Sharepoint vulnerability exploited in the wild

| May 10, 2019

article image
AT&T Alien Labs has seen a number of reports of active exploitation of a vulnerability in Microsoft Sharepoint (CVE-2019-0604). One report by the Saudi Cyber Security Centre appears to be primarily targeted at organisations within the kingdom. An earlier report by the Canadian Cyber Security Centre identified similar deployment of the tiny China Chopper web-shell to gain an initial foothold. AT&T Alien Labs has identified malware that is likely an earlier version of the second-stage malware deployed in the Saudi Intrusions: This malware sample was shared by a target in China. The malware receives commands encrypted with AES at http://$SERVER/Temporary_Listen_Addresses/SMSSERVICE  - and has the ability to: Execute commands; and. Download and upload files. It’s likely multiple attackers are now using the exploit. One user on Twitter has reported that they have seen exploitation from the IP address 194.36.189[.]177 - which we have also seen acting as a command and control server for malware linked to FIN7.

Spotlight

Nexum, Inc

Nexum, Inc., headquartered in Chicago, Illinois, is an information security company that works to keep its clients focused on their organizations’ inherent strengths. Founded in 2002, Nexum takes a comprehensive approach to security, from the detection and prevention of network threats, intrusions, and disruptions, to ensuring our best in order to complete business objectives. With offices now in the Midwest, Southeast, Southwest, and Northeast, Nexum continues its dedication to technical excellence and a customer-centric approach. In addition to regional offices, Nexum has redundant security and network operation command centers in Chicago and New Mexico, providing ‘round the clock delivery of Nexum’s first defense line of managed security services and technical support to customers from large multinational corporations to smaller, regional and local organizations. What distinguishes us from most other IT services companies is that security is our focus and specialty. We understand th

OTHER ARTICLES

The Coronavirus is Already Taking Effect on Cyber Security– This is How CISOs Should Prepare

Article | March 18, 2020

Cynet has revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. The Coronavirus is hitting hard on the world’s economy, creating a high volume of uncertainty within organizations. Cynet has revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. In light of these insights, Cynet has shared a few ways to best prepare for the Coronavirus derived threat landscape and provides a solution (learn more here) to protect employees that are working from home with their personal computers, because of the coronavirus. Cynet identifies two main trends – attacks that aim to steal remote user credentials, and weaponized email attacks:

Read More

A 4 Step Guide to Stronger OT Cybersecurity

Article | April 14, 2020

Security and risk management leaders at organizations around the world are increasingly concerned about cybersecurity threats to their operational technology (OT) networks. A key driver behind this is that cyberthreats, like disruptionware, are increasing in quantity and sophistication all the time. Industrial control system (ICS) networks are categorized as high risk because they are inherently insecure, increasingly so because of expanding integration with the corporate IT network, as well as the rise of remote access for employees and third parties. An example of an IT network within a control system is a PC that’s running HMI or SCADA applications. Because this particular PC wasn’t set up with the initial intention of connecting to IT systems, it typically isn’t managed so can’t access the latest operating system, patches, or antivirus updates. This makes that PC extremely vulnerable to malware attacks. Besides the increased cyberthreat risk, the complexity resulting from IT–OT integration also increases the likelihood of networking and operational issues.

Read More

CYBERSECURITY AND CORONAVIRUS: KEEPING YOUR BUSINESS SAFE

Article | March 19, 2020

Measures to mitigate the outbreak of COVID-19 have led to an unprecedented increase in remote working across the board. Our guest author Philip Blake, European Regional Director at EC-Council and cybersecurity expert, outlines key challenges and tips for staying secure while away from the office. As governments and businesses work on mitigating the impact of the ongoing COVID-19 outbreak, social distancing measures are leading to an increase in remote working across all sectors. The reasoning behind the measures is best left to health authorities, and are discussed at length elsewhere. The purpose of this article is to shed light on some of the key cybersecurity challenges around the sudden spike in remote work arrangements, and propose potential measures to keep networks as secure as possible during these times.

Read More

5 Benefits of Investing in Cyber Security & IT solutions in 2021

Article | June 2, 2021

Cyber Security has quickly evolved from being just an IT problem to a business problem. Recent attacks like those on Travelex and the SolarWinds hack have proved that cyber-attacks can affect the most solid of businesses and create PR nightmares for brands built painstakingly over the years. Investing in cyber security training, cyber security advisory services and the right kind of IT support products, has therefore, become imperative in 2021. Investing in cyber security infrastructure, cyber security certification for employees and IT solutions safeguards businesses from a whole spectrum of security risks, ransomware, spyware, and adware. Ransomware refers to malicious software that bars users from accessing their computer system, whereas adware is a computer virus that is one of the most common methods of infecting a computer system with a virus. Spyware spies on you and your business activities while extracting useful information. Add social engineering, security breaches and compromises to your network security into the mix, and you have a lethal cocktail.

Read More

Spotlight

Nexum, Inc

Nexum, Inc., headquartered in Chicago, Illinois, is an information security company that works to keep its clients focused on their organizations’ inherent strengths. Founded in 2002, Nexum takes a comprehensive approach to security, from the detection and prevention of network threats, intrusions, and disruptions, to ensuring our best in order to complete business objectives. With offices now in the Midwest, Southeast, Southwest, and Northeast, Nexum continues its dedication to technical excellence and a customer-centric approach. In addition to regional offices, Nexum has redundant security and network operation command centers in Chicago and New Mexico, providing ‘round the clock delivery of Nexum’s first defense line of managed security services and technical support to customers from large multinational corporations to smaller, regional and local organizations. What distinguishes us from most other IT services companies is that security is our focus and specialty. We understand th

Events