Daily Perk 3/22/2021

It’s Monday. Again

MS Exchange Servers and BlackKingdom ransomware : Per Bleeping Computer,

This weekend security researcher Marcus Hutchins reported seeing a threat actor run a script to compromise all Exchange servers vulnerable to ProxyLogon. It dropped a Black KingDom ransomware note but did not encrypt anything.

However, Michael Gillepsie of ID Ransomware claims he’a seen 30 unique submissions to his system and device encryptions. Also of note is that back in 2020 corporate networks were being targeted via Pulse VPN vulnerabilities and hit with ransomware known as BlackKingdom, and it’s being determined if these are the same. Stay tuned and more importantly – stay vigilant!

Patch It! Critical vulnerability in Apache OFBiz per The Hacker News

This particular Apache product is “a Java-based web framework” for automating open source enterprise resource planning systems or ERP. I’m guessing there’s a lot out there. CVE-2021-26295 can allow for remote code execution by unauthorized parties via unsafe deserialization in the attack. Deserialization exploits do bad things with data integrity.

This vulnerability affects versions before 17.12.06 so upgrade asap. Please! Because we all recall what happened to unpatched Apache Struts vulnerabilities! Cough – Equifax – cough.

Keep Watch: Active exploits against BIG-IP by F5 ongoing. If you aren’t patched, assume compromise. Seriously 😐

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s