OSN MARCH 10, 2021

Fortify Security Team
Mar 10, 2021

Title: Exposed Password Gave Hackers Access to 150,000 Cameras
Date Published: March 10, 2021


Excerpt: “The attack seems to have been the work of an international hacker collective which did it to highlight the privacy risks associated with pervasive monitoring, according to Bloomberg. The camera maker, San Mateo-headquartered startup Verkada, said it had disabled all internal admin accounts to prevent unauthorized access. The incident appears to be legitimate: Bloomberg said it had seen video feeds from inside Tesla factories and hospitals. The group claims to have access to Verkada’s entire video archive for all customers, which include women’s health clinics, psychiatric hospitals, jails and even the offices of Verkada itself.”

Title: OVHcloud Data Centers Engulfed in Flames
Date Published: March 10, 2021


Excerpt: “OVHcloud has suffered a disastrous fire that has engulfed some of the firm’s data centers. The fire has now been quelled but an assessment of the overall damage caused to OVHcloud’s data centers may take some time. Impacted clients have been urged to turn to backups to minimize downtime and disruption. The company manages 27 data centers in countries including the US, UK, France, and Australia. “We recommend [you] activate your Disaster Recovery Plan,” Klaba added.”

Title: Microsoft Exchange Attacks Cause Panic as Criminals Go Shell Collecting
Date Published: March 8, 2021


Excerpt: “Only last week we posted a blog about multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Seeing how this disclosure came with a patch being available, under normal circumstances you would see some companies update quickly and others would dally until it bubbled up to the top of their to-do list. This attack method, called ProxyLogon and attributed to a group called Hafnium, was different. It went from “limited and targeted attacks” to a full-size panic in no time.”

Title: Microsoft Patch Tuesday Fixes 82 CVEs, Internet Explorer Zero-Day
Date Published: March 9, 2021


Excerpt: “The out-of-band Exchange patch released March 2 covers seven unique CVEs, four of which are under active attack. Organizations running on-premises Exchange Servers are advised to address the vulnerabilities as soon as possible, as attackers are continuing to scan for and exploit them. Microsoft today pushed additional patches for older, unsupported versions of Exchange Server.”

Title: Kaspersky Finds Nearly Half of Companies Prohibit Sharing Threat Intelligence Findings With Professional Communities
Date Published: March 9, 2021


Excerpt: “Kaspersky is a long-time advocate for international collaboration in cyberspace and contributes to joint initiatives across the global IT security community. The company sees this approach as the best way to protect from ever-evolving cyberthreats. As such, Kaspersky surveyed more than 5,200 IT and cybersecurity practitioners globally for this report, to see if other businesses were ready to collaborate and share TI. The research found that respondents with TI analysis responsibilities are more likely to participate in specialized forums and blogs (41%), dark web forums (33%) or social media groups (21%).”

Title: Leaked Development Secrets a Major Issue for Repositories
Date Published: March 9,  2021


Excerpt: “The company, which scans public GitHub repositories daily and analyzes the latest committed code, found that API keys for Google Cloud resources, for a variety of development tools — such as the Django web framework and Okta authentication framework — and for database access made up almost 60% of all leaked secrets. Developers from India, Brazil, and the United States most often leaked secrets, the company found.”

Title: Most Decision Makers Plan to Increase Spending on Cybersecurity This Year
Date Published: March 10,  2021


Excerpt: “Meanwhile, half of the decision makers reported an increase in remote working, with 66% of those that did so witnessing an increase in phishing and ransomware attacks. This operational shift also exposed concerns around the impact of people on cyber resilience: of the 39% that reported an increase in insider threats, 51% believed that an increase in remote working was the cause.”

Title: Ryuk Ransomware Hits 700 Spanish Government Labor Agency Offices
Date Published: March 9, 2021


Excerpt: “The ransomware has also spread beyond SEPE’s workstations and has reached the agency’s remote working staff’s laptops. The gang’s affiliates have hit roughly 20 companies every week during the third quarter of 2020, and, beginning with November 2020, they coordinated a massive wave of attacks on the US healthcare system. The Spanish labor agency is not the high-profile Spanish ransomware victim. Everis, one of Spain’s largest managed service providers (MSP), and Cadena SER (Sociedad Española de Radiodifusión), Spain’s largest radio station, also had their computer systems encrypted in a November 2019 ransomware attack.”

Title: z0Miner Spreads Using ElasticSearch and Jenkins RCE Vulnerabilities
Date Published: March 10, 2021


Excerpt: “The hackers were able to hack the app, steal the information and leaked the image of the FW43B online before the scheduled launch. The formula 1 team planned to use an augmented reality app to present the car and give the fans an immersive experience, but “the app was hacked prior to launch.” The idea to use an augmented reality app was also a consequence of the ongoing pandemic and the need to involve the fans that were not able to physically participate in the event. The app was designed to allow fans to manipulate the car in its new livery in 3D.”

Title: Chinese Linked to Two Attacks on Internet-Facing Solarwinds Server
Date Published: March 9, 2021


Excerpt: “In a blog, the Secureworks Counter Threat Unit (CTU) reported that Spiral exploited an internet-facing SolarWinds server to deploy the Supernova web shell. The researchers said the threat actor exploited a SolarWinds Orion API authentication bypass vulnerability (CVE-2020-10148) to execute a reconnaissance script and then write the Supernova web shell to disk. The vulnerability could let a remote attacker bypass authentication and execute API commands, which may result in a compromise of the SolarWinds instance.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...