85% of SA organisations were hurt by lack of cyber preparedness in 2020
Mimecast Limited recently released the latest publication of their ‘The State of Email Security’ report which detailed that 85% of South African respondents to their annual global survey indicated that their companies had experienced a business disruption, financial loss or other setback during 2020 due to a lack of cyber preparedness. Ransomware was identified as the main culprit for business disruptions. Read the full article by BusinessTech – here.
US Justice Department announces court-authorised effort to disrupt exploitation of MS Exchange Server vulnerabilities
Authorities in the United States have executed a court-authorised operation to copy and remove malicious web shells from hundreds of vulnerable computers in the US. They were running on-premises versions of Microsoft Exchange Server software used to provide enterprise-level email service.
Through January and February 2021, certain hacking groups exploited zero-day vulnerabilities in Microsoft Exchange Server software to access email accounts and place web shells for continued access. Web shells are pieces of code or scripts that enable remote administration. Other hacking groups followed suit starting in early March after the vulnerability and patch were publicised.
Many infected system owners successfully removed the web shells from thousands of computers. Others appeared unable to do so, and hundreds of such web shells persisted unmitigated. This operation removed one early hacking group’s remaining web shells which could have been used to maintain and escalate persistent, unauthorized access to US networks. The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path). Read the full article by United States Department of Justice – here and the article on CISA: Mitigate Microsoft Exchange Server Vulnerabilities – here
Booking.com Fined $558,000 for Late Breach Notification under GDPR
A major hotel bookings site has been fined €475,000 after failing to report a serious data breach within the time period mandated by the General Data Protection Regulation (GDPR). Booking.com suffered the breach back in 2018 when telephone scammers targeted 40 employees at various hotels in the United Arab Emirates (UAE).
After obtaining their login credentials to a Booking.com system, they were able to access the personal details of over 4100 customers who had booked a hotel room in the UAE via the site. Credit card details on 283 customers were also exposed, and in 97 cases the security (CVV) code was compromised. Full article by InfoSecurity Magazine – Here
Chinese hackers used Pulse Secure VPN zero-day to breach US defence contractors
Two hacking groups, including at least one confirmed Chinese cyber-espionage outfit, have used a new zero-day vulnerability in Pulse Secure VPN equipment to gain a foothold inside the networks of US defence contractors and government organisations across the world.
The attacks were discovered earlier this year by cybersecurity firm FireEye and confirmed by Pulse Secure today (20 April 2020) in coordinated press releases. Read the full article by The Record by Recorded Future – here