Twitch.tv Had a Massive Data Breach... CyberNews 2021/10/11
My Website: talkelley3.com
Other Channel: / supertal3
Instagram: / talkelley3
Check out my other videos!
Day in the Life - • Cyber Security Day In ...
How to Get Into Ethical Hacking - • How to Get Started In ...
How to Get Into Cybersecurity - • How to Get Started in ...
1. Google has announced plans to auto-enroll nearly 150 million users into it's 2FA program.
- It plans to automatically enroll about 150 million users into it's two-factor authentication scheme by the end of 2021 to prevent unauthorized access to accounts and improve security.
- They also intend to require 2 million RU-vid creators to switch on the setting.
- They use your password, and your phone, through text or the gmail app.
2. Apache Warns of a 0-day exploit in the Wild!
- There was a flaw in a change made to path normalization in Apache HTTP Server 2.4.49, that allowed attackers to use a path traversal attack to map URL's to files outside the expected document root.
- If files outside the document root are not protected by 'require all denied' these requests can succeed. It could leak the source of interpreted files like CGI scripts as well.
- This flaw is actively exploited, and a new PoC exploit shows it is RCE provided that mod-cgi is enabled!
- Patch your systems now!
3. Twitch Had 125GB of data leaked!
- The entirety of Twitch's source code with commit history "going back to its early beginnings"
- Proprietary software development kits and internal AWS services used by Twitch
- An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
- Information on other Twitch properties like IGDB and CurseForge
- Creator revenue reports from 2019 to 2021
- Mobile, desktop and console Twitch clients, and
- Cache of internal "red teaming" tools designed to improve security
4. A New APT Group Targets Fuel, Energy, and Aviation Industries
- ChamelGang the APT group, named because of chamelion like tactics of disguising it's malware and network infrastructure under legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google.
- They used Supply-chain attacks.
- They used the Microsoft Exchange Server vulnerabilities from a while ago.
- Attacked an Energy Company using a Red Hat JBoss Enterprise Application Vulnerability to RCE commands and deploy malicious payloads with elevated privileges, pivot, and deploy a backdoor called DoorMe.
- Used ProxyShell flaws to attack a Russian aviation production sector company. They dropped web shells, conducted recon, and installed a DoorMe backdoor again.
. Ransomware Group Fin12 Going After Healthcare Targets
- FIN12 linked with the RYUK ransomware has been attacking healthcare targets. They purchase access to networks, and then deploy the ransomware into the environment. They prioritize speed and higher-revenue victims.
- They use phishing campaigns as well, along with other instances of using TrickBot, and later Cobalt Strike beacon payloads for post-exploitation activities.
- It rarely engages in data theft extortion.
13 окт 2021
