Updated: Dec 24, 2021
In the Spotlight this Week:
Hot Hong Kong NFT project Monkey Kingdom loses USD 1.3 million in hack, exposing security vulnerabilities
Singapore holds emergency meetings with CII sectors over Log4j
Meta sues hackers behind Facebook, WhatsApp and Instagram phishing attacks
FBI: State hackers exploiting new Zoho zero-day since October
Microsoft warns of easy Windows domain takeover via Active Directory bugs
Hot Hong Kong NFT Project Monkey Kingdom Loses USD 1.3 Million in Hack, Exposing Security Vulnerabilities
Popular non-fungible token (NFT) project Monkey Kingdom, founded by entrepreneurs in Hong Kong and promoted by celebrities such as JJ Lin and Steve Aoki, had its group chat hacked, allowing a cyber thief to steal nearly USD 1.3 million worth of cryptocurrencies with a phishing link.
A hacker stole an administrator account of the project’s group chat on Discord, a popular online instant messaging service, and posted a phishing link in the group chat on Tuesday, just as the project kicked off a new sale in earnest. Buyers lost more than 7,000 Solana, a popular cryptocurrency, to the scam, which amounts to nearly USD 1.3 million. The project announced on Twitter that it has earmarked 7,056 Solana for a “compensation fund” to help refund buyers who were scammed by the hack.
Singapore has held emergency meetings with critical information infrastructure (CII) sectors to prepare them for potential threats stemming from the Log4j vulnerability. The country's cyber security agency has issued alerts on the Apache Java logging library flaw and is "closely monitoring" developments. Alerts were sent out to CII sector leads and businesses, instructing them to immediately patch their systems to the latest version. The government agency also was working with these CII representatives to roll out mitigation measures.
CSA said it was in contact with other international agencies and computer emergency response teams (CERTs) of ASEAN member states, to share information on the latest developments on Log4j. It urged organisations affected by the vulnerability to report to SingCERT should they uncover evidence of any compromise.
Facebook's parent company Meta Platforms on Monday said it has filed a federal lawsuit in the Us state of California against bad actors who operated more than 39,000 phishing websites that impersonated its digital properties to mislead unsuspecting users into divulging their login credentials.
The social engineering scheme involved the creation of rogue webpages that masqueraded as the login pages of Facebook, Messenger, Instagram, and WhatsApp, on which victims were prompted to enter their usernames and passwords that were then harvested by the defendants. The tech giant is also seeking USD 500,000 from the anonymous actors. Meta said it had banned four malicious cyber groups for targeting journalists, humanitarian organizations, and anti-regime military forces in Afghanistan and Syria.
The Federal Bureau of Investigation (FBI) says a zero-day vulnerability in Zoho's ManageEngine Desktop Central has been under active exploitation by state-backed hacking groups (also known as APTs or advanced persistent threats) since at least October. The security flaw, patched by Zoho in early December, is a critical authentication bypass vulnerability attackers could exploit to execute arbitrary code on vulnerable Desktop Central servers.
The company advises backing up critical business data, disconnecting impacted network systems, formatting all compromised servers, restoring Desktop Central, and updating to the latest build. If signs of compromise are found, Zoho recommends initiating a password reset "for all services, accounts, Active Directory, etc. that has been accessed from the service installed machine", together with Active Directory administrator passwords.
Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains. The company released security updates to address the two security vulnerabilities (tracked as CVE-2021-42287 and CVE-2021-42278).
Windows admins are urged to update all domain controllers using the steps and information available in the following knowledgebase articles: KB5008102, KB5008380, and KB5008602.
Researchers who tested the PoC said they were able to easily use the tool to escalate privileges from standard Active Directory user to a Domain Admin in default configurations.
Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.