Hackers are scanning the internet for weaknesses all the time, and if you don’t want your organization to fall victim, you need to be the first to find these weak spots. In other words, you have to adopt a proactive approach to managing your vulnerabilities, and a crucial first step in achieving this is performing a vulnerability assessment.

Read this guide to learn how to perform vulnerability assessments in your organization and stay ahead of the hackers.

Vulnerability assessment tools

Vulnerability assessments are automated processes performed by scanners. This makes them accessible to a wide audience. Many of the scanners are geared towards cybersecurity experts, but there are solutions tailored for IT managers and developers in organizations without dedicated security teams.

Vulnerability scanners come in various types: some excel at network scanning, others at web applications, IoT devices, or container security. If you’re a small business, you’re likely to find a single vulnerability scanner covering all or most of your systems. However, larger companies with complex networks may prefer to combine multiple scanners to achieve the desired level of security.

images from Hacker News

Bad actors with suspected ties to China have been behind a wide-ranging cyberespionage campaign targeting military organizations in Southeast Asia for nearly two years, according to new research.

Attributing the attacks to a threat actor dubbed “Naikon APT,” cybersecurity firm Bitdefender laid out the ever-changing tactics, techniques, and procedures adopted by the group, including weaving new backdoors named “Nebulae” and “RainyDay” into their data-stealing missions. The malicious activity is said to have been conducted between June 2019 and March 2021.

“In the beginning of the operation the threat actors used Aria-Body loader and Nebulae as the first stage of the attack,” the researchers said. “Starting with September 2020, the threat actors included the RainyDay backdoor in their toolkit. The purpose of this operation was cyberespionage and data theft.”

Naikon (aka Override Panda, Lotus Panda, or Hellsing) has a track record of targeting government entities in the Asia-Pacific (APAC) region in search of geopolitical intelligence. While initially assumed to have gone off the radar since first exposed in 2015, evidence emerged to the contrary last May when the adversary was spotted using a new backdoor called “Aria-Body” to stealthily break into networks and leverage the compromised infrastructure as a command-and-control (C2) server to launch additional attacks against other organizations.

images from Hacker News

A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind the operation to harvest and exfiltrate sensitive information from infected systems.

Dubbed “RotaJakiro” by researchers from Qihoo 360 NETLAB, the backdoor targets Linux X64 machines, and is so named after the fact that “the family uses rotate encryption and behaves differently for root/non-root accounts when executing.”

The findings come from an analysis of a malware sample it detected on March 25, although early versions appear to have been uploaded to VirusTotal as early as May 2018. A total of four samples have been found to date on the database, all of which remain undetected by most anti-malware engines. As of writing, only seven security vendors flag the latest version of the malware as malicious.

images from Hacker News

Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research.

The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious.

“The biggest risk for the targeted companies and individuals is the fact that security solutions still have a lot of problems with detecting malicious Excel 4.0 documents, making most of these slip by conventional signature based detections and analyst written YARA rules,” researchers from ReversingLabs said in a report published today.

images from Hacker News

Cybersecurity researchers on Wednesday disclosed a new bypass vulnerability (CVE-2021-23008) in the Kerberos Key Distribution Center (KDC) security feature impacting F5 Big-IP application delivery services.

“The KDC Spoofing vulnerability allows an attacker to bypass the Kerberos authentication to Big-IP Access Policy Manager (APM), bypass security policies and gain unfettered access to sensitive workloads,” Silverfort researchers Yaron Kassner and Rotem Zach said in a report. “In some cases this can be used to bypass authentication to the Big-IP admin console as well.”

Coinciding with the public disclosure, F5 Networks has released patches to address the weakness (CVE-2021-23008, CVSS score 8.1), with fixes introduced in BIG-IP APM versions 12.1.6, 13.1.4, 14.1.4, and 15.1.3. A similar patch for version 16.x is expected at a future date.

“We recommend customers running 16.x check the security advisory to assess their exposure and get details on mitigations for the vulnerability,” F5 told The Hacker News via email. As workarounds, the company recommends configuring multi-factor authentication (MFA), or deploying an IPSec tunnel between the affected BIG-IP APM system and the Active Directory servers.

images from Hacker News