By: Jindrich Karasek and Augusto Remillano II
Elasticsearch is no stranger to cybercriminal abuse given its popularity and use to organizations. In fact, this year’s first quarter saw a surge of attacks — whether by exploiting vulnerabilities or taking advantage of security gaps — levelled against Elasticsearch servers.
Source: Multistage Attack Delivers BillGates/Setag Backdoor, Can Turn Elasticsearch Databases into DDoS Botnet ‘Zombies’
Must have been the cyber security course’s day off Lancaster University – which offers a GCHQ-accredited degree in security – has been struck by a “sophisticated and malicious phishing attack” that resulted in the leak of around 12,500 wannabe students’ personal data.…
Source: Lancaster Uni data breach hits at least 12,500 wannabe students
A security hole affecting the free and open source ProFTPD file transfer protocol (FTP) server can be exploited to copy files to vulnerable servers and possibly execute arbitrary code. read more
Source: ProFTPD Vulnerability Can Expose Servers to Attacks
A hacking group that distributed files stolen from a Russian contractor to the media last week has published some of the documents online.
Source: FSB hackers drop files online
Original release date: July 22, 2019 As part of the effort to #Protect2020 , the Cybersecurity and Infrastructure Security Agency (CISA) is working with national partners to build resilience to foreign interferences, particularly information activities (e.g., disinformation, misinformation).
Source: Building Resilience to Foreign Interference, Misinformation Activities
A recently announced pair of vulnerabilities in server firmware could put enterprise IT at risk.
Source: Firmware Vulnerabilities Show Supply Chain Risks
This is the second part of a blog post from the Microsoft Security Response Center. It examines the classes of vulnerabilities introduced in modern systems programming languages, like C/C++, and makes the case for replacing them with the Rust programming language.
Read the full article: Why Rust for safe systems programming
Enlarge (credit: One of the slides posted to Github ) A security researcher has published a detailed guide that shows how to execute malicious code on Windows computers still vulnerable to the critical BlueKeep vulnerability. The move significantly lowers the bar for writing exploits that wreak the kinds of destructive attacks not seen since the WannaCry and NotPetya attacks of 2017, researchers said.
Source: Chances of destructive BlueKeep exploit rise with new explainer posted online
A fascinating read with great technical analysis of many memory-related security vulnerabilities. This is one of a series of blogs aimed at encouraging developers to move from C/C++ to perceived memory-safe languages, like Rust.
Read the full article: We Need a Safer Systems Programming Language
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 12 and July 19. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
Source: Threat Roundup for July 12 to July 19