Fortify Security Team
Feb 3, 2021

Title: Over a Dozen Chrome Extensions Caught Hijacking Google Search Results for Millions

Date Published: February 3, 2021


Excerpt: “All the backdoored browser add-ons have been taken down by Google and Microsoft as of December 18, 2020, to prevent more users from downloading them from the official stores. Collectively called “CacheFlow” by Avast, the 28 extensions in question — including Video Downloader for Facebook, Vimeo Video Downloader, Instagram Story Downloader, VK Unblock — made use of a sneaky trick to mask its true purpose: Leverage Cache-Control HTTP header as a covert channel to retrieve commands from an attacker-controlled server.”

Title: Hacking Organizations One Document at a Time With Metadata

Date Published: February 3, 2021


Excerpt: “Metadata is a go-to source for this information and is easily overlooked during a company’s publishing process. Once posted on their website, or another public forum, it is possible to download the file and extract critical information using utilities such as Phil Harvey’s ExifTool. This is a platform-independent application written in Perl that can be used to read, write, and edit meta information in a variety of file types.”

Title: 3 New Severe Security Vulnerabilities Found In SolarWinds Software

Date Published: February 3,  2021


Excerpt: “The two sets of vulnerabilities in Orion and Serv-U FTP were disclosed to SolarWinds on December 30, 2020, and January 4, 2021, respectively, following which the company resolved the issues on January 22 and January 25. It’s highly recommended that users install the latest versions of Orion Platform and Serv-U FTP (15.2.2 Hotfix 1) to mitigate the risks associated with the flaws. Trustwave said it intends to release a proof-of-concept (PoC) code next week on February 9.”

Title: Microsoft Defender ATP Is Detecting Yesterday’s Chrome Update as a Backdoor


Date Published: February 3, 2021

Excerpt: “As per the screenshot above, but also based on reports shared on Twitter by other dismayed system administrators, Defender ATP is currently detecting multiple files part of the Chrome v88.0.4324.146 update package as containing a generic backdoor trojan named “PHP/Funvalget.A.” The alerts have caused quite a stir in enterprise environments in light of recent multiple software supply chain attacks that have hit companies across the world over the past few months. System administrators are currently awaiting a formal statement from Microsoft to confirm that the detection is a “false possitive” and not an actual threat.”

Title: Hackers Stole Personnel Records of Software Developer Wind River

Date Published: February 3,  2021


Excerpt: “The company claims its technology is found in more than 2 billion products, it develops run-time software, middleware, development and simulation platforms. The security breach took place on or around September 29, 2020, attackers accessed the personal information of its employees. “Our outside experts recently determined that some of your personal information would have been available within one or more files that were downloaded from our network on or about September 29, 2020,” reads the data breach notification letter sent by the company to its employees”.”

Title: Excel Spreadsheets Push SystemBC Malware

Date Published: February 2,  2021


Excerpt: “On Monday 2021-02-01, a fellow researcher posted an Excel spreadsheet to the Hatching Triage sandbox.  This Excel spreadsheet has a malicious macro, and it uses an updated GlobalSign template that I hadn’t noticed before (link for the sample). This Excel spreadsheet pushed what might be SystemBC malware when I tested it in my lab environment on Monday 2021-02-01.  My lab host was part of an Active Directory (AD) environment, and I also saw Cobalt Strike as follow-up activity from this infection.”

Title: Recent Root-Giving Sudo Bug Also Impacts MacOS

Date Published:  February 3, 2021


Excerpt: “Hickey said he tested the CVE-2021-3156 vulnerability and found that with a few modifications, the security bug could be used to grant attackers access to macOS root accounts as well. “To trigger it, you just have to overwrite argv[0] or create a symlink, which therefore exposes the OS to the same local root vulnerability that has plagued Linux users the last week or so,” Hickey told ZDNet today, prior to sharing a video of the bug in question”.”

Title: Threat Actors Capitalize on COVID-19 Vaccine News to Run Campaigns, AWS Abused to Host Malicious PDFs

Date Published: February 2, 2021


Excerpt: “The majority of this research centers on analysis of known threat actors and indicators of compromise (IOCs). There are several samples that we believe are newly discovered by our researchers (we haven’t seen them discussed elsewhere). Among these are several malicious PDFs hosted on Amazon Web Services (AWS) and other hosting websites. We discuss this campaign below in the chapter named “2.c. Alternative channel: Online PDF Search Engine Optimization (SEO)”, detailing samples with titles “Adenovirus vector pdf” and “Illinois coronavirus october 15”.”

Title: TrickBot Continues Resurgence with Port-Scanning Module

Date Published: February 2, 2021


Excerpt: “The TrickBot trojan is continuing its bounce-back from an autumn takedown, recently adding a network-scanning module that uses the Masscan open-source tool to look for open ports. Masscan is a mass TCP/IP port scanner, which can scan the entire internet in under five minutes according to its authors, transmitting 10 million packets per second of data from a single machine. The TrickBot module that uses it, dubbed “masrv,” is likely used for network reconnaissance, according to researchers at Kryptos Logic.”

Title: Microsoft Defender Now Detects MacOS System, App Vulnerabilities

Date Published:  February 2, 2021


Excerpt: “”This capability expansion enables organizations to discover, prioritize, and remediate both software and operating system vulnerabilities on devices running macOS,” Microsoft Senior Product Manager Tomer Reisner said. “After onboarding your macOS devices to Microsoft Defender for Endpoint, you’ll get the latest security recommendations, review recently discovered vulnerabilities in installed applications, and issue remediation tasks, just like you can with Windows devices”.”

Recent Posts

June 30, 2022

Title: Google Blocked Dozens of Domains Used by Hack-For-Hire Groups Date Published: June 30, 2022 https://www.bleepingcomputer.com/news/security/google-blocked-dozens-of-domains-used-by-hack-for-hire-groups/ Excerpt: “Google's Threat Analysis Group (TAG) has blocked...

June 28, 2022

Title: Over 900,000 Kubernetes Instances Found Exposed Online Date Published: June 28, 2022 https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/ Excerpt: “Over 900,000 misconfigured Kubernetes clusters were found...

June 27, 2022

Title: CafePress Fined $500,000 for Breach Affecting 23 Million Users Date Published: June 24, 2022 https://www.bleepingcomputer.com/news/security/cafepress-fined-500-000-for-breach-affecting-23-million-users/ Excerpt: “The U.S. Federal Trade Commission (FTC) has...

June 24, 2022

Title: Scalper Bots out of Control in Israel, Selling State Appointments Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/scalper-bots-out-of-control-in-israel-selling-state-appointments/ Excerpt: “Out-of-control scalper bots have created...

June 23, 2022

Title: New MetaMask Phishing Campaign uses KYC Lures to Steal Passphrases Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/new-metamask-phishing-campaign-uses-kyc-lures-to-steal-passphrases/ Excerpt: “A new phishing campaign is targeting...

June 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage Date Published: June 22, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/ Excerpt: “Microsoft has revealed that this week's...

June 21, 2022

Title: Microsoft 365 Outage Affects Microsoft Teams and Exchange Online Date Published: June 21, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-affects-microsoft-teams-and-exchange-online/ Excerpt: “An ongoing outage affects multiple...