Ransomware for Vulnerable Exchange Servers per The Hacker News
We knew this was coming. There were warnings sounded by CISA, the FBI and more. Microsoft researchers have identified “DearCry”, “human operated ransomware” that leverages the recent MS Exchange vulns known as ProxyLogon. At this point, there are wise and rightly jaded sources describing this event as far worse than SolarWinds. At the least expect to find evidence of compromise for on-prem boxes and at worst … expect to be compromised beyond the defined exposure.
That Verkada Camera Incident again illustrates how IoT is insecure per Malware Bytes blog
A member of a Swiss hacking collective sought to make a point about too much surveillance by hacking into Verkada camera feeds. They were successful and accessed a whole bunch of camera feeds – because they were able to find an admin credential publicly online that gave them “super admin” rights to access “any camera, belonging to any of the company’s clients”. Yes. You read that right.
Basic good practices in security involve limiting access and privilege- the rule of least privilege because this is what can happen if you don’t have checks and balances in place. But as we keep discovering with IoT, security gets lip service if it is even an afterthought.
UPDATE: OVH datacenter fire. This was an enormous event with a lot of fallout. OVH is the largest host provider in Europe and third largest globally. A UPS unit, or uninterruptible power supply, that had been serviced that morning is now being looked at as possibly having caused the fire. Good time to make sure your DRP and BCP factor in events like this. And your UPSs are in good shape.