OSN FEBRUARY 3, 2021

Fortify Security Team
Feb 3, 2021

Title: Over a Dozen Chrome Extensions Caught Hijacking Google Search Results for Millions

Date Published: February 3, 2021

https://thehackernews.com/2021/02/over-dozen-chrome-extensions-caught.html

Excerpt: “All the backdoored browser add-ons have been taken down by Google and Microsoft as of December 18, 2020, to prevent more users from downloading them from the official stores. Collectively called “CacheFlow” by Avast, the 28 extensions in question — including Video Downloader for Facebook, Vimeo Video Downloader, Instagram Story Downloader, VK Unblock — made use of a sneaky trick to mask its true purpose: Leverage Cache-Control HTTP header as a covert channel to retrieve commands from an attacker-controlled server.”

Title: Hacking Organizations One Document at a Time With Metadata

Date Published: February 3, 2021

https://medium.com/bugbountywriteup/hacking-organizations-one-document-at-a-time-with-metadata-1af2eb10f254

Excerpt: “Metadata is a go-to source for this information and is easily overlooked during a company’s publishing process. Once posted on their website, or another public forum, it is possible to download the file and extract critical information using utilities such as Phil Harvey’s ExifTool. This is a platform-independent application written in Perl that can be used to read, write, and edit meta information in a variety of file types.”

Title: 3 New Severe Security Vulnerabilities Found In SolarWinds Software

Date Published: February 3,  2021

https://thehackernews.com/2021/02/3-new-severe-security-vulnerabilities.html

Excerpt: “The two sets of vulnerabilities in Orion and Serv-U FTP were disclosed to SolarWinds on December 30, 2020, and January 4, 2021, respectively, following which the company resolved the issues on January 22 and January 25. It’s highly recommended that users install the latest versions of Orion Platform and Serv-U FTP (15.2.2 Hotfix 1) to mitigate the risks associated with the flaws. Trustwave said it intends to release a proof-of-concept (PoC) code next week on February 9.”

Title: Microsoft Defender ATP Is Detecting Yesterday’s Chrome Update as a Backdoor

https://www.zdnet.com/article/microsoft-defender-atp-is-detecting-yesterdays-chrome-update-as-a-backdoor/#ftag=RSSbaffb68

Date Published: February 3, 2021

Excerpt: “As per the screenshot above, but also based on reports shared on Twitter by other dismayed system administrators, Defender ATP is currently detecting multiple files part of the Chrome v88.0.4324.146 update package as containing a generic backdoor trojan named “PHP/Funvalget.A.” The alerts have caused quite a stir in enterprise environments in light of recent multiple software supply chain attacks that have hit companies across the world over the past few months. System administrators are currently awaiting a formal statement from Microsoft to confirm that the detection is a “false possitive” and not an actual threat.”

Title: Hackers Stole Personnel Records of Software Developer Wind River

Date Published: February 3,  2021

https://securityaffairs.co/wordpress/114151/data-breach/wind-river-data-breach.html

Excerpt: “The company claims its technology is found in more than 2 billion products, it develops run-time software, middleware, development and simulation platforms. The security breach took place on or around September 29, 2020, attackers accessed the personal information of its employees. “Our outside experts recently determined that some of your personal information would have been available within one or more files that were downloaded from our network on or about September 29, 2020,” reads the data breach notification letter sent by the company to its employees”.”

Title: Excel Spreadsheets Push SystemBC Malware

Date Published: February 2,  2021

https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/

Excerpt: “On Monday 2021-02-01, a fellow researcher posted an Excel spreadsheet to the Hatching Triage sandbox.  This Excel spreadsheet has a malicious macro, and it uses an updated GlobalSign template that I hadn’t noticed before (link for the sample). This Excel spreadsheet pushed what might be SystemBC malware when I tested it in my lab environment on Monday 2021-02-01.  My lab host was part of an Active Directory (AD) environment, and I also saw Cobalt Strike as follow-up activity from this infection.”

Title: Recent Root-Giving Sudo Bug Also Impacts MacOS

Date Published:  February 3, 2021

https://www.zdnet.com/article/recent-root-giving-sudo-bug-also-impacts-macos/#ftag=RSSbaffb68

Excerpt: “Hickey said he tested the CVE-2021-3156 vulnerability and found that with a few modifications, the security bug could be used to grant attackers access to macOS root accounts as well. “To trigger it, you just have to overwrite argv[0] or create a symlink, which therefore exposes the OS to the same local root vulnerability that has plagued Linux users the last week or so,” Hickey told ZDNet today, prior to sharing a video of the bug in question”.”

Title: Threat Actors Capitalize on COVID-19 Vaccine News to Run Campaigns, AWS Abused to Host Malicious PDFs

Date Published: February 2, 2021

https://www.anomali.com/blog/threat-actors-capitalize-on-covid-19-vaccine-news-to-run-campaigns-aws-abused-to-host-malicious-pdfs

Excerpt: “The majority of this research centers on analysis of known threat actors and indicators of compromise (IOCs). There are several samples that we believe are newly discovered by our researchers (we haven’t seen them discussed elsewhere). Among these are several malicious PDFs hosted on Amazon Web Services (AWS) and other hosting websites. We discuss this campaign below in the chapter named “2.c. Alternative channel: Online PDF Search Engine Optimization (SEO)”, detailing samples with titles “Adenovirus vector pdf” and “Illinois coronavirus october 15”.”

Title: TrickBot Continues Resurgence with Port-Scanning Module

Date Published: February 2, 2021

https://threatpost.com/trickbot-port-scanning-module/163615/

Excerpt: “The TrickBot trojan is continuing its bounce-back from an autumn takedown, recently adding a network-scanning module that uses the Masscan open-source tool to look for open ports. Masscan is a mass TCP/IP port scanner, which can scan the entire internet in under five minutes according to its authors, transmitting 10 million packets per second of data from a single machine. The TrickBot module that uses it, dubbed “masrv,” is likely used for network reconnaissance, according to researchers at Kryptos Logic.”

Title: Microsoft Defender Now Detects MacOS System, App Vulnerabilities

Date Published:  February 2, 2021

https://www.bleepingcomputer.com/news/security/microsoft-defender-now-detects-macos-system-app-vulnerabilities/

Excerpt: “”This capability expansion enables organizations to discover, prioritize, and remediate both software and operating system vulnerabilities on devices running macOS,” Microsoft Senior Product Manager Tomer Reisner said. “After onboarding your macOS devices to Microsoft Defender for Endpoint, you’ll get the latest security recommendations, review recently discovered vulnerabilities in installed applications, and issue remediation tasks, just like you can with Windows devices”.”

Recent Posts

January 14, 2022

Title: Android users can now disable 2G to block Stingray attacks Date Published: January 13, 2022 https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/ Excerpt: "Google has finally rolled out an option on Android...

November 23, 2021

Title: Over 4000 UK Retailers Compromised by Magecart Attacks Date Published: November 23, 2021 https://www.infosecurity-magazine.com/news/4000-uk-retailers-compromised/ Excerpt: “UK government security experts have been forced to notify over 4000 domestic online...

November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...