fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

OMIGOD: Microsoft Azure VMs Exploited To Drop Mirai, Miners

OMIGOD: Microsoft Azure VMs Exploited To Drop Mirai, Miners

Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month’s Patch Tuesday.

The four security flaws (allowing privilege escalation and remote code execution) were found in the Open Management Infrastructure (OMI) software agent silently installed by Microsoft on more than half of all Azure instances.

In all, these bugs impact thousands of Azure customers and millions of endpoints, according to Wiz researchers Nir Ohfeld and Shir Tamari, who discovered them.

“With a single packet, an attacker can become root on a remote machine by simply removing the authentication header. It’s that simple,” Wiz researcher Nir Ohfeld said about the CVE-2021-38647 remote code execution (RCE) flaw.

Also Read: How Long Do Employers Keep Employee Records After Termination? 1 Hard Question

“This vulnerability can be also used by attackers to obtain initial access to a target Azure environment and then move laterally within it.”

Actively exploited to drop botnet and cryptomining malware

The first attacks were spotted yesterday evening by security researcher Germán Fernández and were soon confirmed by cybersecurity companies GreyNoise and Bad Packets.

According to GreyNoise’s current stats, attackers are scanning the Internet for exposed Azure Linux VMs vulnerable to CVE-2021-38647 exploits from over 110 servers.

A Mirai botnet is behind some of these exploitation attempts targeting Azure Linux OMI endpoints vulnerable to CVE-2021-38647 RCE exploits, as first spotted by Fernández on Thursday evening.

Digital forensics firm Cado Security also analyzed the botnet malware dropped on compromised systems and found that it also “closes the ports of the vulnerabilities it exploited to stop other botnets taking over the system.”

Also Read: By Attending This Event You Agree To Be Photographed

As security researcher Kevin Beaumont found, other threat actors are targeting OMIGOD-vulnerable Azure systems to deploy cryptominer payloads.

How to secure your Azure VM

While Microsoft has released patched a patched OMI software agent version more than a week ago, the company is still in the process of rolling out security updates to cloud customers who have automatic updates enabled in their VMs.

According to additional guidance Redmond released today, “customers must update vulnerable extensions for their Cloud and On-Premises deployments as the updates become available” per a predefined schedule shared by the Microsoft Security Response Center team.

“New VMs in these regions will be protected from these vulnerabilities post the availability of updated extensions.”

To manually update the OMI agent on your VM, you can also use the built-in Linux package manager:

  • Add the MSRepo to your system. Based on the Linux OS that you are using, refer to this link to install the MSRepo to your system: Linux Software Repository for Microsoft Products | Microsoft Docs
  • You can then use your platform’s package tool to upgrade OMI (for example, sudo apt-get install omi or sudo yum install omi).

“While updates are being rolled out using safe deployment practices, customers can protect against the RCE vulnerability by ensuring VMs are deployed within a Network Security Group (NSG) or behind a perimeter firewall and restrict access to Linux systems that expose the OMI ports (TCP 5985, 5986, and 1207),” Microsoft added.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us