The previous week has brought a lot of interesting news, and while it is not possible to fit all of the cybersecurity news in one blog post, we will try to cover some of the key events of the past week.
One of the most discussed topics of the last week was the Twitter security breach, in which the official Twitter accounts of prominent users, including Bill Gates, Apple, Elon Musk, Jeff Bezos, Joe Biden, Barack Obama, Uber, Binance, and others were hijacked in a massive crypto scheme aimed at scamming people out of their cryptocurrency.
The scammers were using hacked accounts to promote a cryptocurrency scheme promising to give away up to 5,000 bitcoins to those sending between 0.1 BTC to 20 BTC to a "contribution" address.
According to Twitter, the attackers successfully manipulated a small number of employees via a social engineering scheme and used their credentials to access Twitter’s internal systems, effectively bypassing the social network’s two-factor protections. Using Twitter’s internal tools the hackers targeted 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send messages.
The UK, the United States and Canada accused a hacker group known as APT29, “the Dukes” or “Cozy Bear” of attempts to compromise organizations involved in COVID-19-related research in order to steal information fr om researchers seeking a coronavirus vaccine.
APT29 frequently uses publicly available exploits in order to compromise vulnerable systems and steal authentication credentials to allow further access. The targeted vulnerabilities include CVE-2019-19781 (Citrix), CVE-2019-11510 (Pulse Secure), CVE-2018-13379 (FortiOS), and CVE-2019-9670 (Zimbra).
Microsoft has warned of a critical vulnerability which has been present in Microsoft’s Windows DNS Server for over 17 years. The vulnerability discovered by Check Point researchers and reported to Microsoft in May could be exploited to gain Domain Administrator privileges and compromise the entire target’s corporate infrastructure.
The vulnerability has been patched as part of July 2020 Patch Tuesday release. Microsoft said it is not aware of attacks exploiting CVE-2020-1350.
Another important issue, which was brought to light last week, is CVE-2020-6287, a flaw affecting a component in SAP NetWeaver Application Server. By exploiting this flaw, a remote, unauthenticated attacker could create a new SAP user with the highest privileges, and thus fully compromise vulnerable SAP installations, which would allow the attacker to steal or modify highly sensitive information, or disrupt critical business processes.
A proof-of-concept code for this vulnerability is already publicly available.
The transparency collective known as DDoSecrets has launched a site wh ere it published sensitive documents and communications related to WikiLeaks founder Julian Assange.
The collection of files covers early years in WikiLeaks and contains a number of chat logs between Julian Assange and other associates. The documents posted on the site include chat logs and letters dating back to 2010 between Assange, sources and hackers, including the convicted hacker Jeremy Hammond and Sigurdur Thordarson, an early WikiLeaks supporter who provided information about the group to the FBI.
Even professional hackers make stupid mistakes, forgetting to secure their servers. Such a mistake has been made by APT35 hackers, which allowed security researchers to learn how they are conducting their hacking operations.
The IBM researchers discovered the 40 GBs of data files being uploaded to a server that hosted numerous APT35 domains. The data, which was apparently stolen from victim accounts, including US and Greek military personnel, contained nearly five hours of videos showing a hacker “searching through and exfiltrating data from various compromised accounts of a member of U.S. Navy and a personnel officer with nearly two decades of service in Hellenic Navy.” Other clues in the data suggest that APT35 also targeted an Iranian-American philanthropist and officials of the U.S. State Department.