CyberSec Roundup
A synopsis of the Latest Cybersecurity News
Recruitment Call for Insider Threats
A Nigerian threat actor is attempting to solicit employees to sabotage their companies’ networks with DemonWare ransomware. Their phishing campaign is promising potential accomplices $1 million in bitcoin, or 40% of the ransom, to deploy the ransomware on a company server or client machine. Nigerian-based threat actors normally use social engineering to impersonate company executives in an attempt to fool employees to transfer funds or confidential information. In this case, they are using these techniques to deploy ransomware.
Huge T-Mobile Leak
T-Mobile has reported that information from approximately 54 million customer accounts was compromised in a sophisticated cyberattack. Information captured from the attack includes full names, date of births, social security numbers, and driver’s licenses of customers. The attacker has not bothered to ransom the company since they already have buyers for the treasure trove of information, going at 6 bitcoins. T-Mobile is offering two years of free identity protection services to anyone affected.
ProxyShell Exploitation on Exchange Servers
CISA has warned that threat actors are actively exploiting ProxyShell vulnerabilities on Microsoft Exchange Servers. The vulnerabilities, tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, could allow attackers to execute arbitrary code on vulnerable systems. Organizations are advised to identify vulnerable systems and apply Microsoft’s Security Update from May 2021 to prevent ProxyShell exploitation.
By: David Pinder
IT & Security Consultant
Certified Ethical Hacker (Master)