Security Leftovers

posted by Roy Schestowitz on Mar 31, 2023,
updated Mar 31, 2023

• Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data

  An Azure Active Directory (AAD) misconfiguration leading to Bing.com compromise earned Wiz researchers a $40,000 bug bounty reward.

• Microsoft Defender mistakenly tagging URLs as malicious [Ed: No wonder Microsoft is finally layoff off its "security" divisions (deep cuts). Worthless snake oil.]

  Microsoft Defender is mistakenly flagging legitimate links as malicious, and some customers have already received dozens of alert emails since the issues began over five hours ago.

  As the company confirmed earlier today on Twitter, its engineers are investigating this service incident as a false positive.

• The "Vulkan Files": A Look Inside Putin's Secret Plans for Cyber-Warfare

  Elite hackers from Russia have their sights set on airports and power plants around the world, along with the internet. Confidential data from Moscow, obtained by DER SPIEGEL and its partners, now provide a look inside their arsenal of cyber-weapons and reveal their strategy.

• Russian Cyberwarfare Documents Leaked

  Now this is interesting:

  Thousands of pages of secret documents reveal how Vulkan's engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet.

  The company's work is linked to the federal security service or FSB, the domestic spy agency; the operational and intelligence divisions of the armed forces, known as the GOU and GRU; and the SVR, Russia's foreign intelligence organisation.

• Hackers Claim to Dox Russian 'War Criminal,' Convince His Wife to Do 'Patriotic Photoshoot'

  A group of Ukrainian hacktivists say they've hacked the accounts of a Russian colonel.

• Hackers infect popular 3CX communications application with malware

  Hackers have compromised 3CX, a popular videoconferencing and business phone management application used by more than 600,000 companies.

• 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component

  3CX confirms investigating a security breach as the cybersecurity community is sharing more information on what appears to be a sophisticated supply chain attack.

• Bypassing PowerShell Strong Obfuscation, (Thu, Mar 30th)

  Yesterday, I found a malicious PowerShell script that was heavily obfuscated.

• Report finds employees are storing sensitive information on personal devices

  A new report today from phishing protection company SlashNext Inc. finds that a majority of employees have sensitive work information on personal devices as "bring your own device" behavior continues to surge in popularity.

• Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks [Ed: The problem is the malware, not Linux, and the malware needs to get there somehow. Whereas with Windows the flaws are typically in the OS itself, unpatched for months if not years.]

  The recently identified Melofee Linux implant allowed Chinese cyberespionage group Winnti to conduct stealthy, targeted attacks.

• 500k Impacted by Data Breach at Debt Buyer NCB

  NCB Management Services is informing roughly 500,000 individuals of a data breach impacting their personal information.

• Unpatched Security Flaws Expose Water Pump Controllers to Remote [Cr]acker Attacks

  Water pumping systems made by ProPump and Controls are affected by several vulnerabilities that could allow hackers to cause significant problems.