16-Aug-23: In Security News Today

Mirai Common Attack Methods Remain Consistent, Effective

The Mirai botnet, known for driving large-scale distributed denial of service (DDoS) attacks, continues to be a significant threat. Despite minimal evolution, Mirai and its variants exploit vulnerabilities in IoT devices to create botnets for launching DDoS attacks. The common attack methods of Mirai, including UDP flood, SYN flood, and DNS Water Torture, remain effective and pose a danger to organizations, especially as the number of vulnerable IoT devices continues to grow. Defending against Mirai requires implementing specialized solutions to detect network anomalies and mitigate volumetric attacks.

Boards Don’t Want Security Promises — They Want Action

Cybersecurity professionals need to focus on demonstrating measurable and achievable ways to reduce risk in order to gain the attention and support of management boards. Emphasizing action and getting the basics right, such as asset management and patching, can lead to significant improvements. It is important to demonstrate the impact of actions, whether they result in immediate or long-term improvements, and to manage expectations around longer-term performance.

OpenNMS Vulnerability Allows Data Theft and Denial of Service Attacks

Maintainers of OpenNMS have patched a high-severity vulnerability in their network monitoring software that allows attackers to exfiltrate data, send arbitrary HTTP requests, and trigger denial-of-service conditions. The vulnerability, known as CVE-2023-0871, affects both the community-supported and subscription-based versions of OpenNMS and was discovered by researchers from Synopsys. Organizations using affected versions of the software are urged to update to the latest versions to mitigate the risk of exploitation.

Major Email Security Standards Prove Ineffective Against Malicious Emails

A report by security firm Cloudflare reveals that nearly 90% of malicious emails are able to bypass Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), or Domain-based Message Authentication, Reporting and Conformance (DMARC), as attackers use the same filters as legitimate users. While these email authentication standards have made it harder for attackers, they are not foolproof, as threat actors can easily set up a domain with the correct email authentication records to pass all necessary checks. Cybersecurity professionals are advised to take a layered approach to email security and consider the security of all communication channels, not just email.

Google Releases Quantum-Resilient FIDO2 Security Key Implementation

Google has released the first quantum-resilient FIDO2 security key implementation as part of its OpenSK project. The implementation leverages a hybrid signature scheme involving traditional elliptic-curve cryptography and CRYSTALS-Dilithium, a quantum scheme recently standardized by NIST. Google hopes that its implementation will be standardized and supported by all major web browsers to address the future threat of quantum attacks.

Ivanti Patches Critical Vulnerabilities in Avalanche Enterprise MDM Solution

Ivanti has released patches for seven critical- and high-severity vulnerabilities in its enterprise mobile device management (MDM) solution, Avalanche. The most severe vulnerability, CVE-2023-32563, is a directory traversal bug that allows remote code execution without authentication. Other vulnerabilities include stack-based buffer overflow bugs and authentication bypass flaws. Cybersecurity professionals should update to Avalanche version to mitigate these vulnerabilities.

QR Code Phishing Campaign Targets Top US Energy Company

A major US energy company has been targeted in a phishing campaign that used more than 1,000 emails with malicious QR codes aimed at stealing Microsoft credentials. The campaign, discovered by Cofense, used lures that spoofed Microsoft security alerts and claimed that recipients needed to update their account’s security settings. The campaign has seen a significant increase in volume since May and is spreading quickly, with QR codes being used for credential phishing.

Cleaning Products Giant Clorox Takes Systems Offline Following Cyberattack

Cleaning products manufacturer and marketer Clorox Company has taken certain systems offline after falling victim to a cyberattack. The affected systems remain offline as Clorox works on adding more protections and hardening measures to secure them. The company has informed law enforcement and is working with cybersecurity experts to investigate the attack and restore operations.

PowerShell Gallery Vulnerable to Typosquatting and Package-Management Attacks

Researchers have identified vulnerabilities in PowerShell Gallery, the central repository for PowerShell modules and scripts. The report highlights that PowerShell Gallery lacks package name and ownership protections, making it susceptible to typosquatting attacks. Additionally, the researchers found that unlisted packages containing sensitive information can still be accessed. They recommend implementing a strict package naming policy, enforcing the execution of signed scripts, using trusted private repositories, regularly scanning for sensitive data, and implementing a robust continuous monitoring system to mitigate these vulnerabilities.

The State of Credential Theft in 2023

Credential theft continues to be a major issue in 2023, with 83% of breaches involving external actors and 49% of those breaches involving stolen credentials, according to the 2023 Verizon Data Breach Investigations Report. Users are often the weak link in these attacks, as threat actors use social engineering techniques to trick them into giving up their credentials. Stolen credentials are being sold on online black markets, making it difficult to detect and remove them. IT security teams should focus on implementing tools that can detect compromised passwords and educate users on creating stronger passwords to protect against credential theft.

Lessons Learned from the Russian Attack on Viasat

Viasat representatives at the Black Hat and DEF CON conferences shared details about the Russian cyber attack that shut off tens of thousands of satellite broadband modems in Ukraine. The attack involved unauthorized access, reconnaissance, and the deployment of a wiper toolkit that wiped the flash memory of the modems, rendering them inoperable. Lessons learned from the incident include the importance of practicing incident response, sharing information with stakeholders, and understanding what constitutes normal behavior on a network.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.