#AxisOfEasy 241: New SpringShell Vulnerability Targets Nearly A Fifth Of Global Organizations


Weekly Axis Of Easy #241


Last Week’s Quote was   “Our knowledge can only be finite, while our ignorance must necessarily be infinite.” by Karl Popper.  Our winner is:  Jim!!! Congrats!

This Week’s Quote:  “It is so easy to be wrong-and to persist in being wrong-when the costs of being wrong are paid by others.” …by ???

THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.

 


This is your easyDNS #AxisOfEasy Briefing for the week of April 11th, 2022, wherein our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy. 
 
In this issue:
  • How to secure your digital privacy and security with this curated checklist 
  • It is happening: CashApp breach
  • Darknet ‘Hydra’ takedown by German police 
  • New SpringShell vulnerability targets nearly a fifth of global organizations
  • Human rights defenders’ iPhones were compromised by Pegasus spyware weeks after Apple sued NSO
 
Elsewhere online:
  • Elon Musk will be appointed to the board of directors of Twitter
  • Log4Shell serves as a rootkit deployment mechanism for Chinese hackers on VMware Horizon servers
  • A ransomware gang leaks files stolen from industrial giant Parker Hannifin
  • Cybercrime is on the rise in the US, according to several alarming reports
  • Researchers Trace Widespread Espionage Attacks Back to Chinese ‘Cicada’ Hackers
 

How to secure your digital privacy and security with this curated checklist

We live in a dangerous digital world where hackers, cyber stalkers, and government agencies lurk everywhere. Anyone with your email address and phone number can steal your data or target you for their gain. Regardless of how much you actively protect your data, there will always be ways to get around basic security measures. To paraphrase Alan Kay, the security we currently have is illusionary.

Cybercriminals, governments, and corporations are violating users’ privacy, according to Github user, Lissy93. They stated that to stay protected from the growing risks associated with the war on data, online users should maintain the highest level of digital security to safeguard their private information.

That’s why they have created their ultimate personal security checklist. This checklist describes some of the steps users can take to increase their digital safety and privacy, from authentication to physical security.

Read: https://github.com/Lissy93/personal-security-checklist


It is happening: CashApp breach

On April 4, 2022, the Securities and Exchange Commission (SEC) announced that tech giant Block had suffered a security breach by a former employee. On December 10, 2021, this insider reportedly downloaded reports from Cash App that contained some U.S. customer information. The company behind the mobile payment service said that, apart from names, no other “personally identifiable information” was accessed. Still, they refused to say how many customers have been affected by this breach.

According to the filing, the employee had regular access to these reports as part of their responsibilities. However, in this case, the insider could access these reports without permission and after their employment had ended.

Why would a former employee still have access to this data? It’s unclear, and Block has refused to answer this question.

The company, known before as Square, launched an internal investigation four months later. It notified approximately 8.2 million current, and former customers in the U.S. Users outside the U.S. were unaffected.

Cash App spokesperson Danika Owsley told TechCrunch in a statement: “At Cash App, we value customer trust and are committed to the security of customers’ information,” She also said that they are currently strengthening administrative and technical safeguards to protect the information and have already taken the necessary actions to remediate this issue.

Read:
https://techcrunch.com/2022/04/05/block-cash-app-data-breach/?&web_view=true


Darknet ‘Hydra’ takedown by German police

Last Tuesday, the Bundeskriminalamt (BKA), Germany’s Federal Criminal Police Office, announced that the darknet was shut down. Hydra was known as the world’s largest illegal marketplace; it was launched in 2015 as a competitor for the Russian Anonymous Marketplace; it was written in Russian and dedicated to the trafficking of narcotics, forged documents, and stolen credit cards.

After a long and extensive investigation directed by the German Central Office for Combating Cybercrime (ZIT) in partnership with U.S. law enforcement, the shutdown of Hydra was possible. The research also found that the marketplace had facilitated over $5 billion in Bitcoin transactions: “Bitcoins amounting to currently the equivalent of approximately €23 million were seized,” the BKA said in a press release. The website has approximately 17 million customer accounts and over 19,000 seller accounts and uses a Bitcoin Bank mixer that makes it almost impossible to track the cryptocurrency.

This is a significant success story for cyber security authorities; just Hydra’s annual transaction volumes are estimated to have crossed $1.6 billion by the end of 2021; shutting down illegal marketplaces like this one means taking down incredible profitable cyber-crime activity. The closedown is part of a wave of recent law enforcement actions against this illicit marketplace.

Read:
https://thehackernews.com/2022/04/germany-shuts-down-russian-hydra.html


New SpringShell vulnerability targets nearly a fifth of global organizations

Security researchers have observed tens of thousands of attempts to exploit a critical new SpringShell vulnerability coded as CVE-2022-2296. During the first four days of its exposure, Check Point researchers recorded 37,0000 SpringShell exploitation attempts, meaning that around 16% of global organizations were affected.

In the open-source Spring Framework, three vulnerabilities were found late last week, the most serious of which is the Spring4Shell, an RCE bug in the Spring Core framework. Among the indications of the severity of Spring4Shell is the inclusion of the vulnerability in CISA’s growing Known Exploited Vulnerabilities Catalog, which obligates all federal agencies to patch it within a specific period.

Concerns were raised when the three CVEs were disclosed last week. It was thought to be as severe as the Log4Shell bug discovered in the previous year, but the conditions necessary to exploit these vulnerabilities make this an unlikely scenario.

Regarding this issue, Microsoft says that to defend its cloud infrastructure and services better, it monitors attacks on them regularly. “Since the Spring Core vulnerability was announced, we have been tracking a low volume of exploit attempts across our cloud services for Spring Cloud and Spring Core vulnerabilities,” said the company.

Read: https://www.infosecurity-magazine.com/news/fifth-global-firms-targeted/


Human rights defenders’ iPhones were compromised by Pegasus spyware weeks after Apple sued NSO

New evidence shows that a government official had hacked into an Apple iPhone using Pegasus spyware from NSO Group mere weeks after Apple sued the company in a US court for using the software to “harm individuals.” The phones of four Jordanian human rights defenders and journalists were hacked by government agencies between August 2019 and December 2021, according to a report released on Tuesday by Citizen Lab at the University of Toronto and Front Line Defenders (FLD).

This shows that NSO’s Pegasus spyware users could still infect iPhones with the company’s spyware despite Apple’s suit against NSO and its parent company.

“The fact that the targeting we uncovered happened after the widespread publicity around Apple’s lawsuit and notifications to victims is especially remarkable; a firm that truly respected such concerns would have at least paused operations for government clients, like Jordan, that have a widely publicized track record of human rights concerns,” says the report.

Jordan’s National Center for Cyber Security categorically denied the findings in response to the report. It said the country had not worked with any agents who would spy on citizens’ phones. For NSO’s part, no comment was offered on the findings, but a spokesperson said monitoring dissidents, activists, and journalists by NSO’s clients was a “serious misuse” of its product.

In the report, several Jordanians were named whose phones had been hacked using Pegasus, including Ahmed al-Neimat, currently in prison for a case related to protests at the al-Salt state hospital. Several of the hospital’s patients died due to a lack of oxygen. Researchers found that a lawyer representing activists in Jordan was hacked at least 21 times between August 2019 and July 2021.

Read: https://www.theguardian.com/world/2022/apr/05/apple-iphone-pegasus-spyware-nso-group-israel-jordan


Elsewhere online:

Elon Musk will be appointed to the board of directors of Twitter

Read:https://www.theverge.com/2022/4/5/23011256/elon-musk-twitter-board-of-directors-ownership


Log4Shell serves as a rootkit deployment mechanism for Chinese hackers on VMware Horizon servers

Read:https://thehackernews.com/2022/04/chinese-hackers-target-vmware-horizon.html


A ransomware gang leaks files stolen from industrial giant Parker Hannifin

Read:https://www.securityweek.com/ransomware-gang-leaks-files-stolen-industrial-giant-parker-hannifin?&web_view=true


Cybercrime is on the rise in the US, according to several alarming reports

Read:https://www.digitalinformationworld.com/2022/04/new-alarming-reports-say-us-is-leading.html 


Researchers Trace Widespread Espionage Attacks Back to Chinese ‘Cicada’ Hackers

Read:https://thehackernews.com/2022/04/researchers-trace-widespread-espionage.html?&web_view=true




Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:



 

 

 

 

3 thoughts on “#AxisOfEasy 241: New SpringShell Vulnerability Targets Nearly A Fifth Of Global Organizations

Leave a Reply

Your email address will not be published. Required fields are marked *