Tag Archive for: Hacking

Stay Ahead of the Game: Protecting Yourself from the Latest Outlook Security Threat

, , ,
_55b86715-32be-4623-924a-a83749dcac33

Microsoft Outlook is one of the most popular email clients used by millions of individuals and businesses worldwide and is the target of the latest Outlook Security Threat. It provides a user-friendly interface and advanced features for managing emails, calendars, tasks, and contacts. However, like any other software, Outlook is not immune to security vulnerabilities, and cybercriminals often target it to exploit such vulnerabilities for their nefarious activities.

Recently, Microsoft released a security advisory about a critical vulnerability that affects various versions of Microsoft Outlook on Windows and Mac operating systems. This vulnerability, tracked as CVE-2021-28482, is a remote code execution flaw that can enable an attacker to execute malicious code on the victim’s system by sending a specially crafted email to their Outlook account.

The vulnerability can be exploited when the user opens an email containing a specially crafted file that triggers the execution of the malicious code. Once executed, the attacker can take over the victim’s system, steal sensitive data, install malware, and carry out other cyber attacks.

To protect yourself from this vulnerability, it is essential to take the following steps:

  • Update your Outlook software immediately: Microsoft has released security patches for all affected versions of Outlook. Users should install the latest updates as soon as possible to prevent exploitation of the vulnerability. If you have enabled automatic updates, you may already have received the update. If not, check for updates and install them immediately.
  • Be cautious when opening emails from unknown senders or suspicious emails: To prevent exploitation of the vulnerability, it is crucial to be wary of any unsolicited emails or emails from unknown senders. If you receive an email from an unknown sender, do not open it and delete it immediately. If you receive an email with suspicious attachments, do not open the attachments or click on any links within the email.
  • Use antivirus software: Antivirus software can help prevent malicious code from executing on your system. It can detect and block malware and other cyber threats, including those that exploit vulnerabilities in Outlook.
  • Keep your operating system and other software up-to-date: Outdated software, including your operating system and other applications, can create security vulnerabilities that can be exploited by cybercriminals. Make sure to install updates regularly to keep your system secure.

In conclusion, the latest critical vulnerability in Microsoft Outlook highlights the importance of taking proactive steps to secure your system. By updating your software, being cautious when opening emails, using antivirus software, and keeping your operating system and other software up-to-date, you can help protect yourself and your data from cyber threats.

Microsoft Exchange Backdoor, LightNeuron, Gives Hackers Unprecedented Access and Control

,
Exchange Server Hacker
Cyberespionage group, Turla, has reportedly developed a sophisticated Microsoft Exchange server backdoor that can redirect, intercept and modify email that is believed to have been in use since 2014. In addition, the exploit can also send messages on behalf of the compromised servers. According to the ESET report, LightNeuron has two main components: a Transport Agent, registered in the Microsoft Exchange configuration, and a DLL with most of the malicious code. Administrative privileges are required to drop the required files onto the Microsoft Exchange server before execution. Once successfully executed, the hackers that installed the backdoor can issue orders using JPG or PDF attachments with commands embedded via steganography. To learn more, see the detailed ESET report.

FBI warns of new email auto-forwarding scam targeting vulnerabilities in web based email clients amongst Covid19 Pandemic

,
_55b86715-32be-4623-924a-a83749dcac33

Scammers are exploiting auto-forwarding rules to boost the success rate of so-called Business Email Compromise (BEC) attacks, the FBI said in a statement.

BEC is a sophisticated scam targeting businesses that perform electronic payments such as wire or automated clearing house transfers. A cyber criminal initially compromises a business email account through social engineering or computer intrusion techniques. Following the initial intrusion, the cyber criminal uses the system access to conduct reconnaissance on the victim’s email communications. Using information gathered from the compromised accounts and reconnaissance efforts created by system access following the initial intrusion, the cyber criminal then impersonates an employee over email communications to redirect pending or future payments to fraudulent bank accounts. BEC actors create auto-forwarding rules within email accounts after they obtain employee credentials to decrease the victims’ ability to observe fraudulent communications. This allows cyber-criminals to better conceal their scamming activities, the FBI said, adding that scammers are doing this as the COVID-19 pandemic necessitates more teleworking, another factor increasing the likelihood of success. To learn more, see the FBI statement located here.

Is your Exchange Server an open backdoor to hackers?

Exchange Server Hacker

A New Research Article By Cyber-Security Firm ESET Outlines A Complex Backdoor Hack Specifically Targeting Microsoft Exchange Servers.

The exploit, called LightNeuron, works as an MTA agent and allows hackers to gain full control over all mail traffic, including the ability to intercept, redirect, or modify the content of inbound and outbound messages. Obviously, this is a serious systems compromise that can easily go undetected.

This exploit is the real deal and has been tied to a group of hackers known as Turla APT who have been credited with some complicated and destructive hacks.

Once a Microsoft Exchange server is infected, hackers never need to connect to it directly. Instead, they send command and control emails with hidden commands imbedded in PDF or JPG attachments using a strategy known as steganography.

We encourage you to review the ESET white paper that outlines the attack in more detail and also provides detailed removal instructions.

Download the white paper here.

Department of Homeland Security Warns About DNS Hijacking

, ,
_55b86715-32be-4623-924a-a83749dcac33

On January 22, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued a Emergency Directive – 19-01 – outlining steps you can take to mitigate a new threat discovered of DNS tampering / hijacking.

Hackers capturing user credentials that have the authority to make changes to the Domain Name System (DNS), through fishing or other means, have been redirecting web, email, and potentially other traffic to systems they control. In some instances they intercept data and can even store and forward the received data to further hide the malicious activity to avoid or prolong detection by the targeted entity.

At Priasoft, we understand that security is a top concern for IT and are working hard on new security technologies that we are bringing to market in Q3 2019 that can mitigate this type of threat. We have several security products we are bringing to market to combat the security vectors we see as under severed and unprotected, including DNS and email phishing. If you would like to receive early notification as we complete the testing, development, and release cycles please contact us here.

We have outlined the background in the directive below and encourage administrators that have credentials to manage DNS to review key DNS records, change their passwords, and fully read the DHS directive to avoid being compromised by this latest attack technique.

Background from the DHS Directive

Using the following techniques, attackers have redirected and intercepted web and mail traffic, and could do so for other networked services.

  1. The attacker begins by compromising user credentials, or obtaining them through alternate means, of an account that can make changes to DNS records.
  2. Next, the attacker alters DNS records, like Address (A), Mail Exchanger (MX), or Name Server (NS) records, replacing the legitimate address of a service with an address the attacker controls. This enables them to direct user traffic to their own infrastructure for manipulation or inspection before passing it on to the legitimate service, should they choose. This creates a risk that persists beyond the period of traffic redirection.
  3. Because the attacker can set DNS record values, they can also obtain valid encryption certificates for an organization’s domain names. This allows the redirected traffic to be decrypted, exposing any user-submitted data. Since the certificate is valid for the domain, end users receive no error warnings.

In closing, attackers are becoming more and more creative in the types of attacks and this DNS attack is just one of the many new threat vectors IT needs to monitor and secure. More than ever,  IT needs to remain diligent to avoid being the victims of attacks.