Kaspersky (https://www.kaspersky.co.za/) experts have brought to light a misdetected SessionManager backdoor that was configured as a malicious module within Internet Information Services (IIS), a popular edited web server by Microsoft. Once propagated, SessionManager enables a wide range of malicious activities, from email harvesting to full control of the victim's infrastructure. First exploited in late March 2021, the newly discovered backdoor has affected government institutions and NGOs around the world with victims in eight countries in the Middle East, Turkey and Africa region including Kuwait, Saudi Arabia, Nigeria , Kenya and Turkey.
In December 2021, Kaspersky discovered “Owowa” (https://bit.ly/3OGqMe4), a previously unknown IIS module that steals credentials entered by a user when logging into Outlook Web Access (OWA). Since then, the company's experts have been keeping an eye on the new opportunity for cybercriminal activity: it has become clear that implementing a backdoor within IIS is a trend for threat actors, who previously exploited one of the "ProxyLogon type " (https:/ /bit.ly/3yFKeC1) vulnerabilities within Microsoft Exchange servers. In a recent investigation, Kaspersky experts came across a new unwanted backdoor module called SessionManager.
The SessionManager backdoor allows threat actors to maintain persistent, update-resistant, and fairly stealthy access to a targeted organization's IT infrastructure. Once inside a victim's system, cybercriminals behind the backdoor can gain access to company emails, update malicious access by installing other types of malware, or surreptitiously manage compromised servers, which can be leveraged as malicious infrastructure.
A distinctive feature of SessionManager is its low detection rate. First discovered by Kaspersky researchers in early 2022, some of the backdoor samples have yet to be flagged as malicious by popular online file analysis services. To date, SessionManager is still deployed in more than 90% of selected organizations based on Internet analysis by Kaspersky researchers.
In total, 34 servers at 24 organizations in Europe, the Middle East, South Asia, and Africa were compromised by SessionManager. The threat actor running SessionManager shows a particular interest in NGOs and government entities, but they have also been targeted by medical organizations, oil companies, shipping companies, and more.
Due to similar victimology and the use of the common variant "OwlProxy" (https://bit.ly/3OGnLKH), Kaspersky experts believe that the malicious IIS module could have been exploited by GELSEMIUM (https://bit. ly /3Ap46dJ) threat actor, as part of its espionage operations.
“Exploitation of exchange server vulnerabilities has been a favorite of cybercriminals looking to break into targeted infrastructure since the first quarter of 2021. In particular, it enabled a series of long-hidden cyber espionage campaigns. The newly discovered SessionManager was misdetected for a year. Facing massive and unprecedented exploitation of server-side vulnerabilities, most cybersecurity actors were busy investigating and responding to the first identified crimes. As a result, it is still possible to discover related malicious activities months or years later, and this is likely to be the case for a long time,” said Pierre Delcher, Senior Security Researcher at Kaspersky's Global Research and Analysis team.
“Gaining visibility into real and recent cyber threats is critical for companies to protect their assets. Such attacks can result in significant financial or reputational loss and can disrupt a target's operations. Threat intelligence is the only component that can enable reliable and timely anticipation of such threats. In the case of Exchange servers, we can't stress it enough: last year's vulnerabilities have made them prime targets, regardless of malicious intent, so they need to be carefully audited and monitored for hidden implants, if any. they haven't," adds Pierre. .
Kaspersky products detect various malicious IIS modules, including SessionManager.
For more information on the SessionManager's style of operation and goals, visit Securelist.com (https://bit.ly/3bBycAr).
To protect your business from such threats, Kaspersky experts also recommend that you:Periodically verify IIS modules loaded on exposed IIS servers (particularly Exchange servers), leveraging existing IIS farm tools. Look for such modules as part of your threat hunting activities whenever a significant vulnerability is announced in Microsoft server products. Focus your defense strategy on detecting lateral movements and leaking data to the Internet. Pay special attention to outgoing traffic to detect cybercriminal connections. Back up your data regularly. Make sure you can quickly access it in an emergency. Use solutions such as Kaspersky Endpoint Detection and Response (https://bit.ly/3nzQViE) and the Kaspersky Managed Detection and Response service (https://bit.ly/3bQAhIM), which help identify and stop the attack in the first place stages. stages, before the attackers achieve their goals. Use a trusted endpoint security solution, such as Kaspersky Endpoint Security for Business (KESB) (https://bit.ly/3uoRkYZ), which works with exploit prevention, behavioral detection, and a remediation engine that can reverse malicious actions . . KESB also has self-defense mechanisms that can prevent cybercriminals from removing it.
Missiles rained down on Ukraine killing scores of civilians and injuring dozens in built-up areas at the start of the weekend, prompting President Volodymyr Zelensky to accuse Russia of state "terror".
Attacks on a southern resort town left 21 dead and dozens injured after missiles slammed into apartments and a recreation center in Sergiyvka, 80 kilometers (50 miles) south of the Black Sea port of Odessa.
The rockets hit residential properties in Solviansk, in the heart of the besieged Donbas region, killing a woman in her garden and wounding her husband, a neighbor told AFP on Saturday, describing debris strewn across the neighbourhood.
The witness said Friday's attack was thought to have used cluster munitions that spread over a large area before exploding, hitting buildings and people outdoors.
The attacks came after Moscow abandoned positions on a strategic island in a major setback to the Kremlin invasion.
The victims of the Sergiyvka attacks included a 12-year-old boy, Zelensky said in his daily address to the nation, adding that some 40 people were injured and the death toll could rise.
"I emphasize: this is a deliberate and purposeful act of Russian terror, and not some kind of mistake or an accidental missile attack," Zelensky said.
"Three missiles hit a normal nine-story apartment building, in which no weapons were hidden, no military equipment," he added. "Normal people, civilians, lived there."
'Cruel manner' Germany was quick to condemn the violence.
"The cruel way in which the Russian aggressor is taking the killing of civilians in stride and speaking again of collateral damage is inhumane and cynical," said German government spokesman Steffen Hebestreit.
The attacks follow global outrage earlier this week when a Russian strike destroyed a shopping mall in Kremenchuk, central Ukraine, killing at least 18 civilians.
President Vladimir Putin has denied his forces were responsible for that attack, and Moscow had no immediate comment on the Odessa attacks.
On Friday, Zelensky hailed a new chapter in its relationship with the European Union, after Brussels recently granted candidate status to Ukraine in Kyiv's bid to join the 27-member bloc, even if the EU is likely to be years away. membership.
“Our journey to membership should not take decades. We should go down this road quickly," Zelensky told Ukraine's parliament.
European Commission President Ursula von der Leyen, addressing Ukrainian lawmakers by video link, said membership was "within reach" but urged them to work on anti-corruption reforms.
Norway, which is not a member of the EU, announced $1 billion in aid for Kyiv on Friday, including reconstruction and weapons.
And the Pentagon said it was sending a new weapons package worth $820 million, including two air defense systems and more ammunition for Himars precision rocket launchers that the United States began supplying last month.
Soup dispute In a move that further chilled relations between Kyiv and Moscow, the UN cultural agency inscribed Ukraine's tradition of cooking borshch soup on its list of endangered cultural heritage.
Ukraine considers the nutritious soup, usually made with beets, a national dish, although it is also widely consumed in Russia, other countries of the former Soviet Union, and Poland.
UNESCO said the decision was approved after a fast-track process prompted by the Russian invasion of Ukraine.
"We will win both in the borshch war and in this war," Ukrainian Culture Minister Oleksandr Tkachenko said on Telegram.
Russian Foreign Ministry spokeswoman Maria Zakharova said: “Hummus and pilaf are recognized as national dishes of various nations. Everything is subject to Ukrainization.”
Phosphorous bombs On Thursday, Russian troops abandoned their positions on Snake Island, which had become a symbol of Ukrainian resistance in the early days of the war, and moved away from sea lanes near the port of Odessa.
The Russian Defense Ministry described the withdrawal as "a goodwill gesture" intended to show that Moscow will not interfere with UN efforts to organize protected grain exports from Ukraine.
But on Friday night, Kyiv accused Moscow of carrying out phosphorous incendiary munition attacks on the rocky outcrop, saying the Russians could not “respect even their own statements”.
In peacetime, Ukraine is a major exporter of agricultural products, but Russia's invasion has damaged farmland and Ukraine's ports have been seized, razed or blocked, raising concerns about food shortages, especially in poor countries.
Western powers have accused Putin of using the trapped harvest as a weapon to increase pressure on the international community, and Russia has been accused of stealing grain.
Ukraine on Friday asked Turkey to detain a Russian-flagged cargo ship that Kyiv said had set sail from the Kremlin-occupied port of Berdyansk.
As heavy fighting continued in eastern Ukraine, authorities said schools in the Ukrainian capital would reopen at the start of the school year on September 1 for the first in-person classes since lessons began online after the invasion began. .
Olena Fidanyan, head of Kyiv's education and science department, said the ground around schools will be checked for explosives and bomb shelters in schools will be restocked with essentials.
President Volodymyr Zelensky said on Friday that Ukraine and the European Union were beginning a new chapter in their history after Brussels formally accepted Ukraine's bid to join the 27-nation bloc.
“A new (chapter) in the history of the European Union and Ukraine has begun. Now we are not close. Now we are together,” Zelensky said addressing Ukraine's parliament.
He said it was a "great honor and great responsibility" to work to make the "aspirations of our country" a reality.
“We took a 115 day journey to candidate status and our journey to membership should not take decades. We should get down this road quickly," Zelensky said.
"Ukraine is fighting to choose its values, to be in the European family," he said.
Also on Friday, European Commission President Ursula von der Leyen told Ukraine's parliament via video link that EU membership was "within reach" but urged them to push ahead with anti-corruption reforms.
After his speeches, an EU flag was brought to Ukraine's parliament building, the Rada, and placed next to Ukraine's blue and yellow flag.
Ukraine applied for EU membership just five days after Russia's invasion on February 24 and the 27-member bloc accepted its candidacy on June 23, in a strong signal of support.
But the accession process could take many years, and bids from Turkey and several Western Balkan countries have stalled as Western capitals insist on strict economic and legal criteria.
The United Nations Subcommittee on Prevention of Torture (SPT) confirmed its upcoming visits to Australia, Bosnia and Herzegovina, Ecuador and Turkey in the second half of this year, and announced plans to visit Croatia, Madagascar, Nicaragua and the State of Palestine during the first half of 2023.
“Visiting States Parties is essential to fulfilling our mandate to protect persons deprived of their liberty in a variety of settings, for example, not only in prisons, but also in police stations, psychiatric institutions, closed refugee camps and detention centers. of immigrants,” said Suzanne Jabbour, President of the SPT.
During each visit, the SPT will also meet with and assist the country's independent torture prevention watchdog, formally called the National Preventive Mechanism (NPM). “Another key part of our mandate is to strengthen the already designated NPM and support the establishment of the mechanism in countries where it does not yet exist,” added Jabbour.
The Subcommittee visited Brazil, Tunisia, Argentina and Lebanon in the first half of 2022. It will continue its program of visits during the rest of the year, inspecting places of deprivation of liberty and measures to prevent torture in Australia, Bosnia and Herzegovina, Ecuador and Turkey.
The Subcommittee also announced that it would plan to visit Croatia, Madagascar, Nicaragua and the State of Palestine in the first half of 2023. These decisions were made at its last confidential session held in Geneva in June. The SPT will announce more visits for 2023 after its next meeting in November.
During the June session, the SPT met with representatives of the signatory States, a delegation from the European Committee for the Prevention of Torture, the UN Special Rapporteur on Migrants and the UN Special Rapporteur on Afghanistan, among others.
The SPT also recommended different projects in relevant regions of the world for the OPCAT Fund to support. The Fund helps finance the implementation of the suggestions made by the Subcommittee after its country visits and sponsors various educational programs conducted by NPMs.
In addition, the SPT decided to add the Central African Republic, which ratified the Optional Protocol to the Convention against Torture in 2016, to the list of States Parties that do not comply with Article 17. Burkina Faso and Mongolia were removed from that list. , as these States designated their National Preventive Mechanisms, which is a positive step for the prevention of torture.
The article 17 list lists States parties that are far behind in establishing their national preventive mechanisms. The list currently consists of Belize, Benin, Bosnia and Herzegovina, Burundi, Central African Republic, Democratic Republic of the Congo, Gabon, Ghana, Liberia, Nauru, Nigeria, the Philippines, and South Sudan. Under the Optional Protocol, states are required to establish their NPM within one year of ratification.
Energy Capital & Power (ECP) (https://EnergyCapitalPower.com) is proud to announce that this year's South Sudan Oil & Power (SSOP) (https://bit.ly/3a3EWa0) conference, taking place in held on September 13 and 14, 2022, at the Radisson Blu Hotel in Juba: it has more international confirmations than ever.
Now in its fifth edition, SSOP 2022 represents the leading international forum driving business and investment in East Africa, with regional and international market delegations participating in the two-day conference.
Ambassadors from China, Turkey, Egypt, Canada, the Netherlands, South Africa, Somalia and India have been confirmed and delegations from each country are expected to attend the high-level event. In the coming weeks, more confirmations are expected from destinations such as Uganda, Sudan and the United Kingdom.
This year's edition is being held in official association with South Sudan's Ministry of Petroleum, Ministry of Energy and Dams, and Ministry of Finance and Economic Planning, with additional ministerial confirmations from Ethiopia and Somalia, and assistance from Norway via video link. Ministers from Kenya, Sudan and Egypt are also expected to be represented. The event expects seven more regional and global participants in the next two months, with ten ministers planned to speak at the event along with their respective national oil companies.
As the organizer of the SSOP 2022 conference, ECP is collaborating with the US Embassy in Juba, as well as trade restriction experts, to ensure robust and solution-oriented discussions on trade, business and investment at the event.
South Sudan is the gateway to invest and do business in East Africa. The international SSOP confirmations are not just a statement of support for the country's burgeoning energy industry, but a demonstration of the massive change taking place across the country.
To learn more about how you can participate in East Africa's premier international forum, visit https://bit.ly/3bpLe3V