Tuesday, April 07, 2020

What I'm Reading 4/7/2020 - Make Your Own Mask Out Of T-Shirts, Patch Your Damn E-Mail Server and Chinese hackers Hiding By Targeting Linux

While the identification and exploitation of zero-day vulnerabilities has historically been a calling card for only the most sophisticated cybercriminals, a wider range of threat actors are now gaining access to exploits for undocumented, unpatched bugs simply by buying them – no deep security expertise required.
“A wider range of tracked actors appear to have gained access to these capabilities,” FireEye researchers noted in a blog post, published on Monday. “[This includes] a significant increase over time in the number of zero-days leveraged by groups suspected to be customers of companies that supply offensive cyber-capabilities.”
Military.com - DIY T-Shirt Masks and Balaclavas: Military Services Release Face-Covering Guidance -
The Defense Department announced Sunday that troops, DoD civilian employees, contractors and family members are encouraged to make simple coverings out of clean T-shirts and other household materials. The do-it-yourself face coverings are mandatory whenever people cannot maintain six feet of social distance in public areas or places of work, according to the policy, signed by Defense Secretary Mark Esper.
The DIY masks will help preserve much-needed N95 and surgical masks for health care workers, the policy states.
Instructions here 

ZDNet - Over 350,000 Microsoft Exchange servers still open to flaw that's under attack: Patch now -
Very few organizations have applied Microsoft's patch for a dangerous Exchange email server flaw that was being exploited by multiple state-sponsored hacking groups within weeks of its release, according to new research by security company Rapid7. 
The patch arrived in Microsoft's February 11 Patch Tuesday, accompanied by a warning from Redmond that admins should patch as soon as possible because it anticipated future attacks on the remote code execution vulnerability. 
Related - Tao Security - If You Can't Patch Your Email Server, You Should Not Be Running It -
Email is one of, if not the most, sensitive and important systems upon which organizations of all shapes and sizes rely. The are, by virtue of their function, inherently exposed to the Internet, meaning they are within the range of every targeted or opportunistic intruder, worldwide.
In this particular case, unpatched servers are also vulnerable to any actor who can download and update Metasploit, which is virtually 100% of them.
It is the height of negligence to run such an important system in an unpatched state, when there are much better alternatives -- namely, outsourcing your email to a competent provider, like Google, Microsoft, or several others.
The Daily Beast -  U.S. Eyes Second Coronavirus Outbreak in China
According to two officials with knowledge of those efforts and cables reviewed by The Daily Beast, the administration is monitoring China’s second wave of coronavirus cases, gathering data on the ground on the number of individuals newly infected and the reasons for the recent uptick. Over the past few days Chinese officials have noted an emergence of new cases, particularly in asymptomatic individuals. But U.S. officials say it is difficult to trust Beijing’s numbers because of its history of putting out unreliable data.
Dark Reading -  9 Security Podcasts Worth Tuning In To

The Register - Want to stay under the radar for a decade or more? This Chinese hacking crew did it... by aiming for Linux servers
A group of hackers operating as an offshoot of China's Winnti group managed to stay undetected for more than a decade by going open source.
A report from BlackBerry outlines how the group, actually a collection of five smaller crews of hackers thought to be state-sponsored, assembled in the wake of Winnti and exploited Linux servers, plus the occasional Windows Server box and mobile device, for years.
KrebsOnSecurity -  Microsoft Buys Corp.com So Bad Guys Can’t -
In February, KrebsOnSecurity told the story of a private citizen auctioning off the dangerous domain corp.com for the starting price of $1.7 million. Domain experts called corp.com dangerous because years of testing showed whoever wields it would have access to an unending stream of passwords, email and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe. This week, Microsoft Corp. agreed to buy the domain in a bid to keep it out of the hands of those who might abuse its awesome power.
Fifth Domain - Don’t just put the latest cybersecurity report on a shelf because of the pandemic -
Congress asked for this report, it was objective and non-partisan, initial congressional reaction (before the pandemic took center stage) was positive, and about one-third of its recommendations can be swiftly implemented by the Administration without legislation. And for the other recommendations, the commission has taken a stab at drafting legislative language for Congress to work with, and some of them could be considered in the context of the annual National Defense Authorization Act or other upcoming bills. Given how Congress’s legislative window will be stretched thin in the months ahead, this could give the proposals a head start in the process.
The Cyberspace Solarium Commission’s recommendations could be helpful in dealing with problems caused by how we are operating during the Coronavirus pandemic, and could serve as a road map for future actions to improve how government deals with cybersecurity issues. It shouldn’t get put on a shelf and forgotten like past reports. 

No comments: