US Authorities Have Seized 48 Domains That Sold DDoS-for-Hire Services
Read also: Microsoft fixes a Windows zero-day, security researchers detail a way to bypass popular web application firewalls, and more.
Thursday, December 15, 2022
US takes down 48 domains that offered DDoS-for-Hire services
The US authorities have seized 48 domains that sold DDoS-for-Hire services also known as “booter” or “stresser” services. According to the US Department of Justice, these domains were used to launch millions of DDoS attacks targeting victims worldwide.
The DoJ also charged six people for their alleged involvement in running DDoS-for-Hire platforms.
Chinese hackers are actively exploiting Citrix zero-day bug
The US National Security Agency (NSA) has warned that a China-based cyber-espionage group known as APT5 is actively exploiting a zero-day vulnerability (CVE-2022-27518) in Citrix Application Delivery Controller (ADC) and Gateway appliances to take over affected systems.
The agency didn’t share additional details on APT5’s targets, but the group has been known to attack telecommunications and technology companies, particularly regional telecom providers, high-tech manufacturers, and companies specializing in technology with military applications.
NSA’s threat-hunting guidance provides tips on detecting the compromise and securing Citrix ADC and Gateway appliances, as well as IoCs, including YARA signatures associated with the attacks.
Uber suffers a data breach after a third-party provider hacked
Uber is investigating a data leak after hackers compromised an AWS backup server belonging to the third-party provider Teqtivity and gained access to customer information stored there.
The leak came to light after a threat actor posted a trove of data they claimed was stolen from Uber and Uber Eats on a cybercrime forum. The data allegedly included source code related to mobile device management platforms (MDM) used by Uber and Uber Eats, IT asset management reports, data destruction reports, Windows domain login names and email addresses, and other corporate info.
Uber said that the new leak stems from the Teqtivity breach and is not related to the September 2022 incident. The ride-hailing giant also added that it found no evidence that its systems have been compromised.
Microsoft, Apple fix Windows, iOS zero-days
Microsoft has rolled out security updates as part of its monthly Patch Tuesday release designed to address over 50 security vulnerabilities impacting various Windows components and other software, including a zero-day flaw actively exploited in the wild.
Tracked as CVE-2022-44698, the zero-day flaw resides within the Windows SmartScreen security feature and allows a remote hacker to bypass implemented security restrictions. This flaw is said to have been exploited by threat actors to bypass Windows SmartScreen and deploy the Magniber ransomware and the Qbot malware.
Apple has also rolled out security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to patch a zero-day vulnerability that allows remote code execution.
The said bug (CVE-2022-42856) is a type confusion issue in Apple's Webkit browsing engine, which can be exploited by a remote attacker by tricking a victim into visiting malicious web page. At the time of writing, there is no information available on the nature and targets of the attack that exploited the zero-day flaw.
Security researchers detail a way to bypass popular web application firewalls
A team of researchers has discovered a new technique that allows to circumvent popular web application firewalls from various makers like Palo Alto Networks, Amazon Web Services, Cloudflare, F5, and Imperva.
The new method exploits the fact that some major vendors did not implement JSON support in their products. By appending JSON syntax to SQL injection payloads that a WAF is unable to parse, it is possible to bypass protection.
All affected vendors have been notified of the issue, and all of them have released updates that add support for JSON syntax to SQL inspection process.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
