Multiple Critical Vulnerabilities Affected “My Lenovo” Digital Assets
Some critical security vulnerabilities existed in the “my Lenovo” digital assets. Exploiting these vulnerabilities could even allow an adversary to execute commands on the target systems. Lenovo has addressed the issues after researchers notified them of the bugs.An Italian security firm Swascan’s Cyber Security Research Team, has recently shared details of some critical vulnerabilities affecting “My Lenovo” assets. The researchers found the bugs via their Domain Threat Intelligence (DTI) tool that works on the information available on the dark web. As elaborated in their advisory exclusively shared with Latest Hacking News, the researchers found three critical vulnerabilities on two selected IPs. Investigating the matter made them identify the bugs as LDAP anonymous bind allowed, LDAP password disclosure, and remote command execution.Upon finding the bugs, team Swascan responsibly disclosed the report to Lenovo. Their report included the details of the flaws and the PoC and vulnerable addresses and credentials.
SOC First Defense Phase — Understanding The Cyber Attack Chain — A Defense Approach with/without SOC
This article will help you to understand the modern cyber threats and the most commonly used attack surfaces behind any malware/cyber-attacks. In most times, the cyber attacks are getting executed in stages. So the SOC team must understand the attack patterns and the attack chain. So breaking the attack chain and averting the criminals intend to stop their goal, will reduce the business impact from the data being lost. This will not provide you with 100% defense steps or blue-team guides to your organization.It’ll provide a piece of brief information over the attack vectors and every SOC team must create a defense mechanism for it to have an initial stage of security monitoring.
These steps can be followed by any Network Security Teams or small scale industries or smaller firms who cannot afford SOC, will help to create a defense wall with this. In every organization, firewalls/IPS and email gateways play a vital role in defending against the malware delivery to your organization. But in recent times, these techniques are easily getting defeated by Cyber attackers.
The modern-day cyber attacks aren’t a single stage, they deliver malware to any organizations in stages of infections. First, the attacker lures the victim to click any non-malicious urls and it redirects to CnC and drops the payloads. These stages cannot be blocked by traditional defense systems.
Source — https://gbhackers.com/soc-defense-attack-chain/
FIN7 Supervisor Gets 7-Year Jail Term for Stealing Millions of Credit Cards
A Ukrainian national and a mid-level supervisor of the hacking group known as FIN7 has been sentenced to seven years in prison for his role as a “pen tester” and perpetuating a criminal scheme that enabled the gang to compromise millions of customers debit and credit cards.
Andrii Kolpakov, 33, was arrested in Spain on June 28, 2018, and subsequently extradited to the U.S. the following year on June 1, 2019.
In June 2020, Kolpakov pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.
The Western District of Washington also ordered Kolpakov to pay $2.5 million in restitution.
The defendant, who was involved with the group from April 2016 until his arrest, managed other hackers who were tasked with breaching the point-of-sale systems of companies, both in the U.S. and elsewhere, to deploy malware capable of stealing financial information.
Source — https://thehackernews.com/2021/06/fin7-supervisor-gets-7-year-jail-term.html
SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers
Nobelium is the name assigned by Microsoft to the nation-state adversary responsible for the unprecedented SolarWinds supply chain attacks that came to light last year. In addition, Microsoft said it detected information-stealing malware on a machine belonging to one of its customer support agents, who had access to basic account information for a small number of its customers. The stolen customer information was subsequently used «in some cases» to launch highly-targeted attacks as part of a broader campaign, the company noted, adding it moved quickly to secure the device. The revelation that the hackers have set up a new arm of the campaign comes a month after Nobelium targeted more than 150 different organizations located across 24 countries by leveraging a compromised USAID account at a mass email marketing company called Constant Contact to send phishing emails that enabled the group to deploy backdoors capable of stealing valuable information.
The development also marks the second time the threat actor singled out Microsoft after the company disclosed earlier this February the attackers managed to compromise its network to view source code related to its products and services, including Azure, Intune, and Exchange.
Source — https://thehackernews.com/2021/06/solarwinds-hackers-breach-microsoft.html
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT