The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a bulletin warning of a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus deployments that is currently being actively exploited in the wild.
The flaw, tracked as CVE-2021-40539, concerns a REST API authentication bypass that could lead to arbitrary remote code execution (RCE). ADSelfService Plus builds up to 6113 are impacted.
Biden Announces Cybersecurity Initiative Partnership
On August 25, 2021, US President Biden met with various leaders from the private and education sectors, discussing the effort needed to address growing cybersecurity threats in America.
Cybersecurity is a “national security and economic security imperative” that the current Administration is prioritizing like never before. Apart from the May 2021 Executive Order that modernizes Federal Government defenses and improves security technology, Biden also issued a National Security memo to establish voluntary cybersecurity goals for owners and operators of critical infrastructure.
TeamTNT With New Campaign AKA “Chimaera”
AT&T Alien Labs™ has discovered a new campaign by threat group TeamTNT that is targeting multiple operating systems and applications. The campaign uses multiple shell/batch scripts, new open source tools, a cryptocurrency miner, the TeamTNT IRC bot, and more.
Alien Labs research indicates the command and control (C&C) server used in this newly discovered campaign contains infection statistics that suggest TeamTNT has been running this campaign since July 25, 2021, and that it is responsible for thousands of infections globally.
Attacker Releases Credentials for 87,000 Fortigate SSL VPN Devices
Fortinet has warned that 87,000 sets of credentials for FortiGate SSL VPN devices have been published online.
The California-based cybersecurity firm said on Wednesday that it is aware of the disclosure, and after investigating the incident, has come to the conclusion that the credentials have been obtained by exploiting CVE-2018-13379.
CVE-2018-13379 is a known security flaw impacting the FortiOS SSL VPN web tunnel software’s portal. The bug was patched and a fix was released in 2019, including two-factor authentication mitigation. However, close to two years on, the vulnerability has now come back to the fore with the release of stolen credentials online.
Ukrainian Hacker Extradited After Allegedly Sold Thousands of Passwords on the Dark Web
On Wednesday, Acting United States Attorney Karin Hoppmann announced the extradition of a 28-year old Ukrainian cybercriminal named Glib Oleksandr Ivanov-Tolpintsev. The U.S. has charged him for using a malware botnet to conduct brute-force attacks meant to decrypt multiple computer login credentials simultaneously.
Following the attack, Ivanov-Tolpintsev allegedly sold the login credentials through an unnamed online marketplace on the dark web that specializes in selling and purchasing stolen login credentials.
Yandex Is Under the Largest DDoS Attack in the History of Runet
The Russian internet service provider Yandex is under a massive distributed denial-of-service (DDoS) attack that began last week.
The Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian Internet designed to be independent of the world wide web and ensure the resilience of the country to an internet shutdown.
Malware Droppers for Hire Targeting Users on Fake Pirated Software Sites
Some fake piracy websites have also been found distributing Crypto Bot and Raccoon Stealer malware in cracked software.
Sophos Labs’ security researchers have published a report on the emerging new threat of droppers-as-a-service. According to their research, droppers for hire are installing unwanted content and malware on devices of those who use cracked software of popular business/consumer applications.
Read more Cyber Security News at https://que.com/tag/cybersecurity
Photo from TheHackerNews.com