Security News

Tokyo's Stock Exchange went offline for most of Thursday, its longest-ever outage and a very unwelcome one as it is the world's third-largest bourse, when measured by market capitalisation. The exchange yesterday morning posted news that "a technical glitch occurred to distribution of market data," and the market therefore stopped all trading.

Over half of exposed Exchange servers are still vulnerable to a severe bug that allows authenticated attackers to execute code remotely with system privileges - even eight months after Microsoft issued a fix. The flaw, which stems from the server failing to properly create unique keys at install time, was fixed as part of Microsoft's February Patch Tuesday updates - and admins in March were warned that unpatched servers are being exploited in the wild by unnamed advanced persistent threat actors.

Singapore-based cryptocurrency exchange KuCoin over the weekend announced that hackers managed to steal large amounts of cryptocurrencies from multiple hot wallets. On Saturday, the exchange announced that it identified a number of large withdrawals in Bitcoin, ERC-20 and other tokens from its hot wallets, and that it launched an investigation into the matter, while suspending the deposit and withdrawal service.

Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers. The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.

"We want to reassure everyone that this event won't stop our journey. After the security audit of renowned global companies, our operations will continue. We will announce the date of the reopening of the ETERBASE Exchange platform as soon as possible." If you're running Multi-Factor Authentication or Palo Alto's Captive Portal interface, an attacker can exploit a buffer overflow to ultimately gain code execution as root.

Slovakian cryptocurrency exchange Eterbase this week announced that hackers breached its systems and stole roughly $5.4 million. Launched in 2019 and based in Bratislava, Slovakia, Eterbase is a centralized exchange that focuses on crypto to SEPA integration.

Cybercriminals successfully plundered another digital cryptocurrency exchange. European cryptocurrency exchange Eterbase this week disclosed a massive breach of its network by an unknown group of hackers who stole cryptocurrencies worth 5.4 million dollars.

September sees a bundle of 129 CVE-listed flaws patched by Microsoft. Of the nearly two-dozen critical patches, Zero Day Initiative's Dustin Childs says that far and away the most serious is CVE-2020-16875, a memory object error in Exchange Server that allows a poisoned email to execute code with System clearance.

Netskope announced the Cloud Threat Exchange, one of the industry's first cloud-based solutions for the ingestion, curation, and real-time sharing of threat intelligence across enterprise security enforcement points. Any certified, partner, vendor, or customer may use Cloud Threat Exchange to automate the delivery and distribution of high-value, actionable threat intelligence, thus reducing the time to protection and eliminating gaps in coverage.

New Zealand's spy agency has been brought in to help fight back against cyberattacks that crippled the country's stock exchange for a fourth straight day on Friday. Finance Minister Grant Robertson said the Government Communications Security Bureau intelligence agency had joined efforts to contain the threat, which market operator NZX claimed was foreign-sourced but provided no further details.