SAN MATEO, CA, October 24, 2022 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.
- “Text4Shell” Apache Commons Text vulnerability actively exploited
- Improper Meta Pixel usage results in health system breach
- Microsoft exposes customer data in Azure Blob Bucket misconfiguration
- Hackers using new PowerShell backdoor for espionage
- SIM swapping attack results in Verizon prepaid customer breach
- Bulgarian government websites suffer Russian DDoS attacks
- Nearly 900 servers hacked using Zimbra zero-day flaw
- Australia’s Optus cyberattack results in passport complications
“Text4Shell” Apache Commons Text vulnerability being actively exploited
Hackers have begun exploiting a flaw in WordPress via Apache Commons Text, according to researchers at Wordfence. Dubbed “Text4Shell” due to its similarity to Log4Shell, when executed, the exploit can allow a hacker to pave the way for large-scale attacks through the launching of arbitrary code on vulnerable systems. Users of Apache Commons Text are urged to upgrade to the newest version. Read more.
Improper Meta Pixel usage results in health system breach
Advocate Aurora Health (AAH) has notified patients across its 26 hospitals that their data has been exposed due to the use of Meta Pixel on the healthcare system’s websites. Meta Pixel tracks site users to help administrators determine how to make improvements. Still, it also sends data to Meta so the social media giant can show people targeted ads via Facebook. The improper use of Meta Pixel on hospital portals and websites means that protected health information is delivered to Meta, violating patients’ rights. AAH has disabled Meta Pixel from its websites and has provided a list of the patient data that has been potentially exposed. Read more.
Microsoft exposes customer data in Azure Blob Bucket misconfiguration.
Stemming from a misconfigured Azure Blob Bucket, Microsoft has admitted that it accidentally exposed business transaction data that unauthorized actors could have accessed. The data included names, email addresses, phone numbers, and files related to current and prospective business transactions. Security researchers at SOCRadar reported that as many as 65,000 entities worldwide were affected, but Microsoft claims that this number is exaggerated. Microsoft fixed the misconfiguration hours after being made aware of it. Read more.
Hackers using new PowerShell backdoor for espionage
Initially not flagged as malicious by antivirus software, a new PowerShell backdoor used by hackers has been deemed designed for data exfiltration and espionage. The attack begins with a phishing email modeled after a LinkedIn job application that contains malicious macros. The macros create a task that mimics a routine Windows update but instead executes two PowerShell scripts. Read more.
SIM swapping attack results in Verizon prepaid customer breach
Verizon has notified its prepaid customers that hackers had used exposed credit card data to gain access to their accounts and make an unauthorized change to their SIM data. Verizon has reportedly blocked further access to customer accounts and has not seen evidence suggesting the attack is continuing. The attack seems to be contained to around 250 user accounts. Read more.
Bulgarian government websites suffer Russian DDoS attacks.
Several websites associated with the Bulgarian government were at the receiving end of widespread DDoS attacks that disabled them. KillNet, a Russian hacker gang that has recently become more of a pro-Kremlin hacktivist organization, has claimed credit for the attacks, which are surely in response to Bulgaria’s support of Ukraine and their willingness to accept Ukrainians fleeing Russia’s attacks. Read more.
Nearly 900 servers were hacked using Zimbra zero-day flaw.
A flaw within Zimbra Collaboration Suite that was left unpatched for almost a month and a half has led to almost 900 servers being hacked. The vulnerability allows even low-skilled hackers to send emails containing malicious web shell planting code in the ZCS server while skirting antivirus protections. Researchers at Kasperksy report that a range of APT groups has been at work exploiting the flaw. Read more.
Australia’s Optus cyberattack results in passport complications
Customers of Australian telecom Optus continue to feel the effects of a massive cyberattack against the company that exposed the personal data of over 100,000 customers. Optus informs customers that their passports can no longer be used as online identification after the company asks the federal government to block them. Customers are displeased at Optus’s handling of the passport situation, as many use it as their primary form of ID, with some taking issue with the fact that Optus informed them of this development via an email sent on a Friday evening. Read more.
More cybersecurity news
- Last week’s news
- All cybersecurity news and articles are brought to you by NetworkTigers.