OSN MARCH 10, 2021

Fortify Security Team
Mar 10, 2021

Title: Exposed Password Gave Hackers Access to 150,000 Cameras
Date Published: March 10, 2021

https://www.infosecurity-magazine.com/news/exposed-passwor-hackers-access/

Excerpt: “The attack seems to have been the work of an international hacker collective which did it to highlight the privacy risks associated with pervasive monitoring, according to Bloomberg. The camera maker, San Mateo-headquartered startup Verkada, said it had disabled all internal admin accounts to prevent unauthorized access. The incident appears to be legitimate: Bloomberg said it had seen video feeds from inside Tesla factories and hospitals. The group claims to have access to Verkada’s entire video archive for all customers, which include women’s health clinics, psychiatric hospitals, jails and even the offices of Verkada itself.”

Title: OVHcloud Data Centers Engulfed in Flames
Date Published: March 10, 2021

https://www.zdnet.com/article/ovhcloud-data-centers-engulfed-in-flames/

Excerpt: “OVHcloud has suffered a disastrous fire that has engulfed some of the firm’s data centers. The fire has now been quelled but an assessment of the overall damage caused to OVHcloud’s data centers may take some time. Impacted clients have been urged to turn to backups to minimize downtime and disruption. The company manages 27 data centers in countries including the US, UK, France, and Australia. “We recommend [you] activate your Disaster Recovery Plan,” Klaba added.”

Title: Microsoft Exchange Attacks Cause Panic as Criminals Go Shell Collecting
Date Published: March 8, 2021

https://blog.malwarebytes.com/malwarebytes-news/2021/03/microsoft-exchange-attacks-cause-panic-as-criminals-go-shell-collecting/

Excerpt: “Only last week we posted a blog about multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Seeing how this disclosure came with a patch being available, under normal circumstances you would see some companies update quickly and others would dally until it bubbled up to the top of their to-do list. This attack method, called ProxyLogon and attributed to a group called Hafnium, was different. It went from “limited and targeted attacks” to a full-size panic in no time.”

Title: Microsoft Patch Tuesday Fixes 82 CVEs, Internet Explorer Zero-Day
Date Published: March 9, 2021

https://www.darkreading.com/threat-intelligence/microsoft-patch-tuesday-fixes-82-cves-internet-explorer-zero-day/d/d-id/1340361

Excerpt: “The out-of-band Exchange patch released March 2 covers seven unique CVEs, four of which are under active attack. Organizations running on-premises Exchange Servers are advised to address the vulnerabilities as soon as possible, as attackers are continuing to scan for and exploit them. Microsoft today pushed additional patches for older, unsupported versions of Exchange Server.”

Title: Kaspersky Finds Nearly Half of Companies Prohibit Sharing Threat Intelligence Findings With Professional Communities
Date Published: March 9, 2021

https://usa.kaspersky.com/about/press-releases/2021_kaspersky-finds-nearly-half-of-companies-prohibit-sharing-threat-intelligence-findings-with-professional-communities

Excerpt: “Kaspersky is a long-time advocate for international collaboration in cyberspace and contributes to joint initiatives across the global IT security community. The company sees this approach as the best way to protect from ever-evolving cyberthreats. As such, Kaspersky surveyed more than 5,200 IT and cybersecurity practitioners globally for this report, to see if other businesses were ready to collaborate and share TI. The research found that respondents with TI analysis responsibilities are more likely to participate in specialized forums and blogs (41%), dark web forums (33%) or social media groups (21%).”

Title: Leaked Development Secrets a Major Issue for Repositories
Date Published: March 9,  2021

https://www.darkreading.com/application-security/leaked-development-secrets-a-major-issue-for-repositories/d/d-id/1340355

Excerpt: “The company, which scans public GitHub repositories daily and analyzes the latest committed code, found that API keys for Google Cloud resources, for a variety of development tools — such as the Django web framework and Okta authentication framework — and for database access made up almost 60% of all leaked secrets. Developers from India, Brazil, and the United States most often leaked secrets, the company found.”

Title: Most Decision Makers Plan to Increase Spending on Cybersecurity This Year
Date Published: March 10,  2021

https://www.helpnetsecurity.com/2021/03/10/spending-cybersecurity-2021/

Excerpt: “Meanwhile, half of the decision makers reported an increase in remote working, with 66% of those that did so witnessing an increase in phishing and ransomware attacks. This operational shift also exposed concerns around the impact of people on cyber resilience: of the 39% that reported an increase in insider threats, 51% believed that an increase in remote working was the cause.”

Title: Ryuk Ransomware Hits 700 Spanish Government Labor Agency Offices
Date Published: March 9, 2021

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-hits-700-spanish-government-labor-agency-offices/

Excerpt: “The ransomware has also spread beyond SEPE’s workstations and has reached the agency’s remote working staff’s laptops. The gang’s affiliates have hit roughly 20 companies every week during the third quarter of 2020, and, beginning with November 2020, they coordinated a massive wave of attacks on the US healthcare system. The Spanish labor agency is not the high-profile Spanish ransomware victim. Everis, one of Spain’s largest managed service providers (MSP), and Cadena SER (Sociedad Española de Radiodifusión), Spain’s largest radio station, also had their computer systems encrypted in a November 2019 ransomware attack.”

Title: z0Miner Spreads Using ElasticSearch and Jenkins RCE Vulnerabilities
Date Published: March 10, 2021

https://heimdalsecurity.com/blog/z0miner-spreads-using-elasticsearch-and-jenkins-rce-vulnerabilities/

Excerpt: “The hackers were able to hack the app, steal the information and leaked the image of the FW43B online before the scheduled launch. The formula 1 team planned to use an augmented reality app to present the car and give the fans an immersive experience, but “the app was hacked prior to launch.” The idea to use an augmented reality app was also a consequence of the ongoing pandemic and the need to involve the fans that were not able to physically participate in the event. The app was designed to allow fans to manipulate the car in its new livery in 3D.”

Title: Chinese Linked to Two Attacks on Internet-Facing Solarwinds Server
Date Published: March 9, 2021

https://www.scmagazine.com/home/solarwinds-hack/chinese-linked-to-two-attacks-on-internet-facing-solarwinds-server/

Excerpt: “In a blog, the Secureworks Counter Threat Unit (CTU) reported that Spiral exploited an internet-facing SolarWinds server to deploy the Supernova web shell. The researchers said the threat actor exploited a SolarWinds Orion API authentication bypass vulnerability (CVE-2020-10148) to execute a reconnaissance script and then write the Supernova web shell to disk. The vulnerability could let a remote attacker bypass authentication and execute API commands, which may result in a compromise of the SolarWinds instance.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...