ProxyShell Attacks Pummel Unpatched Exchange Servers
CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers.
Black Hat
Black Hat: Scaling Automated Disinformation for Misery and Profit
Researchers demonstrated the power deep neural networks enlisted to create a bot army with the firepower to shape public opinion and spark QAnon 2.0.
Black Hat: New CISA Head Woos Crowd With Public-Private Task Force
Day two Black Hat keynote by CISA Director Jen Easterly includes launch of private-public partnership with Amazon, Google and Microsoft to fight cybercrime.
Researchers show how to circumvent Microsoft’s Windows Hello biometric authentication using a spoofed USB camera.
IBM X-Force detailed the custom-made “LittleLooter” data stealer and 4+ hours of ITG18 operator training videos revealed by an opsec goof.
Black Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts.
A researcher was able to remotely control the lights, bed and ventilation in “smart” hotel rooms via Nasnos vulnerabilities.
We’re selfish if we’re only mitigating our own stuff, said Black Hat USA 2021 keynoter Jeff Moss. Let’s be like doctors battling COVID and work for herd immunity.
An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
Researchers preview work to be presented at Black Hat on how AD “misconfiguration debt” lays out a dizzying array of attack paths, such as in PetitPotam.
InfoSec Insider
-
Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches
-
Closing the Gap Between Application Security and Observability
-
You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius
-
CANs Reinvent LANs for an All-Local World
-
Bad Actors Are Maximizing Remote Everything