House Armed Services chair calls national security software, systems ‘too vulnerable’
In a story we have heard from many similar sources, the chairman of the House Armed Services Committee, Adam Smith, said Tuesday that the United States needs to invest far more in protecting national security communications and software. “Our number one biggest vulnerability in the cyber world is we have systems that are too vulnerable to attack right now because they’re old and we just haven’t updated those systems. Rather than buying another how many ever F-35s [combat planes] … I’d rather pour that money into developing the JADC2 [Joint All-Domain Command and Control] vision of a secure communication system that we can protect.”
Microsoft Office 365 AutoSave can assist cloud ransomware attacks
Security researchers at Proofpoint are warning that threat actors could hijack Office 365 accounts to encrypt files stored in SharePoint and OneDrive and hold them for ransom. The attack relies on abusing the AutoSave feature that creates cloud backups of files being edited. The actors access the files through phishing or malicious OAuth apps. They then use a trick of locking the files and making recovery more difficult by reducing the version numbering limit and encrypting all files more than that limit.
OMIGOD! There’s more to OMIGOD
Researchers from Wiz, who previously found four serious flaws in Azure’s Open Management Infrastructure (OMI) which they “OMIGOD,” presented some related news at RSA. Pretty much every cloud provider is installing similar software “without customer’s awareness or explicit consent.” They say this comes in the form of middleware that bridges customer VMs and the provider’s other managed services. They are needed to enable advanced VM features like log collection, automatic updating, and configuration syncing, but they also add new potential attack surfaces that, because customers don’t know about them, can’t be defended against. Wiz has published a GitHub page with a list of 12 agents installed secretly, just like OMI, on Azure, AWS, and Google Cloud, but says there are likely many more.
Facebook Messenger scam dupes millions, makes millions
A well-crafted phishing message sent through Facebook Messenger has caught 10 million Facebook users so far. This scam has lasted for months, as we reported back on February 1. The scam continues to push victims to a fake Facebook login page where they submit their Facebook credentials. The scam uses a series of redirects which look legitimate and fool Facebook’s blocking features. Researchers at PIXM estimate there have been nearly 400 million U.S.-based page views of the exit page, which may have generated $59M from Q4 2021 to the present for the threat actors.
Thanks to today’s episode sponsor, Datadog
Blue Mockingbird exploits three-year-old Telerik flaws to deploy Cobalt Strike
A threat actor known as ‘Blue Mockingbird’ is targeting Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources. The group exploits a flaw with the CVE number 2019-18935, a 9.8 level severity that leads to remote code execution in the Telerik UI library for ASP.NET AJAX. The same threat actor has targeted vulnerable Microsoft IIS servers that used Telerik UI in May 2020, a year since the vendor released security updates. Sophos researchers reported yesterday that Blue Mockingbird is still leveraging the same flaw to launch these cyberattacks.
Unprotected Elasticsearch server leaks a million customer’s records
Researchers at Safety Detectives claim they’ve found almost two billion records that describe the affairs of a million people, openly available on an Elasticsearch server run by Malaysian point-of-sale software vendor StoreHub. The information includes names, addresses, email addresses and point-of-sale device types used by its customers, as well as partially masked credit card information. StoreHub did not respond to initial warnings from SafetyDetectives, but quickly patched the vulnerability once AWS and Malaysia’s Computer Emergency Response Team were alerted.
INTERPOL raids hundreds of scammy call centers in sweep
The sweep involved more than 1,770 call centers and resulted in the arrests of 2,000 suspected scammers and money launderers, INTERPOL announced on Wednesday. The two-month operation between March and May involved 76 countries and also intercepted $50 million worth of stolen funds. Their focus was on business email compromise, romance and job offer scams.
Heineken says there’s no free beer, warns of phishing scam
The brewing company Heineken has confirmed that a Father’s Day contest circulating on WhatsApp, which promises a chance to win one of 5,000 coolers full of their beer is a fraud. They are asking people not to click on the link that connects to the fake contest’s website. The website page asks visitors for their personal information, such as names, email addresses, and phone numbers.