OSN MARCH 16, 2021

Fortify Security Team
Mar 16, 2021

Title: Windows 10 Emergency Updates Released to Fix Printing Crashes
Date Published: March 14, 2021

https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-updates-released-to-fix-printing-crashes/

Excerpt: “Microsoft has released out-of-band non-security updates to fix a know Windows 10 issue causing blue screens when printing to network printers after installing the March 2021 cumulative updates. According to Microsoft, the cumulative updates released today are addressing “an issue that might cause a blue screen when attempting to print to certain printers using some apps and might generate the error, APC_INDEX_MISMATCH.” The cumulative updates containing the fix released today are published as optional updates so they will not be installed automatically via Windows Update.”

Title: Microsoft Releases One-Click Exchange on-Premises Mitigation Tool
Date Published: March 12, 2021

https://www.helpnetsecurity.com/2021/03/16/microsoft-exchange-mitigation/

Excerpt: “The Exchange On-premises Mitigation Tool is effective against the attacks we have seen so far, but is not guaranteed to mitigate all possible future attack techniques,” Microsoft made sure to note, and pointed out that Exchange servers should be fully updated as quickly as possible after using it. EOMT mitigates only the ProxyLogon flaw (CVE-2021-26855) but not the other three vulnerabilities (CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065) exploited in the escalating attacks on Exchange servers.”

Title: Experts Found 15 Flaws in Netgear IGS516PE Switch, Including a Critical RCE
Date Published: March 16, 2021

https://securityaffairs.co/wordpress/115586/hacking/netgear-soho-flaws.html

Excerpt: “The Netgear Switch Management Protocol (NSDP) is a proprietary protocol used as discovery method with the ability to manage the switch configuration. The most severe flaw is a critical RCE tracked as CVE-2020-26919 and rated with a CVSS v3 score of 9.8, the remaining flaws are nine high-severity issues and five medium-rated bugs. The CVE-2020-26919 resides in the switch internal management web application in firmware versions prior to 2.6.0.43, it could be exploited by unauthenticated attackers to bypass authentication and execute actions with administrator privileges.”

Title: Cybersecurity Bug-Hunting Sparks Enterprise Confidence
Date Published: March 15, 2021

https://threatpost.com/cybersecurity-bug-hunting-enterprise-confidence/164782/

Excerpt: “The survey shows a wide gap between what organization decision-makers expect in terms of security, and their vendors’ ability to meet those expectations. For instance, 66 percent of those surveyed said they prefer vendors to have the “ability to identify vulnerabilities in its own products and mitigate them.” Yet only 46 percent of those same respondents said their technology providers have that capability, the report said. Thirty percent of those surveyed said they could patch a vulnerability in a week or less, but on average, it takes about six weeks to patch a bug from the time its first detected, with 63 percent saying delays are caused by “human error”.”

Title: Metasploit Creator HD Moore’s New Startup Raises $5M
Date Published: March 16, 2021

https://www.darkreading.com/perimeter/metasploit-creator-hd-moores-new-startup-raises-$5m/d/d-id/1340415

Excerpt: “Sometimes the most painfully overlooked device on a network isn’t what you’d expect: A security director at a global manufacturer says while running Rumble his firm found a previously unknown network bridge sitting on its network. He considers Rumble a security tool rather than an IT tool: “If you do not know what you have, how can you defend it?” says the manager, who asked that his company not be named.”

Title: This Years-Old Microsoft Office Vulnerability Is Still Popular With Hackers, So Patch Now
Date Published: March 16,  2021

https://www.zdnet.com/article/this-years-old-microsoft-office-vulnerability-is-still-popular-with-hackers-so-patch-now/

Excerpt: “The exploit is CVE-2017-11882, a memory corruption vulnerability in Microsoft Office’s Equation Editor, which was first disclosed in December 2017. When exploited successfully, it allows attackers to execute remote code on a vulnerable machine after the victim opens the malicious document – usually sent via a phishing email – used to run the exploit, providing them with an avenue for dropping malware.”

Title: Rushed to Market: DearCry Ransomware Targeting Exchange Bug
Date Published: March 16,  2021

https://www.bankinfosecurity.com/rushed-to-market-dearcry-ransomware-targeting-exchange-bug-a-16189

Excerpt: “Sophos has published a teardown of the new DearCry ransomware, which it describes as being “unsophisticated” and apparently “created by a beginner.” The ransomware was first spotted in the wild on March 9. DearCry targets a critical proxy-logon flaw in Microsoft Exchange email servers, which was one of four zero-day flaws Microsoft patched via software updates issued on March 2, when it warned that the flaws were already being exploited in the wild.”

Title: US DOJ Indicted the CEO of Sky Global Encrypted Chat Platform
Date Published: March 15, 2021

https://securityaffairs.co/wordpress/115629/cyber-crime/sky-global-ceo-indicted.html

Excerpt: “According to the indictment, Sky Global’s devices are specifically designed to prevent eavesdropping and investigation conducted by the police on criminal activities of members of transnational organizations involved in drug trafficking and money laundering. One of the features implemented by Sky Global in its devices consists of the remote wipe of the messages in case of seizure by law enforcement.”

Title: Top MSP Challenges in 2021
Date Published: March 16, 2021

https://threatpost.com/top-msp-challenges-in-2021/164784/

Excerpt: “During a webinar, Haysam Fahmy, Vice President of Managed Services at MasterCard, mentioned one key fact — the Covid-19 forced changes in buying habits among customers that were anyhow bound to happen, i.e. doing almost everything online and expecting firms to provide them with the best digital experience. The same applied to several small, medium-sized, and big businesses, which somehow were already through some digital transformation. Below we discuss three challenges and how the Virginia-based firm SafeDNS can help MSPs in such a context.”

Title: WeLeakInfo Leaked Customer Payment Info
Date Published: March 15, 2021

https://krebsonsecurity.com/2021/03/weleakinfo-leaked-customer-payment-info/

Excerpt: “A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com, a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...