Fortify Security Team
Feb 11, 2021

Title: 12-Year-Old Windows Defender Bug Gives Hackers Admin Rights

Date Published: February 11, 2021


Excerpt: “CVE-2021-24092 impacts Defender versions going back as far as 2009, and it affects client and server releases starting with Windows 7 and up. Threat actors with basic user privileges can exploit it locally, as part of low complexity attacks that don’t require user interaction. The vulnerability also impacts other Microsoft security products including but not limited to Microsoft Endpoint Protection, Microsoft Security Essentials, and Microsoft System Center Endpoint Protection.”

Title: Vulnerabilities in Widely Used TCP/IP Stacks Open IoT, OT Devices to Attack

Date Published: February 11, 2021


Please also see: Weak ISN Generation in Embedded TCP/IP Stacks

Excerpt: “The researchers probed 11 TCP/IP stacks, seven of which are open-source (uIP, FNET, picoTCP, Nut/Net, lwIP, cycloneTCP and uC/TCP-IP), and the rest include Microchip’s MPLAB Net, Texas Instruments’ NDKTCPIP, ARM’s Nanostack and Siemens’ Nucleus NET. They discovered that lwIP and Nanostack were not vulnerable, but the rest were, and that the vulnerabilities allow attackers to predict the ISN of existing TCP connections or new ones. The CVEs and the specific descriptions of each vulnerability can be found here.”

Title: Lookout Discovers Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict

Date Published: February 11,  2021


Excerpt: “While primarily known for desktop malware, the Confucius group was previously reported to have started leveraging mobile malware in 2017, with the Android surveillanceware ChatSpy. Targets of these tools include personnel linked to Pakistan’s military, nuclear authorities, and Indian election officials in Kashmir. Hornbill and SunBird have sophisticated capabilities to exfiltrate SMS, encrypted messaging app content, and geolocation, among other types of sensitive information.”

Title: 10 SIM Swappers Arrested for Stealing $100M in Crypto from Celebrities


Date Published: February 11, 2021

Please also see: Brits Arrested for Sim Swapping Attacks on US Celeb Android 

Excerpt: “The eight suspects, aged 18 to 26, are said to be part of a larger ring, two members of which were nabbed previously in Malta and Belgium. The latest arrests were made in England and Scotland. The sweep comes almost a year after Europol led an operation to dismantle two SIM swap criminal groups that stole €3.5 million ($3.9 million) by orchestrating a wave of more than 100 attacks targeting victims in Austria, emptying their bank accounts through their phone numbers.”

Title: Agent Tesla Hidden in a Historical Anti-Malware Tool

Date Published: February 11,  2021


Excerpt: “The e-mail carrying the ISO attachment was a run-of-the-mill-looking malspam, informing the recipient about a new delivery from DHL. It had a spoofed sender address “[email protected][.]com”, which – although looking at least somewhat believable – certainly didn’t have the impact of making the message appear trustworthy, which is what the authors of the e-mail were most likely hoping for. On the contrary, it must have resulted in very few of the messages actually making it past any security analysis on e-mail gateways. The reason is that DHL has a valid SPF record set up for dhl.com, so any SPF check (i.e. something that most of the worlds e-mail servers perform automatically these days) would lead to a “soft fail” result, which would consequently most likely lead to the message being quarantined (if not deleted outright).”

Title: Singtel Hit by Third-Party Vendor’s Security Breach, Customer Data May Be Leaked


Date Published: February 11  2021

Please also see: About Accellion FTA Security Incident

Excerpt: “It noted that due to the “complexity of the investigations”, its impact assessment would take some time. It said it would contact those that might have had their data illegally downloaded. Accellion on February 1 said its FTA system was a 20-year-old large-file transfer software nearing the end of its lifecycle. It had been the target of a “sophisticated cyberattack”, which was first made known on December 23 when Accellion informed all its customers of an attack involving the file-sharing system.”

Title: Microsoft Now Forces Secure Rpc to Block Windows Zerologon Attacks

Date Published: February 10,  2021


Excerpt: “Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month’s Patch Tuesday security updates. Zerologon is a critical Netlogon Windows Server process security flaw (tracked as CVE-2020-1472) that allows attackers to elevate privileges to domain administrators and take control over the domain following successful exploitation.”

Title: Multivector Attacks Demand Security Controls at the Messaging Level

Date Published: February 10,  2021


Excerpt: “In recent days, the cybersecurity community has been abuzz with discussion of the latest announcement from Google’s Threat Analysis Group. Google says it has spent the past few months tracking a new campaign orchestrated by “a government-backed entity based in North Korea,” thought to be the threat actor known as the Lazarus Group. The campaign targeted a number of security researchers. There are special lessons to be learned from this campaign. The researchers were attacked in a complex, multivector fashion.”

Title: Attackers Exploit Critical Adobe Flaw to Target Windows Users

Date Published: February 9,  2021


Excerpt: “Adobe is warning of a critical vulnerability that has been exploited in the wild to target Adobe Reader users on Windows. The vulnerability (CVE-2021-21017) has been exploited in “limited attacks,” according to Adobe’s Tuesday advisory, part of its regularly scheduled February updates. The flaw in question is a critical-severity heap-based buffer overflow flaw. This type of buffer-overflow error occurs when the region of a process’ memory used to store dynamic variables (the heap) can be overwhelmed. If a buffer-overflow occurs, it typically causes the affected program to behave incorrectly. With this flaw in particular, it can be exploited to execute arbitrary code on affected systems.”

Title: BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech

Date Published: February 9,  2021


Excerpt: “Highly malleable, highly sophisticated and over 10,000 bytes of machine code. This is what Unit 42 researchers were met with during code analysis of this “bear” of a file. The code behavior and features strongly correlate with that of the WaterBear malware family, which has been active since as early as 2009. Analysis by Trend Micro and TeamT5 unveiled WaterBear as a multifaceted, stage-two implant, capable of file transfer, shell access, screen capture and much more. The malware is associated with the cyber espionage group BlackTech, which many in the broader threat research community have assessed to have ties to the Chinese government, and is believed to be responsible for recent attacks against several East Asian government organizations.”

Recent Posts

June 30, 2022

Title: Google Blocked Dozens of Domains Used by Hack-For-Hire Groups Date Published: June 30, 2022 https://www.bleepingcomputer.com/news/security/google-blocked-dozens-of-domains-used-by-hack-for-hire-groups/ Excerpt: “Google's Threat Analysis Group (TAG) has blocked...

June 28, 2022

Title: Over 900,000 Kubernetes Instances Found Exposed Online Date Published: June 28, 2022 https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/ Excerpt: “Over 900,000 misconfigured Kubernetes clusters were found...

June 27, 2022

Title: CafePress Fined $500,000 for Breach Affecting 23 Million Users Date Published: June 24, 2022 https://www.bleepingcomputer.com/news/security/cafepress-fined-500-000-for-breach-affecting-23-million-users/ Excerpt: “The U.S. Federal Trade Commission (FTC) has...

June 24, 2022

Title: Scalper Bots out of Control in Israel, Selling State Appointments Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/scalper-bots-out-of-control-in-israel-selling-state-appointments/ Excerpt: “Out-of-control scalper bots have created...

June 23, 2022

Title: New MetaMask Phishing Campaign uses KYC Lures to Steal Passphrases Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/new-metamask-phishing-campaign-uses-kyc-lures-to-steal-passphrases/ Excerpt: “A new phishing campaign is targeting...

June 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage Date Published: June 22, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/ Excerpt: “Microsoft has revealed that this week's...

June 21, 2022

Title: Microsoft 365 Outage Affects Microsoft Teams and Exchange Online Date Published: June 21, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-affects-microsoft-teams-and-exchange-online/ Excerpt: “An ongoing outage affects multiple...