OSN FEBRUARY 4, 2021

Fortify Security Team
Feb 4, 2021

Title: U.S. Federal Payroll Agency Hacked Using Solarwinds Software Flaw
Date Published: February 2, 2021

https://www.bleepingcomputer.com/news/security/us-federal-payroll-agency-hacked-using-solarwinds-software-flaw/

Excerpt: “The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report. NFC provides human resources and payroll services to roughly 170 federal agencies and over 650,000 federal employees since 1973.”

Title: NIST Provides Guidance to Protect Controlled Unclassified Information
Date Published: February 4, 2021

https://www.helpnetsecurity.com/2021/02/04/protect-controlled-unclassified-information/

Excerpt: “Nations around the world are adding cyberwarfare to their arsenal, employing highly skilled teams to launch attacks against other countries. These adversaries are also called the “advanced persistent threat,” or APT, because they possess the tools and resources to pursue their objectives repeatedly over an extended period, adapting to defenders’ efforts to resist them.”

Title: Blockchain Transactions Confirm Murky and Interconnected Ransomware Scene
Date Published: February 4,  2021

https://www.zdnet.com/article/blockchain-transactions-confirm-murky-and-interconnected-ransomware-scene/

Excerpt: “A report published today by blockchain investigations firm Chainalysis confirms that cybercrime groups engaging in ransomware attacks don’t operate in their own bubbles but often switch ransomware suppliers (RaaS services) in a search for better profits. The report analyzed how Bitcoin funds were transferred from victims to criminal groups, and how the money was divided among different parties involved in the ransomware attack, and how it was eventually laundered.”

Title: Sonicwall Released Patch for Actively Exploited SMA 100 Zero-Day
Date Published: February 4, 2021

https://securityaffairs.co/wordpress/114197/hacking/sonicwall-zero-day-patch.html

Excerpt: “The vulnerability, tracked as CVE-2021-20016, has been rated as critical and received a CVSS score of 9.8. A vulnerability results in improper SQL command neutralization in the SonicWall SSLVPN SMA100 product, it could be exploited by a remote, unauthenticated attacker for credential access on SMA100 build version 10.x.”

Title: Patch Imperfect: Software Fixes Failing to Shut Out Attackers
Date Published: February 3,  2021

https://www.darkreading.com/vulnerabilities—threats/patch-imperfect-software-fixes-failing-to-shut-out-attackers/d/d-id/1340051

Excerpt: “More than a third of the zero-day vulnerabilities discovered in 2020 were variants of previously disclosed — or incompletely patched — issues, showing that attackers do not have to do original research to continue to exploit many vulnerabilities, a Google researcher told virtual attendees at USENIX’s Enigma 2021 conference this week.”

Title: NCSC Warns of China’s Efforts to Collect US DNA Data
Date Published: February 3,  2021

https://www.databreachtoday.com/ncsc-warns-chinas-efforts-to-collect-us-dna-data-a-15920

Excerpt: “The collection of PII, personal health information and large genomic data sets gives China vast opportunities to precisely target individuals in foreign governments, private industries or other sectors for surveillance, manipulation or extortion, the NCSC warns. The NCSC alert comes on the heels of a 60 Minutes CBS television segment Sunday featuring William Evanina, the former director of the NCSC, who estimated that 80% of American adults have had their personally identifiable information “stolen” by China.”

Title: Vulnerabilities in Realtek Wi-Fi Module Expose Many Devices to Remote Attacks
Date Published:  February 4, 2021

https://rootdaemon.com/2021/02/04/vulnerabilities-in-realtek-wi-fi-module-expose-many-devices-to-remote-attacks/

Excerpt: “The low-power Wi-Fi module is designed for use in embedded devices, and is being used in a broad range of industries, including automotive, agriculture, energy, healthcare, industrial, and security. The RTL8195A chip supports WEP, WPA and WPA2 authentication modes, and Vdoo discovered that the WPA2 handshake mechanism is prone to stack overflow and out-of-bounds read bugs.”

Title: Emotet’s Takedown: Have We Seen the Last of the Malware?
Date Published: February 3, 2021

https://threatpost.com/emotets-takedown-have-we-seen-the-last-of-the-malware/163636/

Excerpt: “Sherrod DeGrippo, senior director of threat research and detection with Proofpoint, shares insights on the global law enforcement and private-sector takedown of the major cybercrime tools such as Emotet. Last fall, agencies targeted TrickBot’s infrastructure to disrupt the prolific malware, and last week, they took down servers supporting the Emotet malware.”

Title: Concerns Over API Security Grow as Attacks Increase
Date Published: February 3, 2021

https://www.darkreading.com/application-security/concerns-over-api-security-grow-as-attacks-increase/d/d-id/1340054

Excerpt: “For the second time in recent months, researchers are sounding the alarm on threats to enterprise security from insecure application programming interfaces (APIs). Last November, analyst firm Forrester Research warned about organizations failing to address API vulnerabilities in the same manner they did with application vulnerabilities – and their growing exposure to API-related breaches as a result.”

Title: Microsoft Fixes Powerpoint Crashes in Office February Updates
Date Published:  February 4, 2021

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-powerpoint-crashes-in-office-february-updates/

Excerpt: “Microsoft released the February 2021 non-security Microsoft Office updates with improvements and fixes for issues and crashes impacting Windows Installer (MSI) editions of Office 2016, Office 2013, and Office 2010 products. Multiple updates (KB4493164, KB4493169, and KB4493179) have been released to address issues that may lead to a PowerPoint crash when opening documents containing diagrams.”

Recent Posts

January 14, 2022

Title: Android users can now disable 2G to block Stingray attacks Date Published: January 13, 2022 https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/ Excerpt: "Google has finally rolled out an option on Android...

November 23, 2021

Title: Over 4000 UK Retailers Compromised by Magecart Attacks Date Published: November 23, 2021 https://www.infosecurity-magazine.com/news/4000-uk-retailers-compromised/ Excerpt: “UK government security experts have been forced to notify over 4000 domestic online...

November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...