Fortify Security Team
Feb 24, 2021

Title: Exploitation of Accellion File Transfer Appliance
Date Published: February 24, 2021


Excerpt: “One of the exploited vulnerabilities (CVE-2021-27101) is an SQL injection vulnerability that allows an unauthenticated user to run remote commands on targeted devices. Actors have exploited this vulnerability to deploy a webshell on compromised systems. The webshell is located on the target system in the file /home/httpd/html/about.html or /home/seos/courier/about.html. The webshell allows the attacker to send commands to targeted devices, exfiltrate data, and clean up logs. The clean-up functionality of the webshell helps evade detection and analysis during post incident response. The Apache /var/opt/cache/rewrite.log file may also contain the following evidence of compromise:”

Title: NASA and the FAA Were Also Breached by the SolarWinds Hackers
Date Published: February 24, 2021


Excerpt: “While the US government has not publicly disclosed that NASA and the FAA were breached, the agencies’ identities were confirmed by the Post with US officials after Anne Neuberger, White House’s deputy national security adviser, said that nine federal agencies were breached in the SolarWinds hack campaign. A Transportation Department spokesperson said the agency is investigating the situation. A NASA spokeswoman added that the federal agency is working with CISA on “mitigation efforts to secure NASA’s data and network”.”

Title: Bitter APT Enhances Its Capabilities With Windows Kernel Zero-day Exploit
Date Published: February 24,  2021


Excerpt: “Recently, researchers found that the Bitter APT group was exploiting a zero-day vulnerability in the Windows 10 64-bit operating system, in the wild. This vulnerability also affects the latest version of the Windows 10 operating system, such as Windows10 20H2 64-bits. The vulnerability CVE-2021–1732 has been fixed in the February 2021 security update by the Microsoft Security Response Center (MSRC).”

Title: Legal Firm Leaks 15,000 Cases Via the Cloud
Date Published: February 24, 2021


Excerpt: “Researchers at reviews site WizCase found the AWS S3 bucket containing 55,000 documents wide open. It required no authorization to view the 20GB trove, meaning anyone with the URL could have accessed highly sensitive personal information, the firm claimed. WizCase traced the data back to Inova Yönetim, a Turkish actuarial consultancy which analyzes data to help calculate insurance risk and premiums.”

Title: Ransomware Attacks Double Against Global Universities
Date Published: February 24, 2021


Excerpt: “The surge in ransomware could partly be explained by the fact that over a fifth (22%) of all analyzed universities and colleges had open or unsecured remote desktop ports (RDPs). What’s more, two-thirds (66%) lacked protocols like SPF, DKIM and DMARC to help guard against phishing. These tend to be the top two vectors for ransomware. After ransomware, data breaches were the number two threat event for the sector over the reporting period, accounting for half of all events in 2019. Over a third of these were linked to learning tools and associated apps like Zoom, Chegg and ProctorU.”

Title: Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
Date Published: February 23,  2021


Excerpt: “VMware has addressed multiple critical remote code execution (RCE) vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. “A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server,” the company said in its advisory.”

Title: APT32 State Hackers Target Human Rights Defenders With Spyware
Date Published: February 23,  2021


Excerpt: “VOICE and the two bloggers all received emails containing spyware between February 2018 and November 2020,” Amnesty International added, with the final payload being installed on the victims’ Windows computers using APT32’s Kerrdown downloader. The attackers downloaded and deployed Cobalt Strike beacons to gain persistent remote access to the compromised systems. In the case of victims who used Macs, the APT32 operators used a macOS backdoor spotted by TrendMicro in previous attacks on Vietnamese targets, a malware strain designed to provide the attackers with the ability to download, upload, and execute arbitrary files and commands.”

Title: Clop Ransomware Gang Leaks Online What Looks Like Stolen Bombardier Blueprints of GlobalEye Radar Snoop Jet
Date Published: February 23,  2021


Excerpt: “Bombardier confirmed its security had been breached, putting out a public statement only minutes after The Register grilled the Canadian business jet maker on the Clop gang’s claims. “An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network,” the biz said.”

Title: 119,000 Threats Per Minute Detected in 2020
Date Published: February 23,  2021


Excerpt: “Email-borne threats such as phishing attacks accounted for 91% of the 62.6 billion threats blocked by Trend Micro last year. Nearly 14 million unique phishing URLs were detected by the company in 2020, with home networks a primary target. Researchers found cyber-attacks on home networks surged 210% year-on-year in 2020 to just under 2.9 billion, a figure that equates to 15.5% of all homes. The vast majority (73%) of strikes against home networks involved brute-forcing logins to gain control of a smart device or router.”

Title: Microsoft President Asks Congress To Force Private-Sector Orgs To Publicly Admit When They’ve Been Hacked
Date Published: February 24,  2021


Excerpt: “Speaking at a Senate Intelligence Committee hearing on Tuesday regarding the SolarWinds backdoor, through which suspected Russian agents infiltrated the computers of US government departments and Fortune 500 companies, Smith argued it was “time not only to talk about but to find a way to take action to impose in an appropriate manner some kind of notification obligation on entities in the private sector”.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...