Posts

‘OMIGOD’ Microsoft Azure vulnerabilities expose users to hacking

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


A range of recently revealed vulnerabilities in Microsoft Corp.’s Azure remain vulnerable to exploitation as customers may be required to apply the patch manually.

Dramatically dubbed OMIGOD by researchers at Wiz Inc. in a notice Tuesday, the vulnerabilities relate to the Open Manage Infrastructure agent that’s deployed when Azure users set up a Linux virtual machine in the cloud and enable certain Azure services. Attackers can use the four vulnerabilities to obtain root privileges and execute malicious code, including ransomware with file encryption.

According to Sophos, one of the vulnerabilities is a bug that boils down to “a laughably easy trick” because it requires no password. Rather than guessing a valid authentication token to insert into a fraudulent OMI web request, simply omitting all mention of the authentication token delivers access.

The vulnerabilities affect users of Azure services, including Automation, Automatic Update, Operations Management Suite, Log Analytics, Configuration Management, Diagnostics and Container Insights.

In a typical case of vulnerabilities being revealed, particularly with cloud-based services, patches would be applied, but this is not a typical case. Microsoft offered a patch in August, but Azure services remain exposed.

The problem is that users may have to apply the patches themselves, even though the issue resides in Azure Linux installs. Complicating the matter further, many users may not be aware that they have OMI installed, since it’s installed when users add one of those Azure services.

The Wiz researchers conservatively estimate that thousands of Azure customers and millions of endpoints are affected. Further, they noted, it might not just be those using Azure who are affected, since OMI is also independently installed on other Linux machines and is often used on-premises.

“Management agents like OMI are part of the overall attack surface for a deployed system and as such need to be accounted for within the threat models associated with the application,” Tim Mackey, principal security strategist at electronic designed automation firm Synopsys Inc.’s Cybersecurity Research Center, told SiliconANGLE.

“Put…

Source…

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans.

That’s according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top threats and vulnerabilities affecting the operating system in the first half of 2021, based on data amassed from honeypots, sensors, and anonymized telemetry.

The company, which detected nearly 15 million malware events aimed at Linux-based cloud environments, found coin miners and ransomware to make up 54% of all malware, with web shells accounting for a 29% share.

Stack Overflow Teams

In addition, by dissecting over 50 million events reported from 100,000 unique Linux hosts during the same time period, the researchers found 15 different security weaknesses that are known to be actively exploited in the wild or have a proof of concept (PoC) —

  • CVE-2017-5638 (CVSS score: 10.0) – Apache Struts 2 remote code execution (RCE) vulnerability
  • CVE-2017-9805 (CVSS score: 8.1) – Apache Struts 2 REST plugin XStream RCE vulnerability
  • CVE-2018-7600 (CVSS score: 9.8) – Drupal Core RCE vulnerability
  • CVE-2020-14750 (CVSS score: 9.8) – Oracle WebLogic Server RCE vulnerability
  • CVE-2020-25213 (CVSS score: 10.0) – WordPress File Manager (wp-file-manager) plugin RCE vulnerability
  • CVE-2020-17496 (CVSS score: 9.8) – vBulletin ‘subwidgetConfig’ unauthenticated RCE vulnerability
  • CVE-2020-11651 (CVSS score: 9.8) – SaltStack Salt authorization weakness vulnerability
  • CVE-2017-12611 (CVSS score: 9.8) – Apache Struts OGNL expression RCE vulnerability
  • CVE-2017-7657 (CVSS score: 9.8) – Eclipse Jetty chunk length parsing integer overflow vulnerability
  • CVE-2021-29441 (CVSS score: 9.8) – Alibaba Nacos AuthFilter authentication bypass vulnerability
  • CVE-2020-14179 (CVSS score: 5.3) – Atlassian Jira information disclosure vulnerability
  • CVE-2013-4547 (CVSS score: 8.0) – Nginx crafted URI string handling access restriction bypass vulnerability
  • CVE-2019-0230 (CVSS score: 9.8) – Apache Struts 2 RCE vulnerability
  • CVE-2018-11776 (CVSS score: 8.1) -…

Source…

Hackers ‘Abusing’ Microsoft Exchange Server Vulnerabilities: Huntress

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Threat researcher Huntress is warning MSPs of on-premise Microsoft Exchange Server ProxyShell vulnerabilities that could be exploited by cybercriminals as early as this weekend.

Huntress has seen 140-plus webshells on Microsoft Exchange Server 2013, 2016, and 2019. The threat researcher said it has uncovered 1,900 plus unpatched boxes in 48 hours.

“Attackers are actively scanning for vulnerable Microsoft Exchange servers and abusing the latest line of Microsoft Exchange vulnerabilities that were patched earlier this year,” said Huntress threat hunter John Hammond in a blog posted Thursday.

The Exchange Server on-premise alert comes just five months after Huntress alerted MSPs to the scope and scale of a blockbuster Microsoft Exchange on premises breach that was initiated by Chinese state sponsored hackers.

At that time, the Elliott City, Maryland-headquartered Huntress revealed that the scope and scale of the on premise Exchange server exploit was much greater than Microsoft initially indicated.

“Back in March of this year, we saw multiple zero-day exploits being used to attack on-premises Exchange servers—and it looks like we’re not out of the woods yet,” said Hammond in Thursday’s blog post. “Those who have not patched since April or May are not safe and could still be exploited.”

Huntress is recommending that MSPs update the latest security patch, “monitor for new indicators of compromise and stay up to date on new information as it is released.” Huntress has promised to update the latest post with new findings as it gets them.

Hackers are exploiting vulnerabilities in ProxyShell to “install a backdoor for later access and post-exploitation,” said Hammond. “This ProxyShell attack uses three chained Exchange vulnerabilities to perform unauthenticated remote code execution.”

A Microsoft spokesperson said that “customers who have applied the latest updates are already protected against these vulnerabilities.”

Michael Goldstein, CEO of LAN Infotech, a Fort Lauderdale, Fla., solution provider, said the Exchange server on premise attack is another sign of the relentless pace of cyber attacks.

“This is exasperating,” he said. “This ongoing…

Source…

CheckMe: FREE and Instant Network Security Assessment | Cyber Security Scan