OSN MARCH 15, 2021

Fortify Security Team
Mar 15, 2021

Title: New POC for Microsoft Exchange Bugs Puts Attacks in Reach of Anyone
Date Published: March 14, 2021


Excerpt: “With exploits for the Microsoft Exchange vulnerabilities becoming publicly available, it is more important than ever that administrators patch their servers. According to Palo Alto Networks’ research, there are approximately 80,000 vulnerable Microsoft Exchange servers exposed on the Internet. “The number of vulnerable servers running old versions of Exchange that cannot directly apply the recently released security patches dropped over 30% from an estimated 125,000 to 80,000, according to Expanse internet scans conducted March 8 and 11,” Palo Alto Networks told BleepingComputer.”

Title: Critical Security Hole Can Knock Smart Meters Offline
Date Published: March 12, 2021


Excerpt: “We discovered a bug in the function that is responsible for advancing the parsing buffer, we named this function advance_buffer,” according to Claroty’s analysis. “We found that the advance_buffer function always returns true, regardless of other inner functions failing and returning false. Therefore, providing any large packet size will always pass the advance_buffer function without triggering an error message or exception. Thus, Claroty researchers were able to bypass buffer checks and reach exploitation.”

Title: Experts Found 15 Flaws in Netgear IGS516PE Switch, Including a Critical RCE
Date Published: March 14, 2021


Excerpt: “The Netgear Switch Management Protocol (NSDP) is a proprietary protocol used as discovery method with the ability to manage the switch configuration. The most severe flaw is a critical RCE tracked as CVE-2020-26919 and rated with a CVSS v3 score of 9.8, the remaining flaws are nine high-severity issues and five medium-rated bugs. The CVE-2020-26919 resides in the switch internal management web application in firmware versions prior to, it could be exploited by unauthenticated attackers to bypass authentication and execute actions with administrator privileges.”

Title: Contemplating the Coffee Supply Chain: A Horror Story
Date Published: March 12, 2021

Excerpt: “Transparency looks to be a common approach for roasters, though it can also pose a security problem. Take, for example, a boutique coffee roaster, explains Rob McDonald, Virtru’s executive vice president of platform. That roaster likely has many commercial agreements in place, including with growers, shipping providers, its packaging manufacturer, an e-commerce platform, and regional chains of coffee and gift shops that stock its product.”

Title: Microsoft Fixes Office Issue Causing Memory, Disk Space Errors
Date Published: March 15, 2021


Excerpt: “Microsoft has addressed a known issue causing memory or disk space errors when opening some documents using Microsoft Word, Microsoft Excel, or other Microsoft Office apps. This known issue only affects customers who have installed Microsoft Office apps from the Microsoft Store and are trying to open an Office document that triggers the Protected View feature. Protected View is an Office feature that opens documents in read-only mode and disables most editing functions for documents received as email attachments or opened from an unsafe location (the Internet, someone else’s OneDrive storage, etc.).”

Title: New Zhtrap Botnet Malware Deploys Honeypots to Find More Targets
Date Published: March 12,  2021


Excerpt: “ZHtrap bots use a Tor command-and-control (C2) server to communicate with other botnet nodes and a Tor proxy to conceal malicious traffic. The botnet’s main capabilities include DDoS attacks and scanning for more vulnerable devices to infect. However, it also comes with backdoor functionality allowing the operators to download and execute additional malicious payloads. To propagate, ZHtrap uses exploits targeting four N-day security vulnerabilities in Realtek SDK Miniigd UPnP SOAP endpoints, MVPower DVR, Netgear DGN1000, and a long list of CCTV-DVR devices.”

Title: Half the Country Is Now Considering Right to Repair Laws
Date Published: March 15,  2021


Excerpt: “Right to Repair is unstoppable and coming to a state near you. Lawmakers everywhere are seeing that Right to Repair is common sense: You buy a product, you own it, and you should be able to fix it,” Kerry Maeve Sheehan, the U.S. policy lead for the repair community iFixit, said in a press release. “With 25 states considering Right to Repair legislation in the U.S., it’s only a matter of time before Right to Repair is the law of the land.”

Title: Best Microsoft Tools Created for Windows 10 Power Users
Date Published: March 14, 2021


Excerpt: “Microsoft has created a curated repository containing hundreds of applications that can be installed and managed using Winget. You can use the search command to look for apps with a particular keyword. For example, if you want to search for notepad-alternatives, you can use the word ‘note’ as the search keyword. When you run the above command, Notepad++ and other apps with the string ‘note’ will appear. If you want to see a list of all available packages, you also type winget search without any arguments.”

Title: Metamorfo Banking Trojan Abuses AutoHotKey to Avoid Detection
Date Published: March 12, 2021


Excerpt: “Metamorfo started life as a Latin American banking trojan, first discovered in April 2018, in various campaigns that share key commonalities (like the use of “spray-and-pray” spam tactics). Its campaigns however have small, “morphing” differences — which is the meaning behind its name. A variant that emerged in February 2020, for instance, kills the auto-suggest data entry fields in browsers, forcing victims to write out their passwords – which it then tracks via a keylogger.”

Title: Windows 10 ‘Spring Update’ – the New Features and How to Download
Date Published: March 10, 2021


Excerpt: “Windows 10 21H1, aka the ‘Spring Update,’ is slated for release within the next two months, and while it does not contain too many new and interesting features, it does get us ready for a more exciting feature update coming this fall. Microsoft has announced that the Spring Update will be released using an enablement package that simply turns on dormant features already found in Windows 10 2004 and Windows 10 20H2. For users running these Windows 10 versions, it means that Windows 10 21H1 will install extremely fast as it just needs to change a few settings to enable the features.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...