One Article Review
Accueil - L'article:
Source Anomali.webp Anomali
Identifiant 3205930
Date de publication 2021-08-10 17:39:00 (vue: 2021-08-10 18:05:30)
Titre Anomali Cyber Watch: GIGABYTE Hit By RansomEXX Ransomware, Seniors\' Data Exposed, FatalRat Analysis, and More
Texte The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Chinese state hackers, Data leak, Ransomware, RAT, Botnets, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Actively Exploited Bug Bypasses Authentication On Millions Of Routers (published: August 7, 2021) The ongoing attacks were discovered by Juniper Threat Labs researchers exploiting recently discovered vulnerability CVE-2021-20090. This is a critical path traversal vulnerability in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication. The total number of devices exposed to attacks likely reaches millions of routers. Researchers identified attacks originating from China and are deploying a variant of Mirai botnet on vulnerable routers. Analyst Comment: Attackers have continuous and automated routines to look out for publicly accessible vulnerable routers and exploit them as soon as the exploit is made public. To reduce the attack surface, routers management console should only be accessible from specific public IP addresses. Also default password and other security policies should be changed to make it more secure. Tags: CVE-2021-20090, Mirai, China Computer Hardware Giant GIGABYTE Hit By RansomEXX Ransomware (published: August 7, 2021) The attack occurred late Tuesday night into Wednesday and forced the company to shut down its systems in Taiwan. The incident also affected multiple websites of the company, including its support site and portions of the Taiwanese website. Attackers have threatened to publish 112GB of stolen data which they claim to include documents under NDA (Non Disclosure Agreement) from companies including Intel, AMD, American Megatrends unless a ransom is paid. Analyst Comment: At this point no official confirmation from GIGABYTE about the attack. Also no clarity yet on potential vulnerabilities or attack vectors used to carry out this attack. Tags: RansomEXX, Defray, Ransomware, Taiwan Millions of Senior Citizens' Personal Data Exposed By Misconfiguration (published: August 6, 2021) The researchers have discovered a misconfigured Amazon S3 bucket owned by the Senior Advisor website which hosts ratings and reviews for senior care services across the US and Canada. The bucket contained more than one million files and 182 GB of data containing names, emails, phone numbers of senior citizens from North America. This exposed data was not encrypted and did not require a password or login credentials to access. Analyst Comment: Senior citizens are at high risk of online frauds. Their personal information and context regarding appointments getting leaked can lead to targeted phishing scams. Tags: Data Leak, Phishing, North America, AWS
Envoyé Oui
Condensat 112gb 182 200 20090 2020 2021 25767 25926 25927 25928 27565 31226 31227 31228 31400 31401 35683 35684 35685 36762 37160 37161 37162 37163 37164 37165 37166 37167 400 5594 >80 able about absolutely access accessible account accounts achieve across actively activists/figures activity actors address addresses admin advisor advisory affect affected affecting agencies agreement alien all allow also always amazon amd america american amnesia:33 analysis analyst anomali any anydesk appears application appointments apt apt27 apt3 apt41 arcadyan are aren armis around articles asia asian at&t att&ck: att&ck attached attack attacker attackers attacks attempt august authentication automated automatically available aws bad bare beginning behalf behaviour between botnet botnets bruteforce bucket bug bugs but bypass bypasses cache campaign can canada capabilities capture care carry cell changed channel channels charts check china chinachopper chinese chipshot chopper citizens claim clarity click clusters cobalt code coded collection collects command comment: commonly communication communications companies company component compressed computer configuration configured confirmation connections console contained containing context continued continuous continuously control copy corporations could country create credential credentials critical current cve cyber cybereason cyberespionage data date deadringer: default defense defray denial deobfuscate/decode deployed deploying described detect detection devastating devices did disclosed disclosure discovered discovery discuss discussed dissident distributed dll dns documents dormant down download downloaded due dumping east edr effectively emails embedded emissary empire enables encrypt encrypted enforcement enormously espionage europe evade evasion even exchange executed execution exfiltrate exfiltration exploit exploited exploiting exposed exposing extensive eye facing factions faster fatalrat fewer figure file files firewall firmware five flaws following forced forensic forescout forums four frauds from functioning future gain gathering generation getting giant gigabyte give glimpse government group groups hackers hadowpad hafnium hard hardware has hash have having healthcare heart help hidden high hijacking hit hospital host hosts ics identified identify impacted implementation important incident include including incorrect increases indicator indicators industrial industry infection infections information infra:halt infrastructure input install installs instrumentation intel intelligence interest interests interface interfaces internet intrusions investigated ioc iocs iron italy iteration its jfrog juniper keep kept keylogger keyloggers known labs land lands late lateral latest law layer lead leafminer leak leaked least let life like likely line links loading located login logs long look lure made magazine major majority make making malicious malware management manipulation manufactured manufacturing march masquerading match media megatrends melsoft mess microsoft million millions mimikatz minimal minimise mirai misconfiguration misconfigured mitigates mitigations mitre mitsubishi modify monitor monitored months more most movement multiple naikon name:wreck named names nda necessary need needs network networks new newly news night non north not november nozomi number number:jack numbers obfuscated occurred official officials one ongoing online only operating operation operational operations order organizations originating other out over owned paexec paid panda pass password passwords past patch patched patches path patient pcshare perform period periods permission personal phishing phone pii place plants plcs pneumatic pneumatics point poisoning policies policy political portions potential power powershell protected protocol provide provided psexec pts public publicly publish published: pwnedpiper ramnit ransom ransomexx ransomware rat ratings reachable reaches reakdown real recently reduce regarding registry relate related release remain remaining remote remotely removal require req
Tags Malware Vulnerability Threat Guideline
Stories APT 41 APT 41 APT 30 APT 27 APT 23
Notes
Move


L'article ne semble pas avoir été repris aprés sa publication.


L'article ne semble pas avoir été repris sur un précédent.
My email: