One Article Review
| Source |  Anomali |
|---|---|
| Identifiant | 2742391 |
| Date de publication | 2021-05-04 15:25:00 (vue: 2021-05-05 15:05:39) |
| Titre | Anomali Cyber Watch: Microsoft Office SharePoint Servers Targeted with Ransomware, New Commodity Crypto-Stealer and RAT, Linux Backdoor Targeting Users for Years, and More |
| Texte | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Data Theft, Backdoor, Ransomware, Targeted Ransomware Attacks and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Python Also Impacted by Critical IP Address Validation Vulnerability
(published: May 1, 2021)
Researchers have recently discovered that a bug previously discovered in netmask (a tool to assist with IP address scoping) is also present in recent versions of Python 3. The bug involves the handling of leading zeroes in decimal represented IP addresses. Instead of interpreting these as octal notation as specified in the standard, the python ipaddress library strips these and interprets the initial zero and interprets the rest as a decimal. This could allow unauthenticated remote attackers to perform a number of attacks against programs that rely on python's stdlib ipdaddress library, including Server-Side Request Forgery (SSRF), Remote File Inclusion (RFI), and Local File Inclusion (LFI).
Analyst Comment: Best practices for developers include input validation and sanitization, which in this case would avoid this bug by validating or rejecting IP addresses. Additionally regular patch and update schedules will allow for rapid addressing of bugs as they are discovered and patches delivered. Proper network monitoring and policies are also an important part of protecting against these types of attacks.
Tags: CVE-2021-29921, python
Codecov Begins Notifying Affected Customers, Discloses IOCs
(published: April 30, 2021)
Codecov has disclosed multiple IP addresses as IOCs that were used by the threat actors to collect sensitive information (environment variables) from the affected customers. The company disclosed a supply-chain breach on April 15, 2021, and has now begun notifying customers. The breach went undiscovered for 2 months, and leveraged the Codecov Bash Uploader scripts used by a large number of projects.
Analyst Comment: In light of the increasing frequency and sophistication of supply chain attacks, companies should carefully audit, examine, and include in their threat modelling means of mitigating and detecting third party compromises. A resilient and tested backup and restore policy is an important part of the overall security strategy.
Tags: North America, Codecov, supply chain
FBI Teams up with ‘Have I Been Pwned’ to Alert Emotet Victims
(published: April 30, 2021)
The FBI has shared more than 4.3 million email addresses with data breach tracking site Have I Been Pwned. The data breach notification site allows you to check if your login credentials may have been compromised by Emotet. In total, 4,324,770 email addresses were provided which span a wide range of countries and domains. The addresses are actually sourced from 2 separate corpuses of data obtained by the agencies.
Analyst Comment: Frequently updated endpoint detection policies as well as network security |
| Envoyé | Oui |
| Condensat | ‘have 0604 2018 2019 2021 250 29921 324 360's 365 770 able about abusing access according accounts acknowledged activity actors actually additionally address addresses addressing advisory aes affected after against agencies alert all allocation allow allowed allows also amazon america analyst analysts anomali anti any april are arguments arm arrested article asset assist att&ck att&ck: attached attack attackers attacks audit authorities avoid aware azure babuk backdoor background backup backups bad based bash batch been begins begun best bleepingcomputer block both botnet breach breached bug bugs but bypass campaign can capabilities capture carefully case cause certificate chain change channels charts check claim claims cloud cobalt code codecov cofense collect combination combined command comment comment: commodity common communication companies company compression compromise compromised compromises confirmed considered considering constantly contacted continuing corpuses could countries creations credentials critical cropped crypto cryptocurrency customers cve cyber cyberattack data decimal defender defense defined delivered department department's depth designed details detect detecting detection developers devices disclosed discloses discovered discovery discuss discussed dissecting dkim document does doing domains draping dubbed each edr education elements email emails emotet employee employees enable encrypted encrypting encryption end endpoint engines ensure environment evolving examine execution exploits exposed external fail familiar fbi figure file files finds fireeye first flaw focus following forgery found frequency frequently from full functional functions further gang gateway general get gets gigabytes glimpse good google government group group's groups had handling has hat have healthcare help high hit holes host hunt icmp image impact impacted important inappropriate inc include includes including inclusion increased increasing industrial information initial input instead instruments integer intelligence internal interpreting interprets investigation involves ioc iocs iot ipaddress ipdaddress isn't iteration its itself journalists key lab landscape large launched layering lead leading legitimate leveraged lfi library light like likely line link linux list local lockbit login logs long looking magazine malicious malware managed management manipulation march may means meantime mechanisms memory memos merseyrail metropolitan mfa microsoft microsoft's military militaryeu million mitigating mitigation mitigations mitre modelling modify monday monitor monitoring months more morning mpd mug multiple need net netmask network networks new news north not notation notification notified notifying now number objectives observed obtained octal office official one only operate operations organization organization's organizations over overall overflow own part parts party passed passwords patch patched patches patching penetrate people's perform permission persistent personal phish phishing pings place police policies policy polluted possible potential potentially powershell practices present prevalence prevent prevention previously primary problematic process processes products programs projects propagate proper properly protect protected protecting protection protocols provide provided published published: pwned pwned’ python python's qihoo rail range ransomware rapid rapidly rat recent recently recommendations recover red redundancy registry regular rejecting related relatively relevant rely remain remains remote replication: reports represented request research researchers resilient rest restore rfi risk rotajakiro rotate rotation safe said samsung sanctuary sanitization schedules scoping scripting scripts secrets section secure securing security seems seen seg segmented sensitive sent separate server servers services setting severity shameless shared sharepoint shares shell shots should side signature signing similarities since site sites smb solutions sophisticati |
| Tags | Ransomware Data Breach Malware Tool Vulnerability Threat Patching Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.