Network Security News | Ingalls Information Security

Articles of interest from the week of January 1, 2024

Written by John Frasier | Jan 1, 2024 5:00:00 AM

Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining

Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service (DDoS) attacks.

"Threat actors can also choose to install only scanners and sell the breached IP and account credentials on the dark web," the source said on Tuesday. (The Hacker News)

 

“These incidents illustrate how basic attacks can exploit weak authentication methods resulting in malware or ransomware being deployed on servers and systems. Servers with port 22 exposed should not be vulnerable to a brute-force dictionary attack due to weak password security, especially in today’s threat landscape. Additionally, enabling and enforcing Multi-Factor Authentication (MFA) on endpoints and servers is crucial to offer an additional layer of defense against such attacks. The enforcement of fundamental security measures is essential to thwart these types of low-complexity attacks from succeeding.

Sean Scully, CTI Threat Hunter at Ingalls Information Security

 

 

Comcast Faces Lawsuits over Breach of 36M Accounts

Comcast already faces at least two class action lawsuits over a massive data breach that exposed nearly 36 million U.S. Xfinity accounts after cyber attackers broke into its systems in mid-October, 2023, by exploiting a vulnerability in Citrix software. (MSSP Alert)

 

New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security

Security researchers have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection's security by breaking the integrity of the secure channel. (The Hacker News)


CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool

CISA has published the finalized Microsoft 365 Secure Configuration Baselines, designed to bolster the security and resilience of organizations’ Microsoft 365 (M365) cloud services. This guidance release is accompanied by the updated SCuBAGear tool that assesses organizations’ M365 cloud services per CISA’s recommended baselines. (CISA)


First American Takes IT Systems Offline After Cyberattack

First American Financial Corporation, the second-largest title insurance company in the United States, has proactively taken offline certain systems to mitigate the impact of a cyberattack.

The company has recently encountered a cybersecurity incident, as mentioned in a statement released on a dedicated website addressing the cyberattack. Consequently, its official website was temporarily taken offline before the publication of this article. (BleepingComputer)


Cybersecurity Maturity Model Certification (CMMC) Program Proposed Rule Published

The Department of Defense publishes for a 60-day comment period a proposed rule for the Cybersecurity Maturity Model Certification (CMMC) program at https://www.regulations.gov/docket/DOD-2023-OS-0063

CMMC is designed to ensure that defense contractors and subcontractors are compliant with existing information protection requirements for federal contract information (FCI) and controlled unclassified information (CUI) and are protecting that sensitive unclassified information at a level commensurate with the risk from cybersecurity threats, including advanced persistent threats. (Department of Defense)

 

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild.

The vulnerability assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution. (The Hacker News)