{"id":19395,"date":"2022-06-21T02:10:05","date_gmt":"2022-06-21T10:10:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/06\/21\/news-13128\/"},"modified":"2022-06-21T02:10:05","modified_gmt":"2022-06-21T10:10:05","slug":"news-13128","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/06\/21\/news-13128\/","title":{"rendered":"Security vulnerabilities: 5 times that organizations got hacked"},"content":{"rendered":"

Credit to Author: Bill Cozens| Date: Tue, 21 Jun 2022 10:04:02 +0000<\/strong><\/p>\n

Businesses and governments these days are relying on dozens of different Software-as-a-Service (SaaS) applications to run their operations \u2014 and it\u2019s no secret that hackers are always looking for security vulnerabilities in them to exploit.<\/p>\n

According to research by BetterCloud<\/a>, the average company with 500 to 999 employees uses about 93 different SaaS applications, with that number rising to 177 for companies with over 1000 employees.<\/p>\n

Coupled with the fact that vendors release thousands of updates each year to patch security vulnerabilities in their software, it\u2019s not surprising that businesses and governments are struggling to keep up with the volume of security vulnerabilities and patches<\/a>.<\/p>\n

And lo and behold, despite the best efforts of governments and businesses around the globe, hackers still managed to exploit multiple security vulnerabilities in 2021<\/a>.<\/p>\n

In this post, we\u2019ll take a look at five times governments and businesses got hacked thanks to security vulnerabilities in 2021.<\/p>\n

1.\u00a0\u00a0 APT41 exploits Log4Shell vulnerability to compromise at least two US state governments<\/h2>\n

First publicly announced in early December 2021, Log4shell<\/a> (CVE-2021-44228<\/a>) is a critical security vulnerability in the popular Java library Apache Log4j 2. The vulnerability is simple to execute and enables attackers to perform remote code execution<\/a>.<\/p>\n

A patch for Log4Shell was released on 9 December 2021, but within hours of the initial December 10 2021 announcement, hacker groups were already racing to exploit Log4Shell before businesses and governments could patch it \u2014 and at least one of them was successful.<\/p>\n

Shortly after the advisory, the Chinese state-sponsored hacking group APT41 exploited Log4Shell to compromise at least two US state governments, according to research from Mandiant<\/a>. Once they gained access to internet-facing systems, APT41 began a months-long campaign of reconnaissance <\/a>and credential harvesting.<\/p>\n

2.  North Korean government backed-groups exploit Chrome zero-day vulnerability<\/h2>\n

On February 10 2022, Google’s Threat Analysis Group (TAG) discovered that two North Korean government backed-groups <\/a>exploited a vulnerability (CVE-2022-0609<\/strong><\/a>) in Chrome to attack over 250 individuals working for various media, fintech, and software companies.<\/p>\n

The activities of the two groups have been tracked as Operation Dream Job<\/a> and AppleJeus<\/a>, and both of them used the same exploit kit<\/a> to collect sensitive information from affected systems.<\/p>\n

How does it work, you ask? Well, hackers exploited a use-after-free (UAF) vulnerability in the Animation component of Chrome \u2014 which, just like Log4Shell, allows hackers to perform remote code execution.<\/p>\n

3.  Hackers infiltrate governments and companies with ManageEngine ADSelfService Plus vulnerability<\/h2>\n

From September 17 through early October, hackers successfully compromised at least nine companies and 370 servers by exploiting a vulnerability <\/strong><\/a>(CVE-20<\/strong><\/a>2<\/a><\/strong>1-40539)<\/strong><\/a> in ManageEngine ADSelfService Plus<\/a>, a self-service password management and single sign-on solution.<\/p>\n

So, what happens after hackers exploited this vulnerability? You guessed it \u2014 remote code execution. Specifically, hackers uploaded a payl<\/a>oad <\/a>to a victims network that installed a webshell, a malicious script that grants hackers a persistent gateway to the affected device.<\/p>\n

From there, hackers moved laterally<\/a> to other systems on the network, exfiltrated any files they pleased, and even stole credentials<\/a>.<\/p>\n

4.  Tallinn-based hacker exploits Estonian government platform security vulnerabilities<\/h2>\n

In July 2021<\/a>, Estonian officials announced that a Tallinn-based male had gained access to KMAIS, Estonia\u2019s ID-document database, where he downloaded the government ID photos of 286,438 Estonians.<\/p>\n

To do this, the hacker exploited a vulnerability in KMAIS that allowed him to obtain a person’s ID photo using queries. Specifically, KMAIS did not sufficiently check the validity of the query received \u2014 and so, using fake digital certificates, the suspect could download the photograph of whoever he was pretending to be.<\/p>\n

5.  Russian hackers exploit Kaseya security vulnerabilities<\/h2>\n

Kaseya, a Miami-based software company, provides tech services to thousands of businesses over the world \u2014 and on July 2 2021, Kaseya CEO Fred Voccola had an urgent message for Kaseya customers: shut down your servers immediately<\/a>.<\/p>\n

The urgency was warranted. Over 1,500 small and midsize businesses<\/a> had just been attacked, with attackers asking for $70 million in payment.<\/p>\n

A Russian-based cybergang known as REvil claimed responsibility for the attack. According to Hunteress Labs, REvil exploi<\/a>ted a zero-day<\/a> (CVE-<\/a>2021-30116<\/a>) and performed an authentication bypass in Kaseya’s web interface \u2014 allowing them to deploy a ransomware attack<\/a> on MSPs and their customers.<\/p>\n

<\/a>Organizations need a streamlined approach to vulnerability assessment<\/h2>\n

Hackers took advantage<\/a> of many security vulnerabilities in 2021 to breach an array of governments and businesses.<\/p>\n

As we broke down in this article, hackers can range from individuals to whole state-sponsored groups \u2014 and we also saw how vulnerabilities themselves can appear in just about any piece of software regardless of the industry.<\/p>\n

And while some vulnerabilities are certainly worse than others, the sheer volume of vulnerabilities out there makes it difficult to keep up with the volume of security patches. With the right vulnerability management<\/a> and patch management<\/a>, however, your organization can find (and correct) weak points that malicious hackers, viruses, and other cyberthreats want to attack.<\/p>\n

Want to learn more about different vulnerability and patch management tools? Visit our Vulnerability and Patch Management page<\/a> or read the solution brief<\/a>.<\/p>\n

The post Security vulnerabilities: 5 times that organizations got hacked<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Bill Cozens| Date: Tue, 21 Jun 2022 10:04:02 +0000<\/strong><\/p>\n

In this post, we break down 5 times hackers used security vulnerabilities in 2021 to attack governments and businesses.<\/p>\n

The post Security vulnerabilities: 5 times that organizations got hacked<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[1001,10987,1328,4980,19950,3765,10752],"class_list":["post-19395","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-business","tag-exploits","tag-government","tag-hack","tag-patch-management","tag-ransomware","tag-vulnerabilities"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=19395"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19395\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=19395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=19395"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=19395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}