Security News > 2023 > July

Threat Actors are Targeting Your Web Applications – Here’s How To Protect Them
2023-07-20 14:02

Below we explore the motivations behind these threats, the most prevalent attack strategies, and the steps you can take to protect your web applications. That's not to say that web applications without payment or personal data processing capabilities are immune to attacks.

North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack
2023-07-20 13:30

An analysis of the indicators of compromise associated with the JumpCloud hack has uncovered evidence pointing to the involvement of North Korean state-sponsored groups, in a style that's reminiscent of the supply chain attack targeting 3CX. The findings come from SentinelOne, which mapped out the infrastructure pertaining to the intrusion to uncover underlying patterns. "The North Korean threat actors demonstrate a high level of creativity and strategic awareness in their targeting strategies," SentinelOne security researcher Tom Hegel told The Hacker News.

Under CISA pressure collab, Microsoft makes cloud security logs available for free
2023-07-20 12:30

Microsoft announced on Wednesday it would provide all customers free access to cloud security logs - a service usually reserved for premium clients - within weeks of a reveal that government officials' cloud-based emails were targets of an alleged China-based hack. Microsoft wrote on its blog it was expanding the service's access beginning in September 2023 to "Increase the secure-by-default baseline" of its cloud platforms "In response to the increasing frequency and evolution of nation-state cyber threats."

JumpCloud breach traced back to North Korean state hackers
2023-07-20 12:25

US-based enterprise software company JumpCloud was breached by North Korean Lazarus Group hackers, according to security researchers at SentinelOne and CrowdStrike. In a report published on Thursday, SentinelOne Senior Threat Researcher Tom Hegel linked the North Korean threat group to the JumpCloud hack based on multiple indicators of compromise shared by the company in a recent incident report.

Microsoft Exchange servers compromised by Turla APT
2023-07-20 12:05

Turla has been targeting defense sector organizations in Ukraine and Eastern Europe with DeliveryCheck and Kazuar backdoors / infostealers and has been using compromised Microsoft Exchange servers to control them. Turla APT. Turla is a sophisticated and persistent APT group that has been active for over 10 years and is believed to be sponsored by the Russian state.

New P2PInfect worm malware targets Linux and Windows Redis servers
2023-07-20 12:02

Earlier this month, security researchers discovered a new peer-to-peer malware with self-spreading capabilities that targets Redis instances running on Internet-exposed Windows and Linux systems. The Unit 42 researchers who spotted the Rust-based worm on July 11 also found that it hacks into Redis servers that have been left vulnerable to the maximum severity CVE-2022-0543 Lua sandbox escape vulnerability.

Commentary on the Implementation Plan for the 2023 US National Cybersecurity Strategy
2023-07-20 11:12

The Atlantic Council released a detailed commentary on the White House's new "Implementation Plan for the 2023 US National Cybersecurity Strategy." Lots of interesting bits. First, the plan contains a more concrete list of actions than its parent strategy, with useful delineation of lead and supporting agencies, as well as timelines aplenty.

APT41 hackers target Android users with WyrmSpy, DragonEgg spyware
2023-07-20 11:01

The Chinese state-backed APT41 hacking group is targeting Android devices with two newly discovered spyware strains dubbed WyrmSpy and DragonEgg by Lookout security researchers. While APT41 hackers usually breach their targets' networks via vulnerable web apps and Internet-exposed endpoints, Lookout says the group also targets Android devices with WyrmSpy and DragonEgg spyware strains.

A Few More Reasons Why RDP is Insecure (Surprise!)
2023-07-20 10:48

In the intervening decades, RDP has become a widely used protocol for remote access and administration of Windows-based systems. The downside of RDP's widespread use is that a Remote Code Execution vulnerability in an RDP gateway can have severe consequences, potentially leading to significant damage and compromising the security and integrity of the affected system.

Thanks Storm-0558! Microsoft to expand default access to cloud logs
2023-07-20 10:31

Starting in September 2023, more federal government and commercial Microsoft customers will have access to expanded cloud logging capabilities at no additional charge, Microsoft and the Cybersecurity and Infrastructure Security Agency have announced on Wednesday. Extended cloud logging defaults for lower-tier Microsoft customers.