OSN FEBRUARY 12, 2021

Fortify Security Team
Feb 12, 2021

Title: Yandex Suffers Data Breach After Sysadmin Sold Access to User Emails

Date Published: February 11, 2021

https://www.bleepingcomputer.com/news/security/yandex-suffers-data-breach-after-sysadmin-sold-access-to-user-emails/

Excerpt: “Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. The company discovered the breach internally, during a routine check of its security team. The investigation revealed that the employee’s actions led to the compromise of almost 5,000 Yandex email inboxes.”

Title: Accellion to Retire Enterprise File-Sharing Product Targeted in Recent Attacks

Date Published: February 12, 2021

https://www.helpnetsecurity.com/2021/02/12/accellion-fta/

Excerpt: “U.S.-based cloud solutions company Accellion will soon retire FTA, its legacy enterprise file-sharing solution, vulnerabilities in which have recently been exploited by attackers to breach a variety of organizations, including the Australian Securities and Investments Commission, the Washington State Auditor Office, and Singapore telecom Singtel.”

Title: Tim’s Red Team Research (Rtr) Discovered a Critical Zero-Day Vulnerability in Ibm Infosphere Information Server

Date Published: February 12,  2021

https://securityaffairs.co/wordpress/114520/hacking/zero-day-ibm-infosphere-information-server.html

Excerpt: “Cybersecurity researchers identified a Deserialization of Untrusted Data (CWE-502), identified as CVE-2020-27583, has a CVSS3 score of 9.8. The vulnerability allows unrestricted remote code execution with root privileges, without requiring any authentication. The laboratory has identified, from public sources available on the corporate website, vulnerabilities on vendors such as Oracle, Nokia, Siemens, Schneider Electric, QNAP, Selesta, WOWZA, MultiUX and recently WordPress, helping to improve overall IT security.”

Title: Pre-Valentine’s Day Malware Attack Mimics Flower, Lingerie Stores

https://threatpost.com/valentines-day-malware-attack/163900/

Date Published: February 11, 2021

Excerpt: “The BazaLoader downloader, written in C++, has the primary function of downloading and executing additional modules. BazaLoader was first observed in the wild in April – and since then researchers have observed at least six variants, “signaling active and continued development.” Recently, researchers found multiple BazaLoader campaigns in January and February, which have relied heavily on human interaction with different sites, PDF attachments and email lures.”

Title: White House Taps Neuberger to Lead SolarWinds Probe

Date Published: February 11,  2021

https://www.bankinfosecurity.com/white-house-taps-neuberger-to-lead-solarwinds-probe-a-15976

Excerpt: “”The federal government’s response to date to the SolarWinds breach has lacked the leadership and coordination warranted by a significant cyber event, so it is welcome news that the Biden administration has selected Anne Neuberger to lead the response,” the senators note. “The committee looks forward to getting regular briefings from Ms. Neuberger and working with her to ensure we fully confront and mitigate this incident as quickly as possible”.”

Title: What’s Most Interesting About the Florida Water System Hack? That We Heard About It at All.

https://krebsonsecurity.com/2021/02/whats-most-interesting-about-the-florida-water-system-hack-that-we-heard-about-it-at-all/

Date Published: February 10,  2021

Excerpt: ““The system wasn’t capable of doing what the attacker wanted,” said Joe Weiss, managing partner at Applied Control Solutions, a consultancy for the control systems industry. “The system isn’t capable of going up by a factor of 100 because there are certain physics problems involved there. Also, the changes he tried to make wouldn’t happen instantaneously. The operators would have had plenty of time to do something about it.”

Title: Secret Chat in Telegram Left Self-Destructing Media Files On Devices

Date Published: February 12,  2021

https://thehackernews.com/2021/02/secret-chat-in-telegram-left-self.html

Excerpt: “Popular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats. The vulnerability was discovered by security researcher Dhiraj Mishra in version 7.3 of the app, who disclosed his findings to Telegram on December 26, 2020. The issue has since been resolved in version 7.4, released on January 29.”

Title: Internet-Exposed Orion Servers Drop 25% Since Solarwinds Breaches Announced

Date Published: February 12,  2021

https://www.scmagazine.com/home/security-news/network-security/internet-exposed-orion-servers-drop-25-since-solarwinds-breaches-announced/

Excerpt: “In recent days, the cybersecurity community has been abuzz with discussion of the latest announcement from Google’s Threat Analysis Group. Google says it has spent the past few months tracking a new campaign orchestrated by “a government-backed entity based in North Korea,” thought to be the threat actor known as the Lazarus Group. The campaign targeted a number of security researchers. There are special lessons to be learned from this campaign. The researchers were attacked in a complex, multivector fashion.”

Title: Ransomware Attackers Set Their Sights on SaaS

Date Published: February 11,  2021

https://www.darkreading.com/attacks-breaches/ransomware-attackers-set-their-sights-on-saas/d/d-id/1340147

Excerpt: “Ransomware attacks have begun to more heavily target software applications, open source tools, and Web and application frameworks as attackers seek more direct paths to organizations’ largest and most important data stores. The ransomware threat landscape has seen tremendous growth in the past few years alone, RiskSense researchers report in a new study, “Ransomware – Through the Lens of Threat and Vulnerability Management.” They detected 223 vulnerabilities associated with 125 ransomware families, a massive increase from their 2019 findings of 57 CVEs tied to 19 ransomware families.”

Title: Security Researchers Discover Helpdesk Software Vulnerability

Date Published: February 12,  2021

https://www.securitymagazine.com/articles/94597-security-researchers-discover-helpdesk-software-vulnerability

Excerpt: “Deskpro is a multichannel helpdesk software solution that helps thousands of organizations manage their customer communications and userbase across multiple channels, including email, live, chat, voice and social media, and can be deployed on the organization’s own server infrastructure or via public or private cloud services. According to the researchers, successful exploitation of the discovered XSS vulnerability could have allowed attackers to hijack the sessions of admins and takeover the accounts of helpdesk agents.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...