AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/03/2022

Microsoft confirms new Exchange zero-days are used in attacks

Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild. “The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker,” Microsoft said. “At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems.”

 

Fake CISO Profiles on LinkedIn Target Fortune 500s

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources. If one searches LinkedIn for the CISO of the energy giant Chevron, one might find the profile for a Victor Sites, who says he’s from Westerville, Ohio and is a graduate of Texas A&M University.

 

Open source software hijacked by North Korean hackers

Infamous North Korean threat actor Lazarus Group has been observed engaging in a highly sophisticated, targeted malware attack that involves compromising popular open-source software and running spear phishing campaigns. As a result, it has managed to compromise “numerous” organizations in the media, defense and aerospace, as well as IT services industries, a report (opens in new tab) from Microsoft has concluded. The company claims Lazarus (or ZINC, as it dubs the group) compromised PuTTY, among other open-source applications, with malicious code that installs spyware. PuTTY is a free and open-source terminal emulator, serial console, and network file transfer application.

 

Ex-eBay execs jailed for cyberstalking web critics

Two now-former eBay executives who pleaded guilty to cyberstalking charges this year have been sent down and fined tens of thousands of dollars. James Baugh, ex-senior director of safety and security at the internet tat bazaar, was sentenced to nearly five years – 57 months – behind bars, plus two years of supervised release and fined $40,000 for harassing, both electronically and physically, Ina and David Steiner, who produce EcommerceBytes, a website and newsletter critical of eBay. David Harville, eBay’s former director of global resiliency, was sentenced to two years in prison plus two years supervised release, and fined $20,000 for his role in what prosecutors described as a harassment campaign directed at the Steiners. 

 

Ever suspected bankers could just use WhatsApp comms? $1.8b says you’re right

Ever given a colleague a quick Signal call so you can sidestep a monitored workplace app? Well, we’d hope you’re not in a highly regulated industry like staff at eleven of the world’s most powerful financial firms, who yesterday were fined nearly $2 billion for off-channel comms. Banking giants including Goldman Sachs, Credit Suisse, and Citigroup agreed to pay $1.1 billion in penalties from the US Securities and Exchange Commission (SEC) and $710 million in fines from the Commodity Futures Trading Commission (CFTC) in separate actions on Tuesday for failing to monitor and stop their workers from using unauthorized messaging apps. The action comes after months of wrangling between the federal regulators and the banks, culminating in fines many have criticized as being too small to be a real deterrent.

 

Gone in a day: Ethical hackers say it would take mere hours to empty your network

Once they’ve broken into an IT environment, most intruders need less than five hours to collect and steal sensitive data, according to a SANS Institute survey of more than 300 ethical hackers. The respondents also proved the old adage that it’s not “if” but “when.” Even if their initial attack vector fails, almost 38 percent indicated they can break into an environment “more often than not” by repeated attacks. Most SANS surveys focus on the defenders’ perspective – for example asking incident responders how long it took them to detect and respond to a cyberattack. This report, commissioned by offensive security firm Bishop Fox, aimed to “get into the mindset of someone who attacks an organization, and look at those metrics instead,” said author Matt Bromiley, digital forensics and incident response instructor at SANS.

Related Posts