The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today
Weekly Digest #18
By Hacken
DNSpooq Flaws Allow DNS Hijacking of Millions of Devices
This week researchers have uncovered a set of flaws in dnsmasq, popular open-source software used for caching Domain Name System (DNS) responses for home and commercial routers and servers.
The set of seven flaws consist of buffer overflow issues and weaknesses, allowing for DNS cache-poisoning attacks (also known as DNS spoofing). If exploited, these flaws could be chained together to allow remote code execution, denial of service and other attacks.
Dnsmasq is installed on many homes and commercial routers and servers in many organisations.
Google Searches Expose Stolen Corporate Credentials
Attackers behind a recently discovered phishing campaign have unintentionally left more than 1,000 stolen credentials available online via simple Google searches, researchers have found.
The campaign, which began in August 2020, used e-mails that spoof notifications from Xerox scan to lure victims into clicking on malicious HTML attachments.
While this is and of itself is not atypical of phishing campaigns, attackers made a “simple mistake in their attack chain” that left the credentials they’d stolen exposed to the “public Internet, across dozens of drop-zone servers used by the attackers,” researchers said.
Windows RDP servers are being abused to amplify DDoS attacks
According to Shodan, there are five millions of RDP servers all over the world available for hackers to use exploit.
Windows RDP servers running on UDP port 3389 can be ensnared in DDoS botnets and abused to bounce and amplify junk traffic towards victim networks.
Hackers are abusing Windows Remote Desktop Protocol (RDP) systems to bounce and amplify junk traffic as part of DDoS attacks. Not every RDP server can be abused, only systems where RDP authentication is also enabled on UDP port 3389 on top of the standard TCP port 3389.
Ransomware is now the biggest cybersecurity concern for CISOs
Ransomware is the most significant cybersecurity concern facing businesses, according to those responsible for keeping organisations protected from cyberattacks and hacking.
A survey of chief information security officers (CISOs) and chief security officers (CSOs) by cybersecurity company discovered that ransomware is now viewed as the primary cybersecurity threat to their organisation over the next year.
46% – of CSOs and CISOs surveyed said that ransomware or other forms of extortion by outsiders represents the biggest cybersecurity threat.
Malwarebytes said it was hacked by the same group who breached SolarWinds
We continue the heading of the hack chain of companies that are engaged in cybersecurity. This week Malwarebytes becomes the fourth major security firm targeted by criminals after FireEye, Microsoft, CrowdStrike.
Malwarebytes was hacked by the same group which breached IT software company SolarWinds last year.
Malwarebytes said its intrusion is not related to the SolarWinds supply chain incident since it doesn’t use any of SolarWinds software in its internal network.
The security firm said the hackers breached its internal systems by exploiting a dormant email protection product within its Office 365 tenant.
Subscribe to our newsletter
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.
