof-of-concept (PoC) in its advisory. It also said that attacks leveraging the flaw can be pulled off without any additional privileges or user interaction.???

??

Tangled Pipelines: The Oil Industry's National Security Nexus:? The safety dynamics of oil and gas production in the U.S. and the Americas have been called into question over the generations since crude oil has been extracted.? Read More?

The Roundup: Areas of concern over oil security fall into categories of physical safety breaches, such as when tankers spill or people are injured, cybersecurity, when logistics engineering is interrupted by cyber threats, and then areas where corruption or oversight undermines policy.?