i. Auditing organizations should include an executive summary for board members & top management in all audit reports, translating the technical findings into relevant business risks and the overall security posture of the audited application or infrastructure.

On July 19, 2024, an issue due to a faulty update to the CrowdStrike Falcon Sensor software led to crashing Microsoft Windows operating systems. Official fixes have been released from both CrowdStrike and Microsoft.

It has been reported that there are reports of an ongoing phishing campaign targeting CrowdStrike users leveraging this issue to conduct the following malicious activities:

• Sending phishing emails posing as CrowdStrike support to customers
• Impersonating CrowdStrike staff in phone calls
• Selling software scripts purporting to automate recovery from the content update issue
• Distributing trojan malware pretending as recovery tools

These attack campaigns could entice an unsuspected user to install unidentified malware, which could lead to sensitive data leakage, system crashes and data loss.

----------Indicators of Compromise----------

Organizations may consider configuring their firewall rules to block connections to the following IoCs associated with the campaign:

URLs
crowdstrike.phpartners[.]org
crowdstrike0day[.]com
crowdstrikebluescreen[.]com
crowdstrike-bsod[.]com
crowdstrikeupdate[.]com
crowdstrikebsod[.]com
www.crowdstrike0day[.]com
www.fix-crowdstrike-bsod[.]com
crowdstrikeoutage[.]info
www.microsoftcrowdstrike[.]com
crowdstrikeodayl[.]com
crowdstrike[.]buzz
www.crowdstriketoken[.]com
www.crowdstrikefix[.]com
fix-crowdstrike-apocalypse[.]com
microsoftcrowdstrike[.]com
crowdstrikedoomsday[.]com
crowdstrikedown[.]com
whatiscrowdstrike[.]com
crowdstrike-helpdesk[.]com
crowdstrikefix[.]com
fix-crowdstrike-bsod[.]com
crowdstrikedown[.]site
crowdstuck[.]org
crowdfalcon-immed-update[.]com
crowdstriketoken[.]com
crowdstrikeclaim[.]com
crowdstrikeblueteam[.]com
crowdstrike-office365[.]com
crowdstrikefix[.]zip
crowdstrikereport[.]com

Hashes

c44506fe6e1ede5a104008755abf5b6ace51f1a84ad656a2dccc7f2c39c0eca2
02f37a8e3d1790ac90c04bc50de73cd1a93e27caf833a1e1211b9cc6294ecee5
2bdf023c439010ce0a786ec75d943a80a8f01363712bbf69afc29d3e2b5306ed
4f450abaa4daf72d974a830b16f91deed77ba62412804dca41a6d42a7d8b6fd0
52019f47f96ca868fa4e747c3b99cba1b7aa57317bf8ebf9fcbf09aa576fe006
5ae3838d77c2102766538f783d0a4b4205e7d2cdba4e0ad2ab332dc8ab32fea9
6010e2147a0f51a7bfa2f942a5a9eaad9a294f463f717963b486ed3f53d305c2
835f1141ece59c36b18e76927572d229136aeb12eff44cb4ba98d7808257c299
931308cfe733376e19d6cd2401e27f8b2945cec0b9c696aebe7029ea76d45bf6
b1fcb0339b9ef4860bb1ed1e5ba0e148321be64696af64f3b1643d1311028cb3
b6f321a48812dc922b26953020c9a60949ec429a921033cfaf1e9f7d088ee628
be074196291ccf74b3c4c8bd292f92da99ec37a25dc8af651bd0ba3f0d020349
50f9c384443a40d15a6e74960f1ba75dcf741eabdb5713bd2eba453a6aad81e5
d6d5ff8e9dc6d2b195a6715280c2f1ba471048a7ce68d256040672b801fda0ea
48a3398bbbf24ecd64c27cb2a31e69a6b60e9a69f33fe191bcf5fddbabd9e184

----------Indicators of Compromise----------

It has been reported that the threat actors are exploiting Privilege Escalation Vulnerability in Microsoft Exchange Server.

One of the key reason for vulnerabilities in the applications are lack of secure design, development, implementation, and operations. Relying solely on post-development audits for security is inadequate......

An Application Programming Interface (API) is a data connection allowing data to be shared with other applications. They can be viewed as digital middlemen between organisations / enterprises and platforms that need to access data for driving innovation, increasing reach, discover new business models, increase partner network, etc.

It has been observed that Mallox Ransomware is currently targeting unsecured Microsoft SQL Servers, using them as entry points into victims ICT infrastructures to distribute the ransomware.It has also been observed that the threat actor group has used brute force techniques on publicly exposed MS SQL instances to gain initial access to the victims network infrastructure.

This report covers the ransomware latest tactics and techniques along with trends observed in the year-2022, specific to Indian cyber space.

Microsoft Exchange Server 2013 will enter its End of Life on Tuesday, April 11, 2023 which means that Microsoft will no longer be offering technical support and updates of security fixes for the old Exchange Server.

It is reported that threat actors are actively exploiting an authentication bypass vulnerability in Fortinet Products. The vulnerability allows the attacker to gain access to administrative interface and perform actions via a specially crafted request.

It has been reported that the threat actors are exploiting remote code execution vulnerability in Oracle Fusion Middle Ware.

It has been reported that implementations of "Boa web server" by different vendors across a variety of IoT devices and popular software development kits (SDKs) can pose a supply chain risk that may affect large number of organizations and devices.

It is reported that vulnerabilities in Cisco AnyConnect Secure Mobility Client for Windows are being exploited in the wild by threat actors. These vulnerabilities allow the attacker to execute arbitrary code or copy files to system directories on the targeted Windows devices with system privileges.

It has been reported that Adwares are targeting prominent brands and tricking its customers in fraudulent phishing/fraudulent scams.

It has been reported that threat actors are targeting unauthenticated Redis servers exposed on the internet in an attempt to install a cryptocurrency miner to conduct malicious attacks. Redis (Remote Dictionary Server) is a BSD license-based open-source project that queries data with Key through a Key-Value Store database.

A novel backdoor variant "Maggie" is reported to be targeting Microsoft SQL servers. The fully functional backdoor disguises as an Extended Stored Procedure DLL, a type of extension used by Microsoft SQL servers.