OSN MARCH 16, 2021

Fortify Security Team
Mar 16, 2021

Title: Windows 10 Emergency Updates Released to Fix Printing Crashes
Date Published: March 14, 2021


Excerpt: “Microsoft has released out-of-band non-security updates to fix a know Windows 10 issue causing blue screens when printing to network printers after installing the March 2021 cumulative updates. According to Microsoft, the cumulative updates released today are addressing “an issue that might cause a blue screen when attempting to print to certain printers using some apps and might generate the error, APC_INDEX_MISMATCH.” The cumulative updates containing the fix released today are published as optional updates so they will not be installed automatically via Windows Update.”

Title: Microsoft Releases One-Click Exchange on-Premises Mitigation Tool
Date Published: March 12, 2021


Excerpt: “The Exchange On-premises Mitigation Tool is effective against the attacks we have seen so far, but is not guaranteed to mitigate all possible future attack techniques,” Microsoft made sure to note, and pointed out that Exchange servers should be fully updated as quickly as possible after using it. EOMT mitigates only the ProxyLogon flaw (CVE-2021-26855) but not the other three vulnerabilities (CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065) exploited in the escalating attacks on Exchange servers.”

Title: Experts Found 15 Flaws in Netgear IGS516PE Switch, Including a Critical RCE
Date Published: March 16, 2021


Excerpt: “The Netgear Switch Management Protocol (NSDP) is a proprietary protocol used as discovery method with the ability to manage the switch configuration. The most severe flaw is a critical RCE tracked as CVE-2020-26919 and rated with a CVSS v3 score of 9.8, the remaining flaws are nine high-severity issues and five medium-rated bugs. The CVE-2020-26919 resides in the switch internal management web application in firmware versions prior to, it could be exploited by unauthenticated attackers to bypass authentication and execute actions with administrator privileges.”

Title: Cybersecurity Bug-Hunting Sparks Enterprise Confidence
Date Published: March 15, 2021


Excerpt: “The survey shows a wide gap between what organization decision-makers expect in terms of security, and their vendors’ ability to meet those expectations. For instance, 66 percent of those surveyed said they prefer vendors to have the “ability to identify vulnerabilities in its own products and mitigate them.” Yet only 46 percent of those same respondents said their technology providers have that capability, the report said. Thirty percent of those surveyed said they could patch a vulnerability in a week or less, but on average, it takes about six weeks to patch a bug from the time its first detected, with 63 percent saying delays are caused by “human error”.”

Title: Metasploit Creator HD Moore’s New Startup Raises $5M
Date Published: March 16, 2021


Excerpt: “Sometimes the most painfully overlooked device on a network isn’t what you’d expect: A security director at a global manufacturer says while running Rumble his firm found a previously unknown network bridge sitting on its network. He considers Rumble a security tool rather than an IT tool: “If you do not know what you have, how can you defend it?” says the manager, who asked that his company not be named.”

Title: This Years-Old Microsoft Office Vulnerability Is Still Popular With Hackers, So Patch Now
Date Published: March 16,  2021


Excerpt: “The exploit is CVE-2017-11882, a memory corruption vulnerability in Microsoft Office’s Equation Editor, which was first disclosed in December 2017. When exploited successfully, it allows attackers to execute remote code on a vulnerable machine after the victim opens the malicious document – usually sent via a phishing email – used to run the exploit, providing them with an avenue for dropping malware.”

Title: Rushed to Market: DearCry Ransomware Targeting Exchange Bug
Date Published: March 16,  2021


Excerpt: “Sophos has published a teardown of the new DearCry ransomware, which it describes as being “unsophisticated” and apparently “created by a beginner.” The ransomware was first spotted in the wild on March 9. DearCry targets a critical proxy-logon flaw in Microsoft Exchange email servers, which was one of four zero-day flaws Microsoft patched via software updates issued on March 2, when it warned that the flaws were already being exploited in the wild.”

Title: US DOJ Indicted the CEO of Sky Global Encrypted Chat Platform
Date Published: March 15, 2021


Excerpt: “According to the indictment, Sky Global’s devices are specifically designed to prevent eavesdropping and investigation conducted by the police on criminal activities of members of transnational organizations involved in drug trafficking and money laundering. One of the features implemented by Sky Global in its devices consists of the remote wipe of the messages in case of seizure by law enforcement.”

Title: Top MSP Challenges in 2021
Date Published: March 16, 2021


Excerpt: “During a webinar, Haysam Fahmy, Vice President of Managed Services at MasterCard, mentioned one key fact — the Covid-19 forced changes in buying habits among customers that were anyhow bound to happen, i.e. doing almost everything online and expecting firms to provide them with the best digital experience. The same applied to several small, medium-sized, and big businesses, which somehow were already through some digital transformation. Below we discuss three challenges and how the Virginia-based firm SafeDNS can help MSPs in such a context.”

Title: WeLeakInfo Leaked Customer Payment Info
Date Published: March 15, 2021


Excerpt: “A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com, a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...