Networking equipment maker Cisco Systems has rolled out patches to address three critical security vulnerabilities in its IOS XE network operating system that remote attackers could potentially abuse to execute arbitrary code with administrative privileges and trigger a denial-of-service (DoS) condition on vulnerable devices.
Apple on Thursday released security updates to fix multiple security vulnerabilities in older versions of iOS and macOS that it says have been detected in exploits in the wild, in addition to expanding patches for a previously plugged security weakness abused by NSO Group’s Pegasus surveillance tool to target iPhone users.
In the case of the Port of Houston, the unidentified hackers broke into a web server somewhere at the complex using a previously unidentified vulnerability in password management software at 2:38 p.m. UTC on August 19, according to the Coast Guard report. The intruders then planted malicious code on the server, which allowed further access to the IT system. Beginning about 90 minutes after the initial breach, the hackers stole all of the log-in credentials for a type of Microsoft software that organizations use to manage passwords and access to their networks, according to the report. Minutes later, cybersecurity staff at the port isolated the hacked server, “cutting off unauthorized access to the network,” the advisory said.
Attackers are exploiting the same types of software vulnerabilities over and over again, because companies often miss the forest for the trees. And cybercriminals, too, have used zero-day attacks to make money in recent years, finding flaws in software that allow them to run valuable ransomware schemes. “Financially motivated actors are more sophisticated than ever,” Semrau says. “One-third of the zero-days we’ve tracked recently can be traced directly back to financially motivated actors. So they’re playing a significant role in this increase which I don’t think many people are giving credit for.”
Apple has released security updates to fix a zero-day vulnerability exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions.
Apple on Thursday confirmed a new zero-day exploit hitting older iPhones and warned that the security vulnerability also affects the macOS Catalina platform.
Tiny houses might have lost some of their luster in the COVID era, but a reimagined future for remote work might call for tiny offices.
The vote is seen as mostly a win for President Joe Biden, whose administration has said it wants to give booster shots to all eligible Americans 16 and older as early as this week. While the CDC panel’s recommendation doesn’t give the Biden administration everything it wanted, boosters will still be on the way for millions of Americans. The endorsement comes a day after the Food and Drug Administration granted emergency use authorization to administer third Pfizer shots to many Americans six months after they complete their first two doses. While the CDC’s panel’s recommendation isn’t binding, Director Dr. Rochelle Walensky is expected to accept the panel’s endorsement shortly.
Written by Tim Starks
The US Agriculture industry is only the latest victim of ransomware attacks – highlighting yet again the susceptibility of our supply chain to devastating cyber attacks. Considering recent cyber attacks on the water supply we need to rethink our conception of which industries and types of companies are at risk.
Apple has released security updates to fix three zero-day vulnerabilities exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions.
Researchers have been able to get hold of 372,072 Windows domain credentials, including 96,671 unique credentials, in slightly over 4 months by setting up a Microsoft Exchange server and using Autodiscover domains.
The credentials that are being leaked are valid Windows domain credentials used to authenticate to Microsoft Exchange servers.
What is Autodiscover?
From Microsoft’s site we learn that “the Autodiscover service minimizes user configuration and deployment steps by providing clients access to Exchange features. For Exchange Web Services (EWS) clients, Autodiscover is typically used to find the EWS endpoint URL. However, Autodiscover can also provide information to configure clients that use other protocols. Autodiscover works for client applications that are inside or outside firewalls and in resource forest and multiple forest scenarios”.
Which boils down to a feature of Exchange email servers that allows email clients to automatically discover email servers, provide credentials, and then receive proper configurations. Designed to make the user’s life easier while forgetting that such designs need to be done with security in mind. Because cybercriminals love such features and use them for their own purposes.
How can it be abused?
The protocol’s goal is to make an end-user be able to completely configure their Outlook client solely by providing their username and password and leave the rest of the configuration to Microsoft Exchange’s Autodiscover protocol.
To accomplish this the Autodiscover protocol looks for a valid Autodiscover URL in these formats, where the
example.com is replaced by the domain name (the part after the @) in the users’s email address:
https://autodiscover.example.com/Autodiscover/Autodiscover.xml http://autodiscover.example.com/Autodiscover/Autodiscover.xml https://example.com/Autodiscover/Autodiscover.xml http://example.com/Autodiscover/Autodiscover.xml
An unpatched design flaw in the implementation of Microsoft Exchange’s Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide.
As part of our strategy to enhance application awareness for SecOps practitioners, our new Secure Firewall Application Detectors portal, https://appid.cisco.com, provides the latest and most comprehensive application risk information available in the cybersecurity space. This advance is important because today’s applications are not static.
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
OS command injection occurs when the application uses user input (which isn’t escaped or sanitized) as part of a command that’s run against the host’s operating system.
Cyber Risk Quantification needs to be the strategy driving your cybersecurity roadmap and priorities starting now. Breaches are getting worse, ransomware can cripple your business, and the financial impacts can last years. By looking at the financial impacts of recent high-profile breaches such as Colonial Pipeline or SolarWinds, we can plainly see that the traditional methods of risk assessment are no longer effective; measures such as compliance mandates and maturity models have a purpose, but solely relying on them is no longer sufficient to render the best possible business decisions around cyber security. Relying solely on the traditional qualitative approaches, security scoring or stop light methods in today’s climate will continue to leave you exposed. Making better, data-driven decisions to avoid these costly attacks has to be our focus and this is where Axio’s Cyber Risk Quantification can make the difference.