The new list of vulnerabilities released by the non-profit foundation Open Web Application Security Project features fundamental changes. For example, Broken Access Control is now holding №1 position in the new ranking. The second place in this ranking is held by cryptographic failures since this issue is connected to system compromise and sensitive data exposure. Although injections have moved to the 3rd place in the new ranking, the impact of this vulnerability remains serious and one of its most popular forms has become cross-site scripting.
The 4th place is occupied by Insecure Design, a new category in this ranking. Compared to 2017, Security Misconfiguration has moved one spot up and now is holding the 5th place in the new ranking. External entities are now included in the Security Misconfiguration category. Generally, compared to the previous ranking, 3 new categories have appeared and 4 categories are present either under a changed name or scope.
According to a new research, by setting correct configuration of databases, apps, and security policies companies could have prevented two-thirds of cloud attacks. The Cloud Security Threat Landscape was published on Wednesday by IBM Security X-Force and is spanning Q2 2020 through Q2 2021. The X-Force Red team also found through penetration testing that issues were attributable either to credentials or policies. Malicious actors were taking advantage of lax security in cloud environments through remote exploitation and access to confidential data.
Also, the researchers from IBM suggest that more than half of recent breaches might have been attributable to shadow IT, namely, IT systems that are not managed by central IT teams. These security issues have led to the creation of the dark market for public cloud initial access. Generally, in 71% of ads listed Remote Desktop Protocol (RDP) access if offered for malicious purposes. The price of cloud environment access on the black market may vary between a few dollars and a few thousand dollars.
The rapid increase in the demand for open source code packages has led to a triple-digit year-on-year surge in supply chain attacks. The 2021 State of the Supply Chain report has been compiled by supply chain management specialists using publicly available and proprietary data. More than 2.2 trillion open-source packages or components would be borrowed by global developers from third-party ecosystems. For example, Python packages downloaded from PyPi, Java downloaded from Maven Central Repository, etc. The threat actors can exploit publicly disclosed vulnerabilities attributable to these shared code packages.
However, malicious actors are becoming more proactive. They are no longer waiting for public vulnerability disclosures. They are actively injecting vulnerabilities into open source projects and carry out their exploitation before security specialists discover them. This strategy gives hackers the benefit of time thereby allowing malware to move through the supply chain. As a result, the scale of attacks is becoming much greater!
The cybersecurity company StormWall has revealed some of the most powerful DDoS attacks ever detected. The botnet in question enabled DDoS attacks, the power of which was up to 2 TB/s. The discovered botnet united 49,000 servers originating from Spain. The cost of the use of this botnet started from $2,500 per 2 days. According to the findings made by StormWall, most of the detected DDoS attacks were targeting the gaming industry.
The botnet was launching attacks through TCP, UDP, and HTTP protocols with browser emulation. The attacks carried out by this botnet have such a great power that, apart from victims, they also affect its providers and may cause access issues for hundreds or even thousands of users who use these online resources. Malicious actors were using these tools for more than a month.
The incident that happened earlier this month affected the company’s EMEA IT systems. “Suspicious activity” was detected on 8 September and Olympus immediately mobilized its response team to investigate the case. The company suspended data transfers taking place in the affected systems and provided all required information to its external partners. Olympus is a multinational company employing more than 31,600 employees.
It’s likely that Olympus has fallen victim to BlackMatter ransomware. BlackMatter rose from the ashes of DarkSide, the ransomware group responsible for the attack against Colonial Pipeline. Some experts suggest that BlackMatter is just the rebranding of the famous ransomware group. This security incident is a serious warning for companies that the scope of ransomware threats remains extremely huge.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.