News Items

The ProxyShell vulnerabilities in Microsoft Exchange remain a problem for enterprises as attackers have been increasing their scanning for and exploitation of the bugs. In some cases, they have been installing ransomware. Microsoft released patches for them in April, but the fixes were not disclosed until July. The three bugs that make up the ProxyShell issue could lead to arbitrary code execution. There have been active attempts at exploiting these flaws all summer. However, there has recently been an increase in scanning and some new exploitation techniques. Attackers primarily exploit the vulnerabilities and then install a webshell, which is a small piece of code that remains on the compromised server and can be used for persistence. Recent attacks' post-exploitation activity has included the installation of the LockFile ransomware, the LemonDuck malware and cryptominer, and other pieces of malware. This activity follows the installation of a webshell. This article continues to discuss the recent escalation of ProxyShell attacks.

Decipher reports "ProxyShell Attacks Escalate"

Researchers at NTT Application Security found that the average time to fix high severity application security flaws has increased by ten days in just a month. Although it found the "time to fix" had dropped overall by two days, from 202 days to 200 days, for high severity vulnerabilities, it increased from 246 days last month to 256 days in this month's analysis. The report found that utilities and retail firms, in particular, were performing poorly. The researchers stated that applications in the utility space continue to suffer from the high window of exposure, with 67% of applications having at least one serious exploitable vulnerability throughout the year. The researchers also stated that vulnerable applications are an increasingly dangerous vector for embedding ransomware and enabling supply chain attacks. The top five vulnerability types by volume were HTTP response splitting, query language injection, cross-site scripting (XSS), cross-site request forgery, and remote file inclusion. The researchers noted that the top five vulnerability types remain unchanged from previous months, indicating a "systemic failure" to address well-known security issues.

Infosecurity reports: "Time to Fix High Severity Apps Increases by Ten Days"

A security researcher has disclosed a zero-day vulnerability in the device installer software for Razer peripherals. This vulnerability can allow a malicious actor to gain Windows administrator privileges just by plugging in a Razer mouse or keyboard. When plugging in a Razer device, the Windows 10 or 11 operating system will automatically download and start installing the Razer Synapse software, which allows users to configure hardware devices, set up macros, and more. Razer Synapse software is said to be used by more than 100 million users globally. With SYSTEM privileges, an attacker can take complete control over a system and install whatever they want, such as malware. Researchers at BleepingComputer tested the vulnerability and confirmed that it took them around two minutes to gain SYSTEM privileges after plugging in a Razer mouse. Since this is a Local Privilege Escalation (LPE) vulnerability, its exploitation does require an attacker to have a Razer device and physical access to a computer. However, the exploitation of this vulnerability is easy as an attacker only needs to purchase a Razer mouse on Amazon for $20 and plug it into a Windows 10 machine to become an administrator. This article continues to discuss the potential exploitation and impact of the Razer software bug.

BleepingComputer reports "Razer Bug Lets You Become a Windows 10 Admin by Plugging in a Mouse"

Cyber experts warn that Chinese tech giant Tuya's IOT products may be a high security risk. Tuya makes products that have been incorporated into many of today's, smart devices including smart TVs, smart home security camera, home thermostats and appliances--even smart pet feeders. Many of the products that make them smart are provided by Tuya currently installed in over 116 million smart devices. Over 5000 brands have incorporated Tuya's tech into their devices. Tuya falls under a new Chinese law that requires company to turn over any and all collected when the government request it. And Tuya has been collecting a lot of personal information from their devices. This raises both privacy and security concerns. There are currently proposals in congress limiting the expansion of Tuya in the U. S. marketplace.

VOA reports "Cybersecurity Experts Worried by Chinese Firm's Control of Smart Devices"

In January, students at Brooklyn Technical High School reportedly stumbled across a Google Drive containing documents uploaded by staff and students at schools across New York City. Among the documents were college recommendation letters, classwork, and parent-teacher conference sign-up sheets. The students could access the files because of a quirk in the school's education department's Google Drive sharing settings. A hidden setting automatically allowed anyone with an email address provided by the education department to search for files in Google Drive. After making the discovery, the students arranged a meeting with a senior staff member at their school and used a PowerPoint presentation to walk them through the data breach. After the meeting, the students thought the issue would get taken care of, but when they rechecked the Google Drive in March, they found that even more documents were now accessible. This time, the students could view a school's payroll document that contained teachers' salary information, Social Security numbers, phone numbers, and addresses. On March 18, the students notified three officials at the city's education department of the data breach via email. Earlier this month, the department confirmed a data leak that impacted approximately 3,000 students and 100 employees. The department stated that confidentiality laws prevented them from confirming that this leak was linked to the data breach reported by the Brooklyn Tech students in March.

Infosecurity reports: "NYC Teachers' Social Security Numbers Exposed"

White Hacker returns millions in cryptocurrency hacked from Poly Network last week. The company has decided to offer the hacker a $500K bug bounty. The white hat hacker had stated that he/she had initiated the hack for fun--and was motivated to demonstrate a vulnerability in the company's software. Some companies are offering bug bounties to help identify problems with the systems. The hacker seemed to have used a weakness in the digital contracts that Poly Networked needed to move assets between customer blockchains.

Reuters reports "Crypto Platform Poly Network Rewards Hacker with $500,000 'Bug Bounty'"

The Coast Guard Cyber Command, Maritime Cyber Readiness Branch issued an alert to the Maritime community, recommending that they examine their systems to determine if they have BlackBerry QNX versions 6.5 or below, or any of the other products recently identified and listed by the U.S. Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) in ICSA-21-119-04. The recent public disclosure of the BadAlloc vulnerability in BlackBerry QNX versions 6.5 or earlier, calls on organizations to be on alert for threats and vulnerabilities facing the cyber landscape. BadAlloc refers to a family of vulnerabilities found in embedded Internet of Things (IoT) and Operational Technology (OT) operating systems and software. The exploitation of these vulnerabilities could allow attackers to deny system availability, exfiltrate data, and more. This article continues to discuss Maritime Cyber Alert 02-21, as well as the potential impact of the BadAlloc vulnerability.

HSToday reports "Maritime Cyber Alert: 'BadAlloc' Critical Vulnerability"

The U.S. Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has shared guidance on how government and private sector organizations could prevent data breaches caused by ransomware attacks. CISA's guidance covers best practices for preventing ransomware attacks and protecting sensitive and personal information from being exfiltrated by the malicious actors behind these attacks. CISA recommends that organizations use firewalls, implement network segmentation, and more to prevent ransomware gangs from gaining access to sensitive or personal information belonging to customers or employees. In addition to the advice on preventing ransomware attacks, CISA says that at-risk organizations should consider practices such as mitigating Internet-facing vulnerabilities, reducing the risk of phishing emails from reaching end users by using strong spam filters, enabling Multi-Factor Authentication (MFA), and using up-to-date anti-malware solutions. The guidance provided by CISA also includes additional information on how organizations could defend against and respond to ransomware attacks. This article continues to discuss CISA's guidance on protecting sensitive and personal information from ransomware-caused data breaches and other efforts to fend off the growing ransomware threat.

Bleeping Computer reports "CISA Shares Guidance on How to Prevent Ransomware Data Breaches"

A government inspector has heavily criticized the US Census Bureau after a 2020 breach which could have been prevented by prompt patching. Although the attacker could not access servers used for the 2020 census, they could modify user account data to prepare for remote code execution, according to the US Office of Inspector General (OIG) report. Fortunately, the attacker's attempt to maintain access to the system by creating a backdoor was unsuccessful, thanks to the Bureau's firewalls. The inspector report highlighted a string of failures by the Bureau, which directly led to the attack and complicated incident response efforts. Firstly, the Bureau failed to patch a critical vulnerability on its remote access servers that was exploited by the attacker, despite the vendor publishing a fix more than three weeks earlier. Secondly, the Bureau failed to promptly discover and report the incident because its SIEM was not set up to analyze suspicious activity in real-time. That created a delay of two weeks before the incident was detected. Thirdly, an incident investigation was hindered because none of the Bureau's remote access servers sent system logs to its SIEM platform. According to the report, the Bureau also operated servers no longer supported by the vendor and did not prioritize decommissioning these, further exposing it to attacks. Finally, the Census Bureau didn't hold a formal "lessons learned" session with incident responders and other stakeholders to improve their processes in preparation for future breaches.

Infosecurity reports: "US Census Bureau Slammed for 2020 Breach"

Most cyberattacks on Internet of Things (IoT) devices are caused by misconfigurations or weak passwords. However, security researchers are concerned about the extensive use of third-party libraries (i.e., collections of code vendors might use in their devices' software). The concern is that if security vulnerabilities are present in these libraries, they would also affect every vendor who uses them. This could result in a large number of IoT devices being affected by vulnerabilities in libraries commonly used among vendors. Researchers at Carnegie Mellon University's CyLab recently presented a new study at the USENIX Security Symposium in which they examined 122 different IoT firmware for 27 different smart home devices released over the span of eight years. The goals of the study were to learn the pervasiveness of device vendors' use of common libraries, whether these libraries are updated to patch vulnerabilities, and whether there were significant delays in patching them. The study found that vendors do not frequently update libraries, and they use outdated versions most of the time. Some libraries were discovered to be hundreds of days behind in applying publicly available, critical security patches. The team proposed a new system named "Capture" to help address the challenge of mismanaged libraries. Capture enables devices on a local network, such as a single home Wi-Fi network, to use a centralized hub with libraries that are kept updated. According to the CyLab researchers, Capture would make a home's collection of smart devices always run, using secure and updated libraries. Testing of the system showed that several example IoT devices could be modified to use Capture with little change in their performance. This article continues to discuss the capabilities and limitations of the new software architecture Capture proposed by CyLab researchers to help protect IoT devices from using code from vulnerable software libraries, as well as the study behind this system.

CyLab reports "'Capture' Your IoT Devices and Improve Their Security"

The third Biannual ICS Risk and Vulnerability Report released by the industrial cybersecurity company Claroty reveals a significant increase in the disclosure of ICS vulnerabilities in the first half of 2021 compared to the previous six months. Claroty's report provides insight into the ICS vulnerabilities publicly disclosed during the first half of 2021, including those discovered by the company's research team and those from the National Vulnerability Database (NVD), the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), Schneider Electric, and more. Amir Preminger, vice president of research at Claroty, stresses that the growing modernization of industrial processes through the connection to the cloud gives threat actors more ways to compromise industrial operations via ransomware and extortion attacks. Recent cyberattacks launched against Colonial Pipeline, JBS Foods, and the Oldsmar, Florida water treatment facility showcased the fragility of Internet-exposed critical infrastructure and manufacturing environments, and also inspired security researchers to explore ICS more. One of the key findings shared in Claroty's report is the classification of 71 percent of the ICS vulnerabilities as high or critical. Another finding is that 61 percent of the ICS vulnerabilities are remotely exploitable, emphasizing the importance of strengthening the security of remote connections, Internet of Things (IoT) systems, and Industrial IoT (IIoT) devices. This article continues to discuss additional key findings from Claroty's Biannual ICS Risk and Vulnerability Report.

PR Newswire reports "Security Researchers Reveal Staggering Magnitude of ICS Vulnerabilities in 2021 as Cyber Attacks on Critical Infrastructure Increase"

The security vendor Proofpoint commissioned the Ponemon Institute to poll nearly 600 IT and IT security practitioners to compile its latest Cost of Phishing study. The researchers found that the average cost of phishing for large US organizations has soared by 289% over the past six years, with firms now losing nearly $15m annually. The survey revealed that the average large US organization loses $14.8m per year to phishing-related cybercrime, up from $3.8m in 2015 and calculated at $1500 per employee. The researchers claimed that ransomware costs large organizations $5.7m annually, while BEC accounts for $6m. The FBI recorded total BEC losses of $1.8 billion from reported incidents in 2020. According to Proofpoint researchers, the cost of resolving malware infections has doubled since 2015, from $338,098 to $807,506. The researchers also found that the average cost to contain initial credential phishing compromises increased from $381,920 in 2015 to $692,531 in 2021, with companies typically experiencing over five of these incidents each year.

Infosecurity reports: "Phishing Costs Surge to $15m Annually for US Organizations"

Researchers at FireEye's threat intelligence and incident response unit Mandiant have discovered a software flaw that leaves millions of Internet of Things (IoT) devices vulnerable to remote attacks. Hackers could use this vulnerability to intercept audio and video data on devices, such as baby monitors and web cameras. The vulnerability exists in a software protocol made by the Taiwan-based IoT vendor ThroughTek. This vendor's customers include the Chinese electronics giant Xiaomi. According to ThroughTek, 83 million devices of other brands use its software. An attacker would need to have comprehensive knowledge of the software as well as the unique identifiers used by the targeted device in order to exploit the flaw. This access could allow a hacker to communicate with devices remotely, thus potentially leading to follow-on hacks. The U.S. Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) plans to issue a public advisory about the security bug. An employee at ThroughTek's Product Security Incident Response Team said customers affected by the vulnerability were notified and advised on how to minimize the security risks posed by it. The way in which the ThroughTek protocol is integrated by original equipment manufacturers (OEMs) and resellers, makes it difficult to determine the actual number of affected devices. Mandiant calls on users to update their software and take extra steps to mitigate the risk of the vulnerability being exploited by malicious actors. This article continues to discuss the software bug exposing millions of IoT devices to attacks, the ongoing struggle to secure IoT devices, and efforts to require IoT vendors to follow minimum security standards.

CyberScoop reports "Mandiant, CISA Urge ThroughTek Customers to Fix Software Bug in Millions of Baby Monitors, Cameras"

Colonial Pipeline had reportedly admitted that nearly 6000 individuals might have had their personal information compromised by ransomware attackers when they struck earlier this year. The fuel pipeline operator, which was crippled by the attack in May, confirmed to CNN Business that it had begun sending out breach notification letters to 5810 victims. Most of those affected are thought to be current and former employees and family members. The compromised information is believed to include names, contact information, birth dates, Social Security numbers, driver's license details, military ID numbers, and health insurance information.

Infosecurity reports: "Colonial Pipeline Reportedly Admits Data Breach"

The implementation of Two-Factor Authentication (2FA) has become a necessity as the use of usernames and passwords alone is not enough to securely access online services. 2FA provides an extra layer of security to the username/password system. Studies have shown that users, who enabled 2FA, ended up blocking nearly 99.9 percent of automated attacks. However, as with any cybersecurity solution, attackers have come up with ways to evade this authentication method. Through the one-time codes sent as an SMS to a user's smartphone, hackers can bypass 2FA. Although this has been proven possible, many critical online services still use SMS-based one-time codes. Microsoft and other major vendors have encouraged users to abandon solutions leveraging SMS and voice calls. SMS is known to have poor security that increases vulnerability to various attacks. In a SIM swapping attack, an attacker calls the victim's mobile service provider. The attacker impersonates the victim and requests to port-out the phone number to a different carrier or a new SIM card. When the port-out is complete, the phone number activates on the attacker's SIM card, allowing them to send and receive messages, and make calls as the victim. There are also readily available tools such as Modlishka that attackers can use to compromise SMS-based one-time codes. Modlishka can intercept communication between a genuine service and a victim, as well as track and record the victim's interactions with the service, including the login credentials they use. Researchers at Deakin University have also found additional vulnerabilities in SMS-based 2FA. One of their experiments revealed that an attacker could remotely access a user's SMS-based 2FA using a popular app designed to synchronize users' notifications across different devices. This article continues to discuss the problem with SMS-based 2FA methods, the need for more work on secure authentication methods, and the need to move methods beyond 2FA towards a Multi-Factor Authentication (MFA) environment.

The Conversation reports "How Hackers Can Use Message Mirroring Apps to See All Your SMS Texts -- And Bypass 2FA Security"

The annual Emerging Professionals in the Intelligence Community (EPIC) App Challenge welcomes corporate and individual contestants to demonstrate their analysis and critical thinking skills to technical leaders and senior executives in the Intelligence Community. The Challenge is sponsored by Microsoft and hosted by AFCEA and the Intelligence and National Security Alliance (INSA). The 2021 EPIC App Challenge has broadened the opening of acceptable solutions to include not only custom software applications but also demonstrations of security methods and digital forensics. Previous EPIC competitions focused only on developing software applications to address specific and relatively narrow national security technology challenges. However, the severity, complexity, and frequency of state and non-state cyberattacks call on the areas of focus to be changed. This year's Challenge aims to identify potential attacks, describe the attacks, demonstrate defenses against them, and more. This article continues to discuss the objective, requirements, and structure of the EPIC App Challenge.

HSToday reports "Annual EPIC App Challenge Invites Contestants to Showcase Cyber Defense Skills"

A large cache of criminal case data belonging to the Dallas Police Department (DPD) is thought to have been lost forever. About 22 terabytes of data went missing from the DPD computer database when data was migrated from an online, cloud-based archive to a server in April at the city's data center. The data that disappeared included images, video, audio, case notes, and other information gathered by police officers and detectives in relation to cases before July 28, 2020. The quantity of information lost is considerable since one terabyte can store as many as six million documents and 250,000 images. In a memo, district attorney John Creuzot said that it was "too soon to estimate how many cases will be affected and what the impact will be on those individual cases." City information technology officials first noticed the absence of the case data on April 5. However, the district attorney's office was not notified of the loss until August 6. Amanda Branan, the president of the Dallas Criminal Defense Lawyers Association, stated that it is concerning that it took four months for the Dallas Police Department to inform the district attorney of the loss of the data. Dallas PD attributes the data's permanent departure to the actions of a single city IT employee who it says "failed to follow proper, established procedures" while performing the data migration. Dallas PD stated that approximately 14 of the 22 terabytes of data lost have since been recovered. Dallas Mayor Eric Johnson is calling for the Dallas City Council to launch an investigation into the data loss.

Infosecurity reports: "Dallas Loses 8TB of Criminal Case Data"

Education and training are essential to strengthening passwords and safeguarding personal online accounts from cyberattacks. Although children may seem more technologically advanced, they still face the same cybersecurity threats as adults. Researchers at the National Institute of Standards and Technology (NIST) conducted a study in which they surveyed children from grades 3 through 12 to gain insight into what kids understand about passwords and their behavior when creating and using them. According to the study, children are learning best practices, such as memorizing passwords. However, there is a gap between their knowledge of good password practices and their behavior. The researchers surveyed over 1,500 kids from ages 8 to 18 who are students at schools in the South, Midwest, and Eastern regions of the U.S. Two versions of the survey were administered by their teachers, one for third to fifth graders and the other for sixth to twelfth graders, with each survey featuring the same questions but with different age-appropriate language. Results from the study revealed that kids are learning best practices on passwords, such as limiting their writing of passwords down on paper, keeping their passwords private, and logging out after an online session. They were also not found to be as burdened with many passwords as adults are, with kids on average saying they have two passwords for school and two to four for home. Despite there being evidence that kids are learning best practices, they have also demonstrated bad password habits like reusing passwords and sharing passwords with their friends. The bad habit of reusing passwords increased in frequency from elementary to high school students. This article continues to discuss the performance, findings, goal, and future of this NIST study.

NIST reports "NIST Study on Kids' Passwords Shows Gap Between Knowledge of Password Best Practices and Behavior"

CyberMDX, a cybersecurity provider focused on protecting Internet Of Things (IoT) devices and medical devices, has announced the release of the Perspectives in Healthcare Security Report, which was done in collaboration with Philips. The report delves into attitudes, concerns, and more, surrounding medical device security and cybersecurity among large and midsize healthcare delivery organizations. Healthcare has been found to be one of the most targeted industries. According to a recent report from HHS, there has been a total of 82 ransomware incidents so far in 2021, with 60 percent of them targeting the U.S. healthcare sector. Azi Cohen, CEO of CyberMDX, stressed that as new threat actors emerge every day, healthcare organizations face an unprecedented level of security challenges. The survey of 130 hospital executives in Information Technology (IT) and Information Security (IS) roles, and BioMed technicians and engineers, provided insight into the current state of medical device security and brought further attention to the challenges faced by healthcare organizations. Almost half of the executives reported a forced or proactive shut down within the last six months due to external attacks or queries. Although healthcare continues to be hit with cyberattacks, over 60 percent of hospital IT teams have "other'' spending priorities, while less than 11 percent say cybersecurity investment is a high priority. Most of the respondents said their hospitals were unprotected from common vulnerabilities such as WannaCry and NotPetya. This article continues to discuss the key findings shared by the Perspectives in Healthcare Security Report.

PR Newswire reports "Perspectives in Healthcare Security Report: Cybersecurity Reality in Hospitals Not Aligned with Perception"

During a new survey conducted by the Neustar International Security Council (NISC), the researchers discovered that nearly half (44%) of organizations had been targeted or fallen victim to a ransom-related distributed denial of service (RDDoS) attack in the past 12 months. Interestingly, during the same period, a lower proportion (41%) of organizations were targeted by a ransomware attack, suggesting cybercriminals are increasingly using DDoS attacks as a means of extorting money from victims. The researchers stated that rather than spending a lot of time and careful planning on infecting an organization's network with malware or ransomware, cyber-criminals are taking an easier approach and using DDoS as a ransom vector. The research indicates that this is an effective ransom tactic. More than half (70%) of organizations hit by RDDoS were targeted multiple times, and 36% admitted they paid the ransom. This compares to 57% of those infected by ransomware being targeted multiple times, with the same proportion (36%) choosing to pay the ransom. The researchers noted that while RDDoS threats have traditionally targeted online industries, attackers are increasingly turning their attention to other sectors, including financial services, government, and telecoms. Worryingly, less than a quarter (24%) of cybersecurity professionals said they were 'very confident' in their organization's knowledge of how to respond to an RDDoS attack. The respondents listed ransomware (70%), DDoS (68%), and targeted hacking (66%) as the most increasing cyberthreats to their organization.

Infosecurity reports: "Attackers Increasingly Turning to DDoS as a Ransom Vector"

A new analysis of threat data reveals that phishing attacks leveraging unvalidated redirects on Google Meet and Google DoubleClick platforms increased by 85 percent between the first and second quarters of 2021. The security vendor GreatHorn reported that most of the attacks were primarily aimed at luring users to sites performing credential harvesting, payment fraud, and auto-downloads of malware. According to the Open Web Application Security Project (OWASP), an unvalidated or open redirect vulnerability stems from the acceptance of untrusted input by a Web application that could result in the Web application redirecting users to another URL. For example, modifying the URL of a site by adding a link to another destination to the end of the original URL can allow an attacker to easily redirect users to websites that they have chosen. OWASP emphasizes that the modification of untrusted input to a malicious site can lead to successful phishing scams and user credential theft. Since the server name in the modified link is the same as the original site, phishing attempts are likely to appear more trustworthy. GreatHorn said its threat intelligence team discovered that attackers are adding a link redirect instruction with a URL to a different destination to the end of Google's actual URL for Google Meet. The attackers have included these redirect links in phishing emails to increase the rate at which recipients click on the URL since the server's name belongs to Google. They have also been adding an advertising URL to the end of the legitimate URL for Google's DoubleClick advertising platform. As the Google platforms accept open redirects, they do not verify the target URL. Therefore, any user who clicks on a link thinking it is a Google domain would be redirected to the malicious one. This article continues to discuss findings surrounding the leveraging of open redirects on Google's sites in a phishing campaign and how organizations can prevent open redirects.

Dark Reading reports "Attacks Leveraging Open Redirects on Google Meet, DoubleClick Surge"

A new study conducted by researchers at Comparitech found that cybercrime costs victims $318bn per annum globally. The researchers made their calculation based on an analysis of cybercrime reports in 67 countries globally for which this information was available in either 2018-19 or 2019-20. The researchers estimated that 71.1 million people fall victim to cybercrime each year, equating to nearly 900 victims per 100,000 people. The average victim lost $4476 per crime, according to the researchers. The countries that experienced the highest losses due to cybercrime were the US ($28bn), Brazil ($26bn), the UK ($17.4bn), and Russia ($15.2bn). The country with the most significant increase in cybercrime was Sri Lanka, where there was a 359% year-on-year rise from 2019 to 2020 (3566 to 16,376 reports). Significant rises in reported cybercrime were also observed in Belarus (176%), Indonesia (140%), Puerto Rico (125%), and Panama (100%). According to researchers, the country with the highest proportion of cybercrime victims was the UK, with 1095 per 100,000 people submitting reports. This was followed by Denmark (514 per 100,000 people), Spain (463 per 100,000 people), Brazil (415 per 100,000 people) and Austria (404 per 100,000 people).

Infosecurity reports: "Cybercrime Costs Victims $318 bn Annually"

Subhajit Bandopadhyay, a post-graduate student at City, University of London's Institute for Cyber Security (ICS), is trying to address the vulnerability of smart cars to hacking and security breaches. Subhajit, under the supervision of Professor Muttukrishnan Rajarajan, Director of the ICS, has been involved in collaborative research aimed at developing SIUV, which is a smart car Identity and Access Management (IAM) system based on Usage Control (UCON) and Verifiable Credentials (VCs). SIUV stems from Subhajit's research paper, co-authored by Professor Rajarajan, Ali Hariri (Huawei Munich Research Center and the University of Trento), and more. Smart cars have become safety-critical and cyber-physical systems that are increasingly exposed to cyber vulnerabilities. SIUV employs Usage Control policies to issue privileges to drivers or applications, such as airbag deployment or speed limit control, based on their credentials or claims. The privileges issued by SIUV are then used to determine whether to grant or deny access to in-car resources. The system also continuously monitors subject claims, resource attributes, and environmental conditions such as time or location. If a change is made, the system can reevaluate policies, provide updates or revoke issued privileges and usage decisions. This article continues to discuss the concept, development, and research behind SIUV.

City, University of London reports "City Ph.D. Researcher Develops a Smart-Car Identity and Access Management (IAM) System"

A series of vulnerabilities called ProxyShell impact at least 30,000 Internet-exposed Microsoft Exchange servers. The ProxyShell vulnerabilities can be chained for unauthenticated remote code execution, thus allowing an attacker to take over an Exchange server. Microsoft released patches for the vulnerabilities in mid-April, and advisories were published for them in May and July. Researcher Kevin Beamont reported that attackers had begun scanning the Internet for vulnerable Exchange servers. He said his Exchange honeypot had recorded attempts to drop files and execute commands. The threat intelligence company Bad Packets has also reported seeing ProxyShell events. A Shodan search by the SANS Institute's Jan Kopriva showed that about 30,000 Exchange servers are vulnerable to the three ProxyShell vulnerabilities. However, Kopriva warned that the number of vulnerable Exchange servers could increase significantly over the coming days since Shodan likely had not scanned the whole Internet by the time he did the search. This article continues to discuss the vulnerability of tens of thousands of Internet-exposed Microsoft Exchange servers to ProxyShell attacks.

Security Week reports "At Least 30,000 Internet-Exposed Exchange Servers Vulnerable to ProxyShell Attacks"