Tag Archive for: Exchange

Microsoft Exchange Server Has a Zero-Day Problem

/in


There were global ripples in tech policy this week as VPN providers were forced to pull out of India as the country’s new data collection law takes hold, and UN countries prepare to elect a new head of the International Telecommunications Union—a key internet standards body.

After explosions and damage to the Nord Stream gas pipeline that runs between Russia and Germany, the destruction is being investigated as deliberate, and a complicated hunt is on to identify the perpetrator. And still-unidentified hackers are “hyperjacking” victims to grab data using a long-feared technique for hijacking virtualization software.

The notorious Lapsus$ hackers have been back on their hacking joyride, compromising massive companies around the world and delivering a dire but important warning about how vulnerable large institutions really are to compromise. And the end-to-end-encrypted communication protocol Matrix patched serious and concerning vulnerabilities this week.

Pornhub debuted a trial of an automated tool that pushes users searching for child sexual abuse material to seek help for their behavior. And Cloudflare rolled out a free Captcha alternative in an attempt to validate humanness online without the headache of finding bicycles in a grid or deciphering blurry text.

We’ve got advice on how to stand up to Big Tech and advocate for data privacy and users’ rights in your community, plus tips on the latest iOS, Chrome, and HP updates you need to install.

And there’s more. Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

On Thursday night, Microsoft confirmed that two unpatched Exchange Server vulnerabilities are actively being exploited by cybercriminals. The vulnerabilities were discovered by a Vietnamese cybersecurity company named GTSC, which claims in a post on its website that the two zero-days have been used in attacks against its customers since early August. While the flaws only impact on-premise Exchange Servers that an attacker has authenticated access to, according to GTSC, the zero-days can be chained together to create backdoors into the vulnerable server. “The…

Source…

North Korean hackers are targeting this huge crypto exchange

/in


North Korean hackers are attempting to lure in cryptocurrency experts via bogus job offers for crypto exchange platform Coinbase.

As reported by Bleeping Computer, a campaign orchestrated by the well known North Korean Lazarus hacking group has been uncovered, and its target is those involved in the increasingly popular fintech (financial technology) industry.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

In what is clearly part of a social engineering attack, the hacking group engages in conversation with targets through LinkedIn, which ultimately culminates in a job offer being presented to the potential victim.

Coinbase is a leading cryptocurrency exchange company, so, at face value, many who are not privy to the attack will naturally be interested in adding them to their resumes. However, if the attack were to succeed, then the consequences could lead to untold amounts of crypto wallets being seized and stolen.

Hossein Jazi, who works as a security researcher at internet security firm Malwarebytes and has been analyzing Lazarus since February 2022, said individuals from the cybergang are masquerading as employees from Coinbase. The scam attracts potential victims by approaching them to fill the role of “Engineering Manager, Product Security.”

If that individual falls for the fake job offer, then they’ll eventually be given instructions to download a PDF explaining the job in full. However, the file itself is actually a malicious executable utilizing a PDF icon to trick people.

The file itself is called “Coinbase_online_careers_2022_07.exe,” which seems innocent enough if you didn’t know any better. But while it opens a fake PDF document created by the threat actors, it also loads malicious DLL codes onto the target’s system.

A fake job offer for Coinbase in the form of a PDF.
Bleeping Computer/@h2jazi

After it’s successfully deployed onto the system, the malware will then make use of GitHub as a central command center in order to receive commands, after which it has free rein to carry out attacks on devices that have been breached.

U.S. intelligence services have previously issued warnings regarding Lazarus’ activity in issuing cryptocurrency wallets and investment apps infected with trojans, effectively allowing them to steal private…

Source…

Charles Schwab to Launch Crypto-Themed ETF on New York Stock Exchange

/in


After being dubious of crypto for some years, Charles Schwab will launch its Schwab Crypto Thematic Index next week.

The fund, which will trade on the New York Stock Exchange Arca under the STCE ticker, will offer indirect exposure to the “crypto ecosystem,” Schwab Asset Management, the investment arm of the Charles Schwab Corporation, said in a statement.  

Schwab’s prospectus, which the firm filed with the U.S. Securities and Exchange Commission on Friday, says in bold type that the new fund “will not invest in cryptocurrency or digital assets directly.” 

Rather, at least 80% of the fund’s assets will be invested in securities, like shares of companies that have a stake in crypto. For example, the prospectus said the fund currently has 44% of its assets invested in software companies and another 41% in the diversified financials sector.

“STCE can offer more targeted exposure to cryptocurrency-focused companies compared to blockchain technology ETFs, which may have significant exposure to multi-national companies involved in blockchain (e.g., Amazon, IBM, Mastercard, and others),” David Botnet, Schwab’s head of equity product management, told Decrypt in an email.

The fund will have an annual fund operating expense of 0.30%, which works out to be $3 per $1,000 invested. That means it’ll have “the lowest cost crypto-related ETF available to investors today,” the company said in the announcement.

For comparison’s sake, the Bitwise Crypto Industry Innovators ETF (BITQ) charges 0.85% and VanEck, which just filed a new spot Bitcoin ETF application, charges 0.50% on its Digital Transformation ETF (DAPP).

It’s a bid to eke out an advantage while being late to the field. Schwab has trailed behind its traditional finance competitor, Fidelity, for a few years now.

In 2019, Charles Schwab CEO Walt Bettinger was dismissive of crypto, calling it too “speculative.” Meanwhile, in 2019, Fidelity had just been granted a charter to operate its Fidelity Digital Asset Services as a limited liability trust company in New York State.

Then, at the start of 2022, Schwab’s Bettinger told The Dallas Morning News that he thinks there’s “a tremendous void” in…

Source…

Uganda Security Exchange Caught Leaking 32GB of Sensitive Data

/in


Apart from personal and financial records, the data also included plain-text login credentials including usernames and passwords of customers and businesses using the Easy Portal of the Uganda Security Exchange.

The Uganda Securities Exchange (USE) aka principal stock exchange in Uganda has been caught leaking highly sensitive financial and sensitive data of its customers and business entities across the globe.

This was revealed to Hackread.com by Anurag Sen, a prominent IT security researcher who has been known for identifying exposed servers and alerting relevant authorities before it’s too late. Anurag is the same researcher who discovered Australian trading giant ACY Securities to be exposing 60GB worth of data earlier this month.

What Happened

It all started with Anurag scanning for misconfigured databases on Shodan and noted a server exposing more than 32GB worth of data to public access. According to Anurag, the server belonged to the Uganda Security Exchange’s Easy Portal. For your information, Easy Portal is an online self-service portal that lets users and trading entities view stock performance, view statements, and monitor their account balance.

“There are other ports running on the server which opened the link to the bank of Baroda – which is Indian based company operating in Uganda. Also, it is registered under the Uganda security exchange.”

Anurag told Hackread.com

What Data was Leaked

Upon further digging into the humongous dataset Anurag concluded that the exposed records were of sensitive nature. The worse part of the data leak is the fact that the server was left exposed without any security authentication.

This means anyone with a slight bit of knowledge about finding unsecured databases on Shodan and other such platforms would have complete access to USE’s data including the following:

  • Full Name
  • Usernames
  • Full Address
  • Date of Birth
  • Access tokens
  • Phone Number
  • Email Address
  • Plaintext passwords
  • ID number of Users
  • Bank details including ID, and account number
  • Details on Foreign citizens and companies including citizens based in Uganda

The screenshot below shows the type of data exposed by the USE:

Image provided to…

Source…