Amazon’s Twitch data leak / Apache HTTP Server 0-day / VMware ESXi targeted in a new campaign

Welcome to Security Center – our weekly update on the most devastating cyberattacks, high-severity vulnerabilities, and biggest data leaks – precisely selected by our editors.

Don’t miss it out! Sign up now and have it delivered to your inbox each Monday to start a week safe and sound. Additionally, you will receive a portion of the hottest company news and access to selected technical articles written by our experts with advice and tricks for more effective protection of your IT infrastructure.

In the meantime, let’s check what happened in the cyber-world last week.

Amazon’s Twitch streaming service sacked – sensitive data leaked

Amazon’s Twitch streaming service suffered a cyberattack this week. A hacker leaked the entirety of Twitch’s source code alongside a 128GB trove of data that included creator payouts going back to 2019, proprietary SDKs, and internal AWS services used by Twitch, as well as all of the company’s internal cybersecurity red teaming tools. Experts warned that all Twitch streamers needed to take immediate actions to protect their bank accounts and themselves from a potential wave of attacks by opportunistic cybercriminals. Twitch announced that it was resetting all stream keys, directing streamers to a website for new stream keys.

Learn more

Apache fixes a zero-day vulnerability in HTTP Server exploited in the wild

The Apache HTTP Server 2.4.49 is vulnerable to a flaw that allows attackers to use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by “require all denied” these requests can succeed. But this is not the whole picture. It turns out that the flaw allows also Remote Code Execution (RCE) on a Linux system if the server is configured to support CGI via mod_cgi. Should an attacker be able to upload a file via a path traversal exploit, and set execute permissions on the file, they have now granted themselves the ability to execute commands with the same privileges as the Apache process.

Learn more

VMware ESXi servers encrypted by lightning-fast Python script

Attackers love VMware’s ESXi. Why? Because one-hit locks up scads of VMs. Attackers can encrypt the centralized virtual hard drives used to store data from across VMs. And this new Python ransomware additionally strikes ESXi servers and virtual machines with truly a “sniper-like” speed. The threat actor needs about three hours to complete the attack – that’s how long it takes from the initial breach to finishing the full encryption process. The ransomware creates a unique key every time it is run. In practice, attackers execute the script once for each ESXi datastore they want to encrypt. Each time it is executed, the script generates a unique key pair to use in encrypting files.

Learn more

More IT security must-reads

  1. Windows 11 bug reverts users back to the Windows 10 taskbar (Bleeping Computer)
  2. Smashing Security podcast #246: Facebook has fallen (Graham Cluley)
  3. 5-Year Breach May Have Exposed Billions of Text Messages (Dark Reading)
  4. Google warns 14,000 Gmail users targeted by Russian hackers (Bleeping Computer)
  5. Additional fixes released addressing Apache HTTP Server issue (ZDNet
  6. Microsoft is disabling Excel 4.0 macros by default to protect users  (Bleeping Computer)