Servers

now browsing by tag

 
 

Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers

Source: National Cyber Security – Produced By Gregory Evans

microsoft azure hacking

Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure.

Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any platform or device, and easily integrate them with SaaS solutions, on-premises apps to automate business processes.

According to a report researchers shared with The Hacker News, the first security vulnerability (CVE-2019-1234) is a request spoofing issue that affected Azure Stack, a hybrid cloud computing software solution by Microsoft.

If exploited, the issue would have enabled a remote hacker to unauthorizedly access screenshots and sensitive information of any virtual machine running on Azure infrastructure—it doesn’t matter if they’re running on a shared, dedicated or isolated virtual machines.

According to researchers, this flaw is exploitable through Microsoft Azure Stack Portal, an interface where users can access clouds they have created using Azure Stack.

By leveraging an insure API, researchers found a way to get the virtual machine name and ID, hardware information like cores, total memory of targeted machines, and then used it with another unauthenticated HTTP request to grab screenshots, as shown.

microsoft azure screenshots

Whereas, the second issue (CVE-2019-1372) is a remote code execution flaw that affected the Azure App Service on Azure Stack, which would have enabled a hacker to take complete control over the entire Azure server and consequently take control over an enterprises’ business code.

What’s more interesting is that an attacker can exploit both issues by creating a free user account with Azure Cloud and running malicious functions on it or sending unauthenticated HTTP requests to the Azure Stack user portal.

Check Point published a detailed technical post on the second flaw, but in brief, it resided in the way DWASSVC, a service responsible for managing and running tenants’ apps and IIS worker processes, which actually run the tenant application, communicate with each other for defined tasks.

Since Azure Stack failed to check the length of a buffer before copying memory to it, an attacker could have exploited the issue by sending a specially crafted message to DWASSVC service, allowing it to execute malicious code on the server as the highest NT AUTHORITY/SYSTEM privilege.

“So how can an attacker send a message to DWASSVC (DWASInterop.dll)? By design, when running the C# Azure function, it runs in the context of the worker (w3wp.exe),” the researchers said.

“This lets an attacker the possibility to enumerate the currently opened handles. That way, he can find the already opened named pipe handle and send a specially crafted message.”

Check Point researcher Ronen Shustin, who discovered both vulnerabilities, responsibly reported the issues to Microsoft last year, preventing hackers from causing severe damage and chaos.

After patching both issues late last year, the company awarded Shustin with 40,000 USD under its Azure bug bounty program.

The Original Source Of This Story: Source link

The post Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers appeared first on National Cyber Security.

View full post on National Cyber Security

Hackers #exploit old #flaw to turn #Linux #servers into #cryptocurrency miners

The malicious actors who installed and ran a cryptocurrency mining operation on hacked Tesla ASW servers and Jenkins servers is now targeting servers running Linux and has so far generated more than $74,000 in Monero.

The new campaign uses the legitimate, open-source XMRig cryptominer in conjunction with exploiting the old vulnerability CVE-2013-2618, which is found in Cacti’s Network Weathermap plug-in, according to a Trend Micro Cyber Safety Solutions Team report. The vulnerability is a cross-site scripting vulnerability in editor.php in Network Weathermap before 0.97b and allows remote attackers to inject arbitrary web script or HTML via the map_title parameter.

This active campaign is hitting targets primarily in active campaign, primarily affecting Japan, Taiwan, China, the U.S., and India.

“As to why they’re exploiting an old security flaw: Network Weathermap only has two publicly reported vulnerabilities so far, both from June 2014. It’s possible these attackers are taking advantage not only of a security flaw for which an exploit is readily available but also of patch lag that occurs in organizations that use the open-source tool” the team wrote.

Trend Micro was able to trace the activity back to two usernames associated with two Monero wallets where $74,677 has been deposited as of March 21.

Read More….

advertisement:

The post Hackers #exploit old #flaw to turn #Linux #servers into #cryptocurrency miners appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Copy-Pasting Malware Dev Made $63,000 From Mining Monero on IIS Servers

Source: National Cyber Security – Produced By Gregory Evans

A malware author (or authors) has made around $63,000 during the past five months by hacking unpatched IIS 6.0 servers and mining Monero. ESET researchers just recently uncovered the attacker’s operation. Experts say the malware author used CVE-2017-7269, a vulnerability in IIS 6.0 servers to take over vulnerable machines and…

The post Copy-Pasting Malware Dev Made $63,000 From Mining Monero on IIS Servers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Ukrainian hacker became first witness in FBI’s ‘Russian case’ of hacking servers of US Democratic Party

Source: National Cyber Security – Produced By Gregory Evans

The Ukrainian hacker gave confessions and witnessed the US Federal Bureau of Investigation in the case of hacking servers of the US Democratic Party during the campaign, which for Hillary Clinton turned into a series of scandals and became victorious for Republican Donald Trump. Russia is accused of organizing crack…

The post Ukrainian hacker became first witness in FBI’s ‘Russian case’ of hacking servers of US Democratic Party appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers could take over your computer if they fragged you on some CS:GO servers

Source: National Cyber Security – Produced By Gregory Evans

An exploit in the Counter-Strike: Global Offensive Source (SDK) engine was removed in a June update, according a report from software security company One Up Security yesterday. The vulnerability allowed users in CS:GO community browser and third-party servers to hack into another player’s computer merely through killing them on a…

The post Hackers could take over your computer if they fragged you on some CS:GO servers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

KnowBe4 Research Shows Eighty-Two Percent of Email Servers are Misconfigured

0_0_180_0_70_-features-super-security-bg

Source: National Cyber Security – Produced By Gregory Evans

KnowBe4 Research Shows Eighty-Two Percent of Email Servers are Misconfigured

KnowBe4, provider of the world’s most popular integrated new-school security awareness training and simulated phishing platform, analyzed more than 10,000 email servers and identified that eighty-two percent of them are misconfigured, allowing spoofed emails to enter an organization disguised as

The post KnowBe4 Research Shows Eighty-Two Percent of Email Servers are Misconfigured appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Iran Orders Social Media Sites to Move Servers Inside Country

Facebook laptop-970-80

Source: National Cyber Security – Produced By Gregory Evans

Iran has given foreign messaging apps a year to move data they hold about Iranian users onto servers inside the country, prompting privacy and security concerns on social media. Iran has some of the strictest controls on internet access in the world and blocks access to social media platforms such as Facebook and Twitter, although […]

The post Iran Orders Social Media Sites to Move Servers Inside Country appeared first on National Cyber Security.

View full post on National Cyber Security

#OPSINGLEGATEWAY: ANONYMOUS HACKS THAI POLICE SERVERS, PROVES ITS POINT

Source: National Cyber Security – Produced By Gregory Evans

#OPSINGLEGATEWAY: ANONYMOUS HACKS THAI POLICE SERVERS, PROVES ITS POINT

Hacked readers will know of Thailand’s military government’s aim to squeeze all internet communicationinto a single gateway. If you aren’t aware of the master plan, Thailand’s Prime Minister General Prayut Chan-o-cha and his cabinet ordered the country’s National Police Department, the Information and Communication Ministry along with the Justice Ministry to look into the means to set up a single gateway for the internet. A resolution was passed soon after, mandating the agencies to look into laws that would need to either be enacted or amended, as a means to enforce the single Internet gateway. To nobody’s surprise, state-run company CAT Telecom was chosen by the Prime Minister as the only authority to control all internet communications through the single gateway in Thailand. With public backlash from the Thai people along with criticism from around the world, the government’s public stance has since changed. The Prime Minister stated that he hadn’t “ordered’ the agencies to go ahead with the mandate and that he had merely only suggested the endeavor as a study. The backtracking convinced few, least of all the Thai people and hacktivist group Anonymous. Source: https://hacked.com/opsinglegateway-anonymous-hacks-thai-police-servers-proves-its-point/

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post #OPSINGLEGATEWAY: ANONYMOUS HACKS THAI POLICE SERVERS, PROVES ITS POINT appeared first on National Cyber Security.

View full post on National Cyber Security

Huge recent hack attack said to target mainly Israeli servers

Source: National Cyber Security – Produced By Gregory Evans

A new round of hacking attacks is being directed specifically against Israel, cyber-security giant Check Point believes. The exploit, which uses infected Microsoft Word documents to insert malicious code into a user’s computer, “appears to be politically motivated, instigated against a particular nation-state,” the company said. With that, said the company, the identity of the hackers behind the attack is unclear, and may never be known, because it is almost impossible to trace such attacks back to the original server that issued them. And, while Check Point would not name the specific targets of the attack, it said that they included Israeli public (i.e., government) and private organizations, and that the attacks had been going on “for some time.” “There are many reasons campaigns can end up with a lopsided geographical distribution of infection victims; that, alone, does not necessarily imply a ‘targeted campaign’ scenario,” said the company. “However, this case was different. Israeli targets were not just over-represented; the list of targeted Internet addresses contained a number of Israeli government agencies, security industry firms, municipal agencies, research institutions and even hospitals. In total, over 200 machines and 15 distinct Israeli firms and institutions were targeted.” The role of defense, […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Huge recent hack attack said to target mainly Israeli servers appeared first on National Cyber Security.

View full post on National Cyber Security

Chinese hackers use US servers in cyber attacks

Source: National Cyber Security – Produced By Gregory Evans

Chinese-government linked hackers are using American computer services companies in conducting cyber attacks against private company networks, according to cyber security analysts. A detailed computer forensic investigation by a major U.S. security firm revealed that three recent cyber attacks were carried out by two Chinese hacker groups known as Deep Panda and Wekby. Both groups appear linked to each other and are part of a Chinese-government run cyber espionage campaign. The Department of Homeland Security stated in an internal report that cyber espionage targeting the bulk collection of personal data from government and private networks included nine attacks over the past year. A report on the investigation by the security firm reveals the Chinese groups conducted the attacks using seven computer-hosting companies to target a U.S. air carrier, a European telecommunications company, and a European energy firm. A copy of the report was obtained by the Washington Free Beacon. The security firm asked not to be named. The report provides some of the first details on how shadowy Chinese hacking groups conduct their operations while working to thwart U.S. intelligence and law enforcement agencies from tracking their activities. “It’s like playing whack-a-mole,” said an executive at one the companies who […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Chinese hackers use US servers in cyber attacks appeared first on National Cyber Security.

View full post on National Cyber Security