A daily look at the relevant information security news from overnight - 28 July, 2022
Episode 275 - 28 July 2022
NetStandard Knocked Offline- https://www.bleepingcomputer.com/news/security/kansas-msp-shuts-down-cloud-services-to-fend-off-cyberattack/
Moxa NPort Flaws -
https://www.securityweek.com/moxa-nport-device-flaws-can-expose-critical-infrastructure-disruptive-attacks
Post Macro Tactics -
https://www.infosecurity-magazine.com/news/hackers-change-tactics-for-new/
Naughty Knotweed- https://thehackernews.com/2022/07/microsoft-uncover-austrian-company.html
Twitter Data Sale -
https://www.infosecurity-magazine.com/news/criminal-twitter-users-data/
Hi, I’m Paul Torgersen. It’s Thursday July 28th, 2022 and this is a look at the information security news from overnight.
From BleepingComputer.com:
Managed service provider NetStandard suffered a cyberattack causing the company to shut down its MyAppsAnywhere cloud services. The company said Hosted GP, Hosted CRM, Hosted Exchange, and Hosted Sharepoint will be offline until further notice, but that no other services were impacted. That being said, their main website remains down as well. No word on threat actor or malware involved, but it is assumed to be a ransomware hit.
From SecurityWeek.com:
Two high severity flaws have been found in the NPort 5110 device servers from Moxa. The vulnerabilities can be exploited remotely to cause the targeted device to enter a denial of service condition. The only way to regain control of the device is to physically power it down, which might present a challenge as many of these devices are in very remote locations. These things are designed to connect to Ethernet networks and should not be exposed to the internet. However, a Shodan search found at least 5,300 of them that are. Now some of these may be honeypots, but they’re not ALL honeypots. Customers should contact Moxa for a security patch.
From InfoSecurity-Magazine.com:
Since Microsoft announced they would disable macros by default, the use of macro-enabled attachments by threat actors decreased by around 66% between October 2021 and June 2022. Awesome. But, where there’s a will there's a way. In that same timeframe, the number of malicious campaigns using container file formats jumped up 176%. These formats include ISO, RAR, ZIP and IMG files that contain macro-enabled docs. Now the ISO and RAR formats will still have the Mark of the Web, meaning they originated from the internet and their macros would be blocked, but the files within them would not. Link to the ProofPoint research in the article.
From TheHackerNews.com:
A threat actor tracked as Knotweed, used several Windows and Adobe zero-day exploits in highly-targeted attacks against targets in Europe and Central America. They are actually an Austrian outfit called DSIRF that supposedly sells general security and information analysis services to commercial customers. As a side gig, they created a cyberweapon called Subzero, which can hack phones, computers, and internet-connected devices. Talk about vertical integration.
And last, from InfoSecurity-Magazine.com:
A user named devil is selling a database of 5.4 million Twitter users' information on the Breached Forums site. They say it contains the phone numbers and email addresses of users, including celebrities and companies, and is asking for $30,000. Twitter is investigating the issue, which the seller said exploited a vulnerability in its systems that allows someone to find additional user information, even if that user has it hidden in privacy settings.
That’s all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.