Fortify Security Team
Feb 4, 2021

Title: U.S. Federal Payroll Agency Hacked Using Solarwinds Software Flaw
Date Published: February 2, 2021


Excerpt: “The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report. NFC provides human resources and payroll services to roughly 170 federal agencies and over 650,000 federal employees since 1973.”

Title: NIST Provides Guidance to Protect Controlled Unclassified Information
Date Published: February 4, 2021


Excerpt: “Nations around the world are adding cyberwarfare to their arsenal, employing highly skilled teams to launch attacks against other countries. These adversaries are also called the “advanced persistent threat,” or APT, because they possess the tools and resources to pursue their objectives repeatedly over an extended period, adapting to defenders’ efforts to resist them.”

Title: Blockchain Transactions Confirm Murky and Interconnected Ransomware Scene
Date Published: February 4,  2021


Excerpt: “A report published today by blockchain investigations firm Chainalysis confirms that cybercrime groups engaging in ransomware attacks don’t operate in their own bubbles but often switch ransomware suppliers (RaaS services) in a search for better profits. The report analyzed how Bitcoin funds were transferred from victims to criminal groups, and how the money was divided among different parties involved in the ransomware attack, and how it was eventually laundered.”

Title: Sonicwall Released Patch for Actively Exploited SMA 100 Zero-Day
Date Published: February 4, 2021


Excerpt: “The vulnerability, tracked as CVE-2021-20016, has been rated as critical and received a CVSS score of 9.8. A vulnerability results in improper SQL command neutralization in the SonicWall SSLVPN SMA100 product, it could be exploited by a remote, unauthenticated attacker for credential access on SMA100 build version 10.x.”

Title: Patch Imperfect: Software Fixes Failing to Shut Out Attackers
Date Published: February 3,  2021


Excerpt: “More than a third of the zero-day vulnerabilities discovered in 2020 were variants of previously disclosed — or incompletely patched — issues, showing that attackers do not have to do original research to continue to exploit many vulnerabilities, a Google researcher told virtual attendees at USENIX’s Enigma 2021 conference this week.”

Title: NCSC Warns of China’s Efforts to Collect US DNA Data
Date Published: February 3,  2021


Excerpt: “The collection of PII, personal health information and large genomic data sets gives China vast opportunities to precisely target individuals in foreign governments, private industries or other sectors for surveillance, manipulation or extortion, the NCSC warns. The NCSC alert comes on the heels of a 60 Minutes CBS television segment Sunday featuring William Evanina, the former director of the NCSC, who estimated that 80% of American adults have had their personally identifiable information “stolen” by China.”

Title: Vulnerabilities in Realtek Wi-Fi Module Expose Many Devices to Remote Attacks
Date Published:  February 4, 2021


Excerpt: “The low-power Wi-Fi module is designed for use in embedded devices, and is being used in a broad range of industries, including automotive, agriculture, energy, healthcare, industrial, and security. The RTL8195A chip supports WEP, WPA and WPA2 authentication modes, and Vdoo discovered that the WPA2 handshake mechanism is prone to stack overflow and out-of-bounds read bugs.”

Title: Emotet’s Takedown: Have We Seen the Last of the Malware?
Date Published: February 3, 2021


Excerpt: “Sherrod DeGrippo, senior director of threat research and detection with Proofpoint, shares insights on the global law enforcement and private-sector takedown of the major cybercrime tools such as Emotet. Last fall, agencies targeted TrickBot’s infrastructure to disrupt the prolific malware, and last week, they took down servers supporting the Emotet malware.”

Title: Concerns Over API Security Grow as Attacks Increase
Date Published: February 3, 2021


Excerpt: “For the second time in recent months, researchers are sounding the alarm on threats to enterprise security from insecure application programming interfaces (APIs). Last November, analyst firm Forrester Research warned about organizations failing to address API vulnerabilities in the same manner they did with application vulnerabilities – and their growing exposure to API-related breaches as a result.”

Title: Microsoft Fixes Powerpoint Crashes in Office February Updates
Date Published:  February 4, 2021


Excerpt: “Microsoft released the February 2021 non-security Microsoft Office updates with improvements and fixes for issues and crashes impacting Windows Installer (MSI) editions of Office 2016, Office 2013, and Office 2010 products. Multiple updates (KB4493164, KB4493169, and KB4493179) have been released to address issues that may lead to a PowerPoint crash when opening documents containing diagrams.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...