Cybersecurity weekly: Acer hacked, Exchange targeted, Zoom bugs

March 23, 2021 by Sam Fay

The REvil ransomware gang hacked Acer and is demanding a $50 million ransom. Microsoft Exchange servers are now targeted by BlackKingdom ransomware. A Zoom screen sharing bug lets users access restricted apps. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Taiwanese computer giant Acer was victim of the REvil ransomware attack, the gang is demanding the payment of a $50,000,000 ransom, the largest one to date. The ransomware gang claimed to have stolen data from the systems of the vendor before encrypting them, then published on their data leak site some images of allegedly stolen documents.
Read more »


2. Microsoft Exchange servers now targeted by BlackKingdom ransomware

Another ransomware operation known as BlackKingdom is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers. Researchers state that the threat actor used the vulnerability to execute a PowerShell script that downloads the ransomware executable and pushes it out to other computers on the network.
Read more »


3. Zoom screen sharing bug lets users access restricted apps

A newly discovered glitch in Zoom’s screen sharing feature can accidentally leak sensitive information to other attendees in a call. The unpatched security vulnerability makes it possible to reveal contents of applications that are not shared, but only briefly, thereby making it harder to exploit it in the wild.
Read more »


4. CISA releases a tool to detect SolarWinds malicious activity

U.S. CISA released the CISA Hunt and Incident Response Program (CHIRP) tool. This is a Python-based tool that allows detecting malicious activity associated with the SolarWinds hackers in compromised on-premises enterprise Windows environments. Both alerts are related to SolarWinds attacks against government agencies and private sector organizations.
Read more »


5. Hackers infecting Apple app developers with trojanized Xcode projects

Last week, cybersecurity researchers disclosed a new attack wherein threat actors leverage Xcode as an attack vector to compromise Apple platform developers with a backdoor. The trojanized Xcode project is a tainted version of a legitimate, open-source project available on GitHub called TabBarInteraction.
Read more »


6. Remote lesson monitoring program could be exploited to attack student PCs

Early last week, McAfee disclosed the existence of multiple security holes in Netop Vision Pro, popular monitoring software adopted by schools for teachers to control remote learning sessions. After setting up a virtual ‘classroom’ made up of four devices on a local network, the researchers realized that all network traffic was unencrypted by default.
Read more »


7. Microsoft Defender can now protect servers against ProxyLogon attacks

Microsoft announced that its Defender Antivirus and System Center Endpoint Protection now provides automatic protection against attacks exploiting the recently disclosed ProxyLogon vulnerabilities in Microsoft Exchange. This is the result of a recent emergency out-of-band security update.
Read more »


8. DDoS booters now abuse DTLS servers to amplify attacks

DDoS-for-hire services are now actively abusing misconfigured or out-of-date Datagram Transport Layer Security servers to amplify distributed denial-of-service attacks. A recent  DDOS attack used DTLS to amplify traffic from vulnerable Citrix ADC devices that used DTLS configurations without a mechanism designed to block such abuse.
Read more »


9. Fintech giant Fiserv used unclaimed domain

If you sell web-based software for a living and ship code that references an unregistered domain name, you are asking for trouble. But when the same mistake is made by a Fortune 500 company, the results can range from costly to disastrous.
Read more »


10. RCE flaw in Apache OFBiz could allow to take over the ERP system

Last week, the Apache Software Foundation addressed a high-severity vulnerability in Apache OFBiz, tracked as CVE-2021-26295, that could have allowed a remote, unauthenticated attacker to take over the ERP system. The issue is unsafe deserialization that affects versions prior to 17.12.06.
Read more »

Posted: March 23, 2021
Sam Fay
View Profile