OSN FEBRUARY 12, 2021

Fortify Security Team
Feb 12, 2021

Title: Yandex Suffers Data Breach After Sysadmin Sold Access to User Emails

Date Published: February 11, 2021

https://www.bleepingcomputer.com/news/security/yandex-suffers-data-breach-after-sysadmin-sold-access-to-user-emails/

Excerpt: “Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. The company discovered the breach internally, during a routine check of its security team. The investigation revealed that the employee’s actions led to the compromise of almost 5,000 Yandex email inboxes.”

Title: Accellion to Retire Enterprise File-Sharing Product Targeted in Recent Attacks

Date Published: February 12, 2021

https://www.helpnetsecurity.com/2021/02/12/accellion-fta/

Excerpt: “U.S.-based cloud solutions company Accellion will soon retire FTA, its legacy enterprise file-sharing solution, vulnerabilities in which have recently been exploited by attackers to breach a variety of organizations, including the Australian Securities and Investments Commission, the Washington State Auditor Office, and Singapore telecom Singtel.”

Title: Tim’s Red Team Research (Rtr) Discovered a Critical Zero-Day Vulnerability in Ibm Infosphere Information Server

Date Published: February 12,  2021

https://securityaffairs.co/wordpress/114520/hacking/zero-day-ibm-infosphere-information-server.html

Excerpt: “Cybersecurity researchers identified a Deserialization of Untrusted Data (CWE-502), identified as CVE-2020-27583, has a CVSS3 score of 9.8. The vulnerability allows unrestricted remote code execution with root privileges, without requiring any authentication. The laboratory has identified, from public sources available on the corporate website, vulnerabilities on vendors such as Oracle, Nokia, Siemens, Schneider Electric, QNAP, Selesta, WOWZA, MultiUX and recently WordPress, helping to improve overall IT security.”

Title: Pre-Valentine’s Day Malware Attack Mimics Flower, Lingerie Stores

https://threatpost.com/valentines-day-malware-attack/163900/

Date Published: February 11, 2021

Excerpt: “The BazaLoader downloader, written in C++, has the primary function of downloading and executing additional modules. BazaLoader was first observed in the wild in April – and since then researchers have observed at least six variants, “signaling active and continued development.” Recently, researchers found multiple BazaLoader campaigns in January and February, which have relied heavily on human interaction with different sites, PDF attachments and email lures.”

Title: White House Taps Neuberger to Lead SolarWinds Probe

Date Published: February 11,  2021

https://www.bankinfosecurity.com/white-house-taps-neuberger-to-lead-solarwinds-probe-a-15976

Excerpt: “”The federal government’s response to date to the SolarWinds breach has lacked the leadership and coordination warranted by a significant cyber event, so it is welcome news that the Biden administration has selected Anne Neuberger to lead the response,” the senators note. “The committee looks forward to getting regular briefings from Ms. Neuberger and working with her to ensure we fully confront and mitigate this incident as quickly as possible”.”

Title: What’s Most Interesting About the Florida Water System Hack? That We Heard About It at All.

https://krebsonsecurity.com/2021/02/whats-most-interesting-about-the-florida-water-system-hack-that-we-heard-about-it-at-all/

Date Published: February 10,  2021

Excerpt: ““The system wasn’t capable of doing what the attacker wanted,” said Joe Weiss, managing partner at Applied Control Solutions, a consultancy for the control systems industry. “The system isn’t capable of going up by a factor of 100 because there are certain physics problems involved there. Also, the changes he tried to make wouldn’t happen instantaneously. The operators would have had plenty of time to do something about it.”

Title: Secret Chat in Telegram Left Self-Destructing Media Files On Devices

Date Published: February 12,  2021

https://thehackernews.com/2021/02/secret-chat-in-telegram-left-self.html

Excerpt: “Popular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats. The vulnerability was discovered by security researcher Dhiraj Mishra in version 7.3 of the app, who disclosed his findings to Telegram on December 26, 2020. The issue has since been resolved in version 7.4, released on January 29.”

Title: Internet-Exposed Orion Servers Drop 25% Since Solarwinds Breaches Announced

Date Published: February 12,  2021

https://www.scmagazine.com/home/security-news/network-security/internet-exposed-orion-servers-drop-25-since-solarwinds-breaches-announced/

Excerpt: “In recent days, the cybersecurity community has been abuzz with discussion of the latest announcement from Google’s Threat Analysis Group. Google says it has spent the past few months tracking a new campaign orchestrated by “a government-backed entity based in North Korea,” thought to be the threat actor known as the Lazarus Group. The campaign targeted a number of security researchers. There are special lessons to be learned from this campaign. The researchers were attacked in a complex, multivector fashion.”

Title: Ransomware Attackers Set Their Sights on SaaS

Date Published: February 11,  2021

https://www.darkreading.com/attacks-breaches/ransomware-attackers-set-their-sights-on-saas/d/d-id/1340147

Excerpt: “Ransomware attacks have begun to more heavily target software applications, open source tools, and Web and application frameworks as attackers seek more direct paths to organizations’ largest and most important data stores. The ransomware threat landscape has seen tremendous growth in the past few years alone, RiskSense researchers report in a new study, “Ransomware – Through the Lens of Threat and Vulnerability Management.” They detected 223 vulnerabilities associated with 125 ransomware families, a massive increase from their 2019 findings of 57 CVEs tied to 19 ransomware families.”

Title: Security Researchers Discover Helpdesk Software Vulnerability

Date Published: February 12,  2021

https://www.securitymagazine.com/articles/94597-security-researchers-discover-helpdesk-software-vulnerability

Excerpt: “Deskpro is a multichannel helpdesk software solution that helps thousands of organizations manage their customer communications and userbase across multiple channels, including email, live, chat, voice and social media, and can be deployed on the organization’s own server infrastructure or via public or private cloud services. According to the researchers, successful exploitation of the discovered XSS vulnerability could have allowed attackers to hijack the sessions of admins and takeover the accounts of helpdesk agents.”

Recent Posts

June 30, 2022

Title: Google Blocked Dozens of Domains Used by Hack-For-Hire Groups Date Published: June 30, 2022 https://www.bleepingcomputer.com/news/security/google-blocked-dozens-of-domains-used-by-hack-for-hire-groups/ Excerpt: “Google's Threat Analysis Group (TAG) has blocked...

June 28, 2022

Title: Over 900,000 Kubernetes Instances Found Exposed Online Date Published: June 28, 2022 https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/ Excerpt: “Over 900,000 misconfigured Kubernetes clusters were found...

June 27, 2022

Title: CafePress Fined $500,000 for Breach Affecting 23 Million Users Date Published: June 24, 2022 https://www.bleepingcomputer.com/news/security/cafepress-fined-500-000-for-breach-affecting-23-million-users/ Excerpt: “The U.S. Federal Trade Commission (FTC) has...

June 24, 2022

Title: Scalper Bots out of Control in Israel, Selling State Appointments Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/scalper-bots-out-of-control-in-israel-selling-state-appointments/ Excerpt: “Out-of-control scalper bots have created...

June 23, 2022

Title: New MetaMask Phishing Campaign uses KYC Lures to Steal Passphrases Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/new-metamask-phishing-campaign-uses-kyc-lures-to-steal-passphrases/ Excerpt: “A new phishing campaign is targeting...

June 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage Date Published: June 22, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/ Excerpt: “Microsoft has revealed that this week's...

June 21, 2022

Title: Microsoft 365 Outage Affects Microsoft Teams and Exchange Online Date Published: June 21, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-affects-microsoft-teams-and-exchange-online/ Excerpt: “An ongoing outage affects multiple...