OSN MARCH 10, 2021

Fortify Security Team
Mar 10, 2021

Title: Exposed Password Gave Hackers Access to 150,000 Cameras
Date Published: March 10, 2021

https://www.infosecurity-magazine.com/news/exposed-passwor-hackers-access/

Excerpt: “The attack seems to have been the work of an international hacker collective which did it to highlight the privacy risks associated with pervasive monitoring, according to Bloomberg. The camera maker, San Mateo-headquartered startup Verkada, said it had disabled all internal admin accounts to prevent unauthorized access. The incident appears to be legitimate: Bloomberg said it had seen video feeds from inside Tesla factories and hospitals. The group claims to have access to Verkada’s entire video archive for all customers, which include women’s health clinics, psychiatric hospitals, jails and even the offices of Verkada itself.”

Title: OVHcloud Data Centers Engulfed in Flames
Date Published: March 10, 2021

https://www.zdnet.com/article/ovhcloud-data-centers-engulfed-in-flames/

Excerpt: “OVHcloud has suffered a disastrous fire that has engulfed some of the firm’s data centers. The fire has now been quelled but an assessment of the overall damage caused to OVHcloud’s data centers may take some time. Impacted clients have been urged to turn to backups to minimize downtime and disruption. The company manages 27 data centers in countries including the US, UK, France, and Australia. “We recommend [you] activate your Disaster Recovery Plan,” Klaba added.”

Title: Microsoft Exchange Attacks Cause Panic as Criminals Go Shell Collecting
Date Published: March 8, 2021

https://blog.malwarebytes.com/malwarebytes-news/2021/03/microsoft-exchange-attacks-cause-panic-as-criminals-go-shell-collecting/

Excerpt: “Only last week we posted a blog about multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Seeing how this disclosure came with a patch being available, under normal circumstances you would see some companies update quickly and others would dally until it bubbled up to the top of their to-do list. This attack method, called ProxyLogon and attributed to a group called Hafnium, was different. It went from “limited and targeted attacks” to a full-size panic in no time.”

Title: Microsoft Patch Tuesday Fixes 82 CVEs, Internet Explorer Zero-Day
Date Published: March 9, 2021

https://www.darkreading.com/threat-intelligence/microsoft-patch-tuesday-fixes-82-cves-internet-explorer-zero-day/d/d-id/1340361

Excerpt: “The out-of-band Exchange patch released March 2 covers seven unique CVEs, four of which are under active attack. Organizations running on-premises Exchange Servers are advised to address the vulnerabilities as soon as possible, as attackers are continuing to scan for and exploit them. Microsoft today pushed additional patches for older, unsupported versions of Exchange Server.”

Title: Kaspersky Finds Nearly Half of Companies Prohibit Sharing Threat Intelligence Findings With Professional Communities
Date Published: March 9, 2021

https://usa.kaspersky.com/about/press-releases/2021_kaspersky-finds-nearly-half-of-companies-prohibit-sharing-threat-intelligence-findings-with-professional-communities

Excerpt: “Kaspersky is a long-time advocate for international collaboration in cyberspace and contributes to joint initiatives across the global IT security community. The company sees this approach as the best way to protect from ever-evolving cyberthreats. As such, Kaspersky surveyed more than 5,200 IT and cybersecurity practitioners globally for this report, to see if other businesses were ready to collaborate and share TI. The research found that respondents with TI analysis responsibilities are more likely to participate in specialized forums and blogs (41%), dark web forums (33%) or social media groups (21%).”

Title: Leaked Development Secrets a Major Issue for Repositories
Date Published: March 9,  2021

https://www.darkreading.com/application-security/leaked-development-secrets-a-major-issue-for-repositories/d/d-id/1340355

Excerpt: “The company, which scans public GitHub repositories daily and analyzes the latest committed code, found that API keys for Google Cloud resources, for a variety of development tools — such as the Django web framework and Okta authentication framework — and for database access made up almost 60% of all leaked secrets. Developers from India, Brazil, and the United States most often leaked secrets, the company found.”

Title: Most Decision Makers Plan to Increase Spending on Cybersecurity This Year
Date Published: March 10,  2021

https://www.helpnetsecurity.com/2021/03/10/spending-cybersecurity-2021/

Excerpt: “Meanwhile, half of the decision makers reported an increase in remote working, with 66% of those that did so witnessing an increase in phishing and ransomware attacks. This operational shift also exposed concerns around the impact of people on cyber resilience: of the 39% that reported an increase in insider threats, 51% believed that an increase in remote working was the cause.”

Title: Ryuk Ransomware Hits 700 Spanish Government Labor Agency Offices
Date Published: March 9, 2021

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-hits-700-spanish-government-labor-agency-offices/

Excerpt: “The ransomware has also spread beyond SEPE’s workstations and has reached the agency’s remote working staff’s laptops. The gang’s affiliates have hit roughly 20 companies every week during the third quarter of 2020, and, beginning with November 2020, they coordinated a massive wave of attacks on the US healthcare system. The Spanish labor agency is not the high-profile Spanish ransomware victim. Everis, one of Spain’s largest managed service providers (MSP), and Cadena SER (Sociedad Española de Radiodifusión), Spain’s largest radio station, also had their computer systems encrypted in a November 2019 ransomware attack.”

Title: z0Miner Spreads Using ElasticSearch and Jenkins RCE Vulnerabilities
Date Published: March 10, 2021

https://heimdalsecurity.com/blog/z0miner-spreads-using-elasticsearch-and-jenkins-rce-vulnerabilities/

Excerpt: “The hackers were able to hack the app, steal the information and leaked the image of the FW43B online before the scheduled launch. The formula 1 team planned to use an augmented reality app to present the car and give the fans an immersive experience, but “the app was hacked prior to launch.” The idea to use an augmented reality app was also a consequence of the ongoing pandemic and the need to involve the fans that were not able to physically participate in the event. The app was designed to allow fans to manipulate the car in its new livery in 3D.”

Title: Chinese Linked to Two Attacks on Internet-Facing Solarwinds Server
Date Published: March 9, 2021

https://www.scmagazine.com/home/solarwinds-hack/chinese-linked-to-two-attacks-on-internet-facing-solarwinds-server/

Excerpt: “In a blog, the Secureworks Counter Threat Unit (CTU) reported that Spiral exploited an internet-facing SolarWinds server to deploy the Supernova web shell. The researchers said the threat actor exploited a SolarWinds Orion API authentication bypass vulnerability (CVE-2020-10148) to execute a reconnaissance script and then write the Supernova web shell to disk. The vulnerability could let a remote attacker bypass authentication and execute API commands, which may result in a compromise of the SolarWinds instance.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...