“It’s highly likely that the absence of multi-factor authentication allowed attackers to circumvent the security measures of UnitedHealth Group’s [Change] Healthcare unit,” Aleem said. “Initial reports suggest that the attackers remained undetected in the environment for over a week and conducted lateral movement.” Aleem added: “It’s probable that the attackers left some traces, or ‘breadcrumbs’,…
Read More
Potential Attacks and Impact We stumbled upon the issues with cellular IoT devices during our “Hunt for IoT” research of devices that were infected by Mirai. Attackers know how to exploit these systems and are actively monitoring them. Sierra Wireless, one of the largest manufacturers of cellular IoT devices, issued a public statement describing how…
Read MoreBetteridge’s law of headlines is an adage that explains that “Any headline that ends in a question mark can be answered by the word no.”1 Back in March 2017, I asked “Will Deception as a Defense Become Mainstream?” No, deception hasn’t become mainstream yet. But, here and there, deception does poke its fingers into the…
Read MoreAttack Destination Ports The following ports in order of prevalence were targeted in the Singapore attacks: 5060 — clear text Session Initiation Protocol (SIP) 23 — Telnet remote management 1433 — Microsoft SQL Server database 81 — Alternate web server port for host-to-host communication 7547 — TCP port used by ISPs to remotely manage…
Read More
A zero-day vulnerability in CrushFTP was exploited in the wild against multiple U.S. entities prior to fixed versions becoming available as the vendor recommends customers upgrade as soon as possible. Background On April 19, CrushFTP published an advisory for a zero-day vulnerability in its file transfer tool which bears the same name. CVE Description CVSSv3…
Read More
The National Police Agency in South Korea issued an urgent warning today about North Korean hacking groups targeting defense industry entities to steal valuable technology information. The police discovered several instances of successful breaches of defense companies in South Korea involving the hacking groups Lazarus, Andariel, and Kimsuky, all part of the North Korean hacking…
Read MoreWith each entity, process or service that moves from the physical world into cyberspace, there is a corresponding transformation to the threat landscape. Digital transformation doesn’t just change the business model or the supply chain dynamic. It also introduces significant new threats that go beyond monitoring web traffic and securing networks. Those threats take a variety…
Read MoreFigure 2: Weblogic WLS-WSAT campaign attempting to download and execute the same Windows executable file This attempt to download the same file immediately indicated to us that the same attacker was using different exploits in the operation. Unfortunately, these files weren’t available to download from the original server nor from other malware repositories, so…
Read More
“The statement that came back to me from Broadcom was, ‘We appreciate that with these changes VMware is not for everybody,’” says Tom Smyth, head of technical solutions as Misco, a U.K.-based solution provider. “Everyone else can use it. Broadcom is not going to gear its decisions towards them anymore. … I can appreciate that.…
Read MoreIt’s up to everyone — users, security pros, government — to be critical about the online information we encounter. In the weeks since indictments were handed down from the ongoing investigation into Russia’s influence over the 2016 United States election, much has come to light. A picture has emerged of a massive global effort to…
Read More