CF BYTES- ISSUE#20
- December 21, 2020
- Posted by: Manasdeep
- Category: CF Bytes
- Welcome to first fortnight edition of CF Bytes for Dec 2020 month.
This month we saw Russian hackers using VMWare bug to plant web shells inside hacked networks. They then pivoted Microsoft ADFS servers to steal sensitive data. GE Healthcare proactively reached out to help healthcare providers their reconfigure vulnerable devices at a massive scale. These hidden accounts were using the same default credentials; which could have been abused by hackers to gain access to medical equipment inside hospitals and clinics.
Law enforcement came down heavily by sentencing an ex-Cisco employee to 24 months in prison and also pay $15,000 fine. The man allegedly broke into Cisco’s cloud infrastructure, and deployed code from his Google Cloud Project which automatically deleted 456 virtual machines that hosted the WebEx Teams application. Researchers from Forescout published a report known as AMNESIA:33 which briefs how TCP/IP stacks breed Critical Vulnerabilities affecting various IoT, OT and IT Devices.
In Security attacks and breaches, US CISA released an advisory related to theft of FireEye Red Team Tools which could be abused to take control of targeted systems. Microsoft also disclosed how a malware campaign silently injected ads into search results, affecting multiple browsers.
Meanwhile, in a major attack, an attacker leveraged SolarWinds supply chain to compromise multiple global victims with SUNBURST backdoor. Cryptocurrency-mining botnet “Xanthe” compromised Cisco’s security honeypots for tracking Docker-related threats for mining purposes.
Russian hackers are using a VMWare bug to plant web shells inside hacked networks and pivot to Microsoft ADFS servers from where they steal sensitive data. Read More.
Accounts with default creds found in 100+ GE medical device models. Read More.
Forescout has released a report AMNESIA:33 which briefs how TCP/IP Stacks Breed Critical Vulnerabilities in IoT, OT and IT Devices. Read More.
Cruise Automation, the autonomous vehicle subsidiary of GM, has started testing fully driverless vehicles on public roads in San Francisco. Read More.
Ex-Cisco Employee Convicted for Deleting 16K Webex Accounts. Read More.
Attacks / Breaches
US CISA has released an advisory regarding the theft of FireEye Red Team Tools which unauthorized third-party users could abuse to take control of targeted systems. Read More.
Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor. Read More.
Widespread malware campaign silently injects ads into search results, affecting multiple browsers. Read More.
SideWinder Uses South Asian Issues for Spear Phishing, Mobile Attacks. Read More.
Cryptocurrency-mining botnet “Xanthe” compromises Cisco’s security honeypots for tracking Docker-related threats. Read More.