Go to listing page

Cyware Daily Threat Intelligence August 16, 2021

Cyware Daily Threat Intelligence August 16, 2021

Share Blog Post

Researchers have raised an alarm about a new form of DDoS reflection amplification attack that could loom over many organizations in the future. The attack weaponizes a design flaw in the TCP protocol, firewalls, and other network middleboxes to launch giant DDoS attacks against any target on the Internet.  

Encryption technologies used in mail clients and servers are also at risk of MitM and command injection attacks with the discovery of as many as 40 vulnerabilities in various STARTTLS implementations. Some of the popular clients affected by the flaws include Apple Mail, Gmail, Mozilla Thunderbird, Claws Mail, Exim, Samsung Email, Yandex, and KMail.

Top Breaches Reported in the Last 24 Hours

Wastewater system under attack
The Maine Department of Environmental Protection has asked municipalities and water-sector professionals to be alert after two recent ransomware intrusions on wastewater systems in Limestone and Mount Desert Island. The attack on Limestone Water and Sewer department occurred in the first week of July. However, no taxpayer information was compromised.  

FBR network access on sale
The Federal Board of Revenue (FBR) of Pakistan has suffered a large-scale attack. The incident came to light after a group of hackers was found selling network access to the agency’s more than 1500 computer systems on a Russian cybercrime forum. According to sources, the hackers exploited the vulnerability in Microsoft Hyper V-software to breach the network.

Ford’s website exposes data
A flaw in Ford Motor Company’s website had exposed sensitive details belonging to its customers and employees. The issue (tracked as CVE-2021-27653) stemmed from a misconfigured instance of the Pega Infinity customer engagement system running on Ford’s servers. It is not known if any threat actors exploited the vulnerability to breach systems at Ford and steal details of individuals. 

Indra hackers linked to attacks on Iran
The destructive attack on Iran’s transport ministry and the national train system was an act of a threat actor dubbed Indra. The attack, which occurred last month, was carried out using three different versions of wipers dubbed Meteor, Stardust, and Comet.

New York university breached
A data breach at the State University of New York had exposed the personal information of 47,000 individuals after hackers gained unauthorized access to the systems. The incident had occurred between May 22 and July 9. 
 
Top Vulnerabilities Reported in the Last 24 Hours 

STARTTLS related flaws
More than 40 different vulnerabilities identified in various STARTTLS implementations associated with mail clients and servers were uncovered by researchers. The now patched flaws could have opened the door to MitM attacks, allowing an attacker to forge mailbox content and steal credentials. Some of the affected clients included Apple Mail, Gmail, Mozilla Thunderbird, Claws Mail, Mutt, Evolution, Exim, Samsung Email, Yandex, and KMail.

New DDoS attack technique
Academics have discovered a novel DDoS attack technique involving the abuse of TCP protocol, firewall, and other network middleboxes. This is the first of its kind DDoS reflection amplification attack via the TCP protocol. The researchers claimed that the issue stemmed from a design flaw in middleboxes.

 Tags

meteor
starttls
tcp protocol
ddos reflection amplification attack
stardust
indra

Posted on: August 16, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.