IT Security Newsletter

IT Security Newsletter - 9/22/2021

Written by Cadre | Wed, Sep 22, 2021

Microsoft Exchange Autodiscover bugs leak 100K Windows credentials

Bugs in the implementation of Microsoft Exchange's Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide. In a new report by Amit Serper, Guardicore's AVP of Security Research, the researcher reveals how the incorrect implementation of the Autodiscover protocol, rather than a bug in Microsoft Exchange, is causing Windows credentials to be sent to third-party untrusted websites. READ MORE...

Turla APT Plants Novel Backdoor In Wake of Afghan Unrest

The Turla advanced persistent threat (APT) group is back with a new backdoor used to infect systems in Afghanistan, Germany and the U.S., researchers have reported. On Tuesday, Cisco Talos researchers said that they've spotted infections they attributed to the Turla group (aka Snake, Venomous Bear, Uroburos and WhiteBear) - a Russian-speaking APT. Those attacks are "likely" using a stealthy, "second-chance" backdoor to maintain access to infected devices, they noted. READ MORE...

Malicious PowerPoint Documents on the Rise

McAfee Labs have observed a new phishing campaign that utilizes macro capabilities available in Microsoft PowerPoint. In this campaign, the spam email comes with a PowerPoint file as an attachment. Upon opening the malicious attachment, the VBA macro executes to deliver variants of AgentTesla which is a well-known password stealer.?These spam emails purport to be related to financial transactions. READ MORE...

Netgear fixes dangerous code execution bug in multiple routers

Netgear has fixed a high severity remote code execution (RCE) vulnerability found in the Circle parental control service, which runs with root permissions on almost a dozen modern Small Offices/Home Offices (SOHO) Netgear routers. While one would expect the attack vector exposed by Circle security flaw (tracked as CVE-2021-40847) would be removed after the service is stopped, the Circle update daemon containing the bug is enabled by default and it can be exploited even if the service is disabled. READ MORE...

Apple users warned: Clicking this attachment will take over your macOS

A code execution bug in Apple's macOS allows remote attackers to run arbitrary commands on your device. And the worst part is, Apple hasn't fully patched it yet, as tested by Ars. Independent security researcher Park Minchan has discovered a vulnerability in the macOS that lets threat actors execute commands on your computer. Shortcut files that have the inetloc extension are capable of embedding commands inside. The flaw impacts macOS Big Sur and prior versions. READ MORE...

VMware Calls Attention to High-Severity vCenter Server Flaw

Cloud computing and virtualization technology giant VMware on Tuesday shipped an urgent security patch for a flaw in its vCenter Server product and warned users to expect public exploit code within minutes of disclosure. "Time is of the essence," VMware said in a note calling attention to CVE-2021-22005, a file upload bug in the vCenter Server Analytics service. READ MORE...

Decade-Old Adobe ColdFusion Vulnerabilities Exploited by Ransomware Gang

Two ColdFusion vulnerabilities patched by Adobe more than a decade ago have been exploited by threat actors in a recent attack, according to cybersecurity firm Sophos. Sophos recently investigated an attack where an unknown threat actor deployed the Cring ransomware on the systems of an unnamed services company. The attack started with the attacker scanning the web for potential targets and identifying a vulnerable ColdFusion installation on the victim's website. READ MORE...

  • ...in 1789, the office of United States Postmaster General is established.
  • ...in 1958, rock musician Joan Jett ("I Love Rock 'n' Roll", "Bad Reputation") is born in Wynnewood, PA.
  • ...in 1961, President John F. Kennedy signs legislation establishing the Peace Corps as a permanent government agency.
  • ...in 1991, the Dead Sea Scrolls are made available to the public for the first time.