Microsoft Exchange under attack with ProxyShell flaws
CISA is warning of active exploitation attempts that leverage the latest line of “ProxyShell” Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. The vulnerabilities enable adversaries to bypass ACL controls and elevate privileges on the Exchange PowerShell backend, effectively permitting the attacker to perform unauthenticated, remote code execution. The development comes a little over a week after cybersecurity researchers sounded the alarm on opportunistic scanning and exploitation of unpatched Exchange servers by leveraging the ProxyShell attack chain.
Australians hit by ‘Flubot’ malware that arrives by text message
Flubot is a type of malware targeting Android users, but iPhone users can also receive the messages, which tell the receiver they missed a call or have a new voicemail, providing a fake link to listen. The link goes to a page that tells users to install software on the phone to hear the message. This gives the attackers have access to credit card details, personal information, the ability to intercept SMS messages, open browser pages and capture other information held in the phone. The malware also gives the attacker access to a user’s contact list, and potential new targets. Flubot was prevalent in Spain in the spring of this year.
Cyberattack hits State Department
The U.S. State Department was recently hit by a cyberattack, and the Department of Defense Cyber Command might have suffered a serious breach. The incident was confirmed by a Reuters’ source, but it added that the attack did not impact the operations of the State Department, including its current mission to evacuate Americans and allied refugees from Afghanistan. A report published by the Senate Homeland Security committee earlier this month rated the State Department’s overall information security a ‘D’, the lowest possible rating in the model, calling it ineffective in 4 of 5 function areas.
Microsoft shares guidance on securing Windows 365 Cloud PCs
The guidance is broken down into actions customers can take to secure Cloud PCs enrolled in Windows 365 Business and Windows 365 Enterprise subscription plans. Cloud PCs are also provisioned with Defender plus a gallery image that delivers cumulative updates for Windows 10 through Windows Update for Business. Some of the specifics of this guidance highlight circumstances, where end users are automatically granted local admin rights, IT admins are advised to follow standard IT security practices to set each user as standard users on their devices using Microsoft Endpoint Manager.
Thanks to our episode sponsor, Privacy.com
T-Mobile adds more to their breach numbers, while AT&T denies they were hacked
Following up on a story we brought you last week, T-Mobile has now upped their estimate of affected accounts from their recent cyberattack to 54 million. Meanwhile, AT&T is denying suffering a breach, after a threat actor known as ShinyHunter put up what was claimed to be an AT&T customer database containing information on 70 million customers. AT&T has said the data is not from their systems and has not recently been breached. While ShinyHunter states that they have not yet contacted AT&T, they said they are willing to “negotiate” with the company.
More Than 600 ICS flaws spotted in H1 2021
The vulnerabilities in Industrial Control Systems marks an increase of 41% year over year, and directly impacts 76 vendors. The most affected manufacturers were Siemens with 146 vulnerabilities, followed by Schneider Electric, Rockwell Automation, WAGO, and Advantech. An important point is that the list of affected manufacturers also includes 20 companies whose products were not affected by any of the bugs reported last year. Most of the vulnerabilities were critically or highly rated and constituted a severe danger to industrial control systems, and the the majority of the vulnerabilities, 90%, were discovered to be exploitable without the need for any specialized knowledge.
Toyota and VW to cut global production due to chip shortage
The world’s biggest carmaker had planned to make almost 900,000 cars next month, but has now reduced that by 40% to 540,000 vehicles. Volkswagen, the world’s second-biggest car producer, has warned it may also be forced to cut output further. This due to a chip shortage blamed on the Covid pandemic, which boosted demand for appliances that use chips, such as phones, TVs and games consoles. The CEO of chipmaker Intel, Pat Gelsinger, said the worst of the global chip crisis was yet to come, and the shortage has prompted US President Joe Biden to sign an executive order to seek $37bn in funding for legislation to increase chip manufacturing in the US.
(BBC)
BlackBerry faces backlash by failing to go public with vulnerability
BlackBerry whose OS is installed across a multitude of industries, including critical infrastructure, the US federal government, automotive, industrial controls, and medical devices, has finally issued an advisory regarding the BadAlloc bug, four months after it had been discovered by Microsoft, and after much pressure from CISA. Following the release of the BlackBerry advisory, CISA issued its own advisory and duly highlighted the need to mitigate across government agencies and the nation’s critical infrastructure companies, to include those involved with the US Coast Guard and the US Nuclear Regulatory Commission. The unpatched vulnerability was not only affecting industrial controls and automotive applications, it was also affecting a plethora of medical devices. It remains to be seen whether the FDA will weigh in with fines and other administrative actions given the vulnerability left unpatched or mitigated devices within the healthcare sector.