Cyber Security News — Past 24 hours | 11.08.2021

Hackers Steal Over $600 Million Worth of Cryptocurrencies from Poly Network

Hackers have siphoned $611 million worth of cryptocurrencies from a blockchain-based financial network in what’s believed to be one of the largest heists targeting the digital asset industry, putting it ahead of breaches targeting exchanges Coincheck and Mt. «The hacker exploited a vulnerability between contract calls,» Poly Network said.

Polygon: 0x5dc3603C9D42Ff184153a8a9094a73d461663214

«The amount of money you have hacked is one of the biggest in DeFi history. The money you stole are from tens of thousands of crypto community members, hence the people,» the team said.

«We are aware of the poly. Network exploit that occurred today. We will do as much as we can,» Binance CEO Changpeng Zhao said in a tweet. The identity of the hacker remains unclear, although blockchain security firm SlowMist claimed it was able to trace the attacker email address, IP address, and device fingerprint and that their initial source of funds were in Monero coins, which were then exchanged for ETH, MATIC, and other currencies.

«That may sound counterintuitive given that this $600 million theft represents the biggest DeFi hack of all time, and that the fast-growing DeFi ecosystem is uniquely vulnerable to hacks. However, cryptocurrency theft is more difficult to get away with than theft of fiat funds. » .

Source —

Bugs in Managed DNS Services Cloud Let Attackers Spy On DNS Traffic

Cybersecurity researchers have disclosed a new class of vulnerabilities impacting major DNS-as-a-Service providers that could allow attackers to exfiltrate sensitive information from corporate networks.

Stack Overflow Teams

Calling it a «bottomless well of valuable intel,» the treasure trove of information contains internal and external IP addresses, computer names, employee names and locations, and details about organizations’ web domains. The findings were presented at the Black Hat USA 2021 security conference last week.
«The traffic that leaked to us from internal network traffic provides malicious actors all the intel they would ever need to launch a successful attack,» the researchers added. «More than that, it gives anyone a bird’s eye view on what’s happening inside companies and governments. We liken this to having nation-state level spying capability — and getting it was as easy as registering a domain».

Prevent Ransomware Attacks

«The dynamic DNS traffic we wiretapped came from over 15,000 organizations, including Fortune 500 companies, 45 U.S. government agencies, and 85 international government agencies,» the researchers said. «The data included a wealth of valuable intel like internal and external IP addresses, computer names, employee names, and office locations».

Source —

Microsoft Warns of Another Unpatched Windows Print Spooler RCE Vulnerability

A day after releasing Patch Tuesday updates, Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it’s working to remediate the issue in an upcoming security update.
Tracked as CVE-2021–36958 , the unpatched flaw is the latest to join a list of bugs collectively known as PrintNightmare that have plagued the printer service and come to light in recent months.

Stack Overflow Teams

«A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,» the company said in its out-of-band bulletin, echoing the vulnerability details for CVE-2021–34481. «An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights».

Windows Print Spooler RCE Vulnerability

It’s worth noting that the Windows maker has since released updates to change the default Point and Print default behavior, effectively barring non-administrator users from installing or updating new and existing printer drivers using drivers from a remote computer or server without first elevating themselves to an administrator.
As workarounds, Microsoft is recommending users to stop and disable the Print Spooler service to prevent malicious actors from exploiting the vulnerability.

Source —

Stay Focused. Stay Vigilant.

Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store