On January 6, 2021. Hafnium, a Chinese state-sponsored group known for notoriously targeting the United States, started exploiting zero-day vulnerabilities on Microsoft Exchange Servers. The criminals launched a deluge of cyberattacks for almost 2 months without detection. On March 2, 2021, Microsoft finally became aware of the exploits and issued necessary security patches. By that point, it was too late.
On March 2, Microsoft released patches for four zero-day vulnerabilities affecting Exchange Server 2013, 2016, and 2019 (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). In the following weeks, attackers have been aggressively targeting vulnerable servers to install web shells that provide persistent remote access to infected servers. On March 9, attackers began installing a new ransomware variant known as DearCry or DoejoCrypt on infected servers.
CVE-2020-13942 is a critical vulnerability that affects the Apache open source application Unomi, and allows a remote attacker to execute arbitrary code. In the versions prior to 1.5.1, Apache Unomi allowed remote attackers to send malicious requests with MVEL and OGNL expressions that could contain arbitrary code, resulting in Remote Code Execution (RCE) with the privileges of the Unomi application.
As enterprises fast track cloud adoption plans without security considerations, we’ve seen the dangers of cloud misconfigurations and how it continues to cost millions in lost data and revenue for failure to comply. In this blog we’ll explain how to spot the telltale signs and secure your clouds with adequate Cloud Security Posture Management (CSPM).
Broken Access Control is #5 in the current OWASP Top Ten Most Critical Web Application Security Risks. It should be viewed in conjunction with Broken Authentication, currently the #2 risk.
Zoho ManageEngine Desktop Central is an endpoint management solution offered by Zoho. A server running this software can push updates to managed systems, remotely control and lock them, apply access controls and more. In March 2020, a remote code execution (RCE) vulnerability was identified (tracked as CVE-2020-10189) in the ManageEngine software due to the deserialization of untrusted, user-controlled input in the getChartImage function of the FileStorage class within the application.
There is a common tendency that the typical DAST scanner finds the easiest to locate known security vulnerabilities. If you need to find vulnerabilities that are more difficult to detect – you need the help of security experts. But what if the DAST product could behave more like an automated hacker? The Security Research team at Detectify set themselves up to solve this problem and fundamentally upgrade the way we do fuzzing in our vulnerability scanner, Deep Scan.
ESG research on cyber risk management, which involved 340 cybersecurity professionals, revealed that 40 percent felt tracking patch and vulnerability management over time was their biggest challenge.
If you want just to see how to find HAFNIUM Exchange Zero-Day Activity, skip down to the “detections” sections. Otherwise, read on for a quick breakdown of what happened, how to detect it, and MITRE ATT&CK mappings.
One of our missions at Snyk is a simple one: help developers fix things easily. We further our mission by releasing features and improvements as quickly as possible, but it’s also just as important that developers have an experience which helps them gain as much value from Snyk as possible. This includes being able to quickly understand what needs to be fixed, and making that task incredibly easy.
