This Week in Security News - September 3, 2021
Proxytoken vulnerability can modify Exchange server configs and Lockbit jumps its own countdown, publishes Bangkok Air files
Save to Folio
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about the ProxyToken vulnerability, which can modify exchange server configurations. Also, read about how the LockBit 2.0 ransomware group published Bangkok Airways stolen data.
The Evolution of Connected Cars as Defined by Threat Modeling UN R155-Listed Attack Vectors
The United Nations Regulation No. 155 sets provisions for cybersecurity management systems in vehicles. A notable section of the document is Annex 5, which lists 69 attack vectors affecting vehicle cybersecurity. In order to help organizations comply with this regulation, Trend Micro used the DREAD threat model to assess the risk level of the attack vectors listed in Annex 5.
ProxyToken Vulnerability can Modify Exchange Server Configs
Discovered by Le Xuan Tuyen, a Vietnamese security researcher with VNPT ISC, the ProxyToken vulnerability could be used to surreptitiously add an email forwarding rule to a user’s mailbox so that all emails addressed to the victim will also be sent to an account controlled by the attacker.
Scan Your Microsoft Azure Blob Storage for Risks
Trend Micro Cloud One - File Storage Security provides the assurance that downstream workflows are protected from upstream risks landing in your Microsoft Azure blob storage. Files that include malware, vulnerabilities, and known ransomware can impact application and business processes as well as compliance. New on the Trend Micro Cloud One security platform: learn how easy it is to monitor, identify, and quarantine malicious file entering your Azure Blobs.
LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files
After Bangkok Airways disclosed that it had been clobbered by a cyberattack last week, the LockBit 2.0 ransomware gang tossed its own countdown clock in the trash and went ahead and published what it claims are the airline’s encrypted files on its leak site.
API Releases New Standard for Pipeline Control Systems
In August, the American Petroleum Institute (API) released the third edition of Standard 1164, Pipeline Control Systems Cybersecurity. The edition has been in development since 2017—a result of expert input from over 70 organizations, including the US’s Department of Energy, Cybersecurity and Infrastructure Security Agency, and the American Gas Association. The latest version comes after President Biden announced a memo, calling on the improvement of control systems cybersecurity.
Researchers Uncover New Android Banking Malware
While Google has put more money and effort into securing its app store, fraudsters and hackers keep changing their tactics to get malicious apps posted on the platform. During July, Trend Micro uncovered a campaign led by hack-for-hire firms that deployed Android malware to target visitors to Syria's e-government website as part of its latest cyberespionage campaign.
Cybercriminals Abusing Internet-Sharing Services to Monetize Malware Campaigns
Threat actors are capitalizing on the growing popularity of proxyware platforms like Honeygain and Nanowire to monetize their own malware campaigns, once again illustrating how attackers are quick to repurpose and weaponize legitimate platforms to their advantage.
BrakTooth Vulnerabilities Put Bluetooth Users at Risk – and Some Devices are Going Unpatched
Representing an estimated 1,400 or more commercial products, including Microsoft's Surface Pro 7, Surface Laptop 3, Surface Book 3, and Surface Go 2 and the Volvo FH infotainment system, the BrakTooth vulnerabilities are claimed to expose "fundamental attack vectors in the closed BT [Bluetooth] stack." It's not the first time the same team has made such claims, either: ASSET was also responsible for disclosing the SweynTooth vulnerabilities in February last year.
What do you think about LockBit 2.0’s activity after its reemergence back in June? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.