Fortify Security Team
Feb 4, 2021

Title: U.S. Federal Payroll Agency Hacked Using Solarwinds Software Flaw
Date Published: February 2, 2021


Excerpt: “The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report. NFC provides human resources and payroll services to roughly 170 federal agencies and over 650,000 federal employees since 1973.”

Title: NIST Provides Guidance to Protect Controlled Unclassified Information
Date Published: February 4, 2021


Excerpt: “Nations around the world are adding cyberwarfare to their arsenal, employing highly skilled teams to launch attacks against other countries. These adversaries are also called the “advanced persistent threat,” or APT, because they possess the tools and resources to pursue their objectives repeatedly over an extended period, adapting to defenders’ efforts to resist them.”

Title: Blockchain Transactions Confirm Murky and Interconnected Ransomware Scene
Date Published: February 4,  2021


Excerpt: “A report published today by blockchain investigations firm Chainalysis confirms that cybercrime groups engaging in ransomware attacks don’t operate in their own bubbles but often switch ransomware suppliers (RaaS services) in a search for better profits. The report analyzed how Bitcoin funds were transferred from victims to criminal groups, and how the money was divided among different parties involved in the ransomware attack, and how it was eventually laundered.”

Title: Sonicwall Released Patch for Actively Exploited SMA 100 Zero-Day
Date Published: February 4, 2021


Excerpt: “The vulnerability, tracked as CVE-2021-20016, has been rated as critical and received a CVSS score of 9.8. A vulnerability results in improper SQL command neutralization in the SonicWall SSLVPN SMA100 product, it could be exploited by a remote, unauthenticated attacker for credential access on SMA100 build version 10.x.”

Title: Patch Imperfect: Software Fixes Failing to Shut Out Attackers
Date Published: February 3,  2021


Excerpt: “More than a third of the zero-day vulnerabilities discovered in 2020 were variants of previously disclosed — or incompletely patched — issues, showing that attackers do not have to do original research to continue to exploit many vulnerabilities, a Google researcher told virtual attendees at USENIX’s Enigma 2021 conference this week.”

Title: NCSC Warns of China’s Efforts to Collect US DNA Data
Date Published: February 3,  2021


Excerpt: “The collection of PII, personal health information and large genomic data sets gives China vast opportunities to precisely target individuals in foreign governments, private industries or other sectors for surveillance, manipulation or extortion, the NCSC warns. The NCSC alert comes on the heels of a 60 Minutes CBS television segment Sunday featuring William Evanina, the former director of the NCSC, who estimated that 80% of American adults have had their personally identifiable information “stolen” by China.”

Title: Vulnerabilities in Realtek Wi-Fi Module Expose Many Devices to Remote Attacks
Date Published:  February 4, 2021


Excerpt: “The low-power Wi-Fi module is designed for use in embedded devices, and is being used in a broad range of industries, including automotive, agriculture, energy, healthcare, industrial, and security. The RTL8195A chip supports WEP, WPA and WPA2 authentication modes, and Vdoo discovered that the WPA2 handshake mechanism is prone to stack overflow and out-of-bounds read bugs.”

Title: Emotet’s Takedown: Have We Seen the Last of the Malware?
Date Published: February 3, 2021


Excerpt: “Sherrod DeGrippo, senior director of threat research and detection with Proofpoint, shares insights on the global law enforcement and private-sector takedown of the major cybercrime tools such as Emotet. Last fall, agencies targeted TrickBot’s infrastructure to disrupt the prolific malware, and last week, they took down servers supporting the Emotet malware.”

Title: Concerns Over API Security Grow as Attacks Increase
Date Published: February 3, 2021


Excerpt: “For the second time in recent months, researchers are sounding the alarm on threats to enterprise security from insecure application programming interfaces (APIs). Last November, analyst firm Forrester Research warned about organizations failing to address API vulnerabilities in the same manner they did with application vulnerabilities – and their growing exposure to API-related breaches as a result.”

Title: Microsoft Fixes Powerpoint Crashes in Office February Updates
Date Published:  February 4, 2021


Excerpt: “Microsoft released the February 2021 non-security Microsoft Office updates with improvements and fixes for issues and crashes impacting Windows Installer (MSI) editions of Office 2016, Office 2013, and Office 2010 products. Multiple updates (KB4493164, KB4493169, and KB4493179) have been released to address issues that may lead to a PowerPoint crash when opening documents containing diagrams.”

Recent Posts

July 21, 2022

Title: Windows 11 Now Blocks Rdp Brute-Force Attacks by Default Date Published: July 21, 2022 https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/ Excerpt: “Recent Windows 11 builds come with the Account Lockout...

July 20, 2022

Title: New Luna Ransomware Encrypts Windows, Linux, and Esxi Systems Date Published: July 20, 2022 https://www.bleepingcomputer.com/news/security/new-luna-ransomware-encrypts-windows-linux-and-esxi-systems/ Excerpt: “A new ransomware family dubbed Luna can be used to...

July 18, 2022

Title: A Massive Cyberattack Hit Albania Date Published: July 18, 2022 https://securityaffairs.co/wordpress/133363/cyber-warfare-2/albania-cyber-attack.html Excerpt: “Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A...

July 15, 2022

Title: Microsoft Links Holy Ghost Ransomware Operation to North Korean Hackers Date Published: July 14, 2022 https://www.bleepingcomputer.com/news/security/microsoft-links-holy-ghost-ransomware-operation-to-north-korean-hackers/ “For more than a year, North Korean...

July 15, 2022

Title: Microsoft Links Holy Ghost Ransomware Operation to North Korean Hackers Date Published: July 14, 2022 https://www.bleepingcomputer.com/news/security/microsoft-links-holy-ghost-ransomware-operation-to-north-korean-hackers/ “For more than a year, North Korean...

July 14, 2022

Title: Microsoft Published Exploit Code for a MacOS App Sandbox Escape Flaw Date Published: July 14, 2022 https://securityaffairs.co/wordpress/133211/hacking/macos-sandbox-bypass-exploit.html Excerpt: “Microsoft publicly disclosed technical details for an access issue...

July 12, 2022

Title: Hackers Can Unlock Honda Cars Remotely in Rolling-PWN Attacks Date Published: July 11, 2022 https://www.bleepingcomputer.com/news/security/hackers-can-unlock-honda-cars-remotely-in-rolling-pwn-attacks/ Excerpt: “A team of security researchers found that several...