OSN MARCH 17, 2021

Fortify Security Team
Mar 17, 2021

Title: Microsoft’s Azure Sdk Site Tricked Into Listing Fake Package

Date Published: March 17, 2021

https://www.bleepingcomputer.com/news/security/microsofts-azure-sdk-site-tricked-into-listing-fake-package/

Excerpt: “A security researcher was able to add a counterfeit test package to the official list of Microsoft Azure SDK latest releases. The simple trick if abused by an attacker can give off the impression that their malicious package is part of the Azure SDK suite. As of a few days ago, the Azure SDK releases page showed the authentic Microsoft Azure SDK releases alongside the mysterious package alexbirsantest.”

Title: Tampa Twitter Hacker Agrees to Three Years in Prison

Date Published: March 16, 2021

https://www.tampabay.com/news/crime/2021/03/16/tampa-twitter-hacker-agrees-to-three-years-in-prison-in-plea-deal/

Excerpt: “TAMPA — The Tampa teen who took control of well-known Twitter accounts last summer and used them to solicit more than $100,000 in Bitcoin pleaded guilty to state charges Tuesday in exchange for a three-year prison sentence. In a deal with prosecutors, Graham Ivan Clark agreed to serve three years in prison, followed by three years probation.”

Title: Microfinance Bank’s Fintech App Leaks Customer Accounts Online

Date Published: March 16, 2021

https://securitydiscovery.com/microfinance-banks-fintech-app-leaks-customer-accounts-online/

Excerpt: “On March 3rd I discovered a non-password protected database that contained 271k records. It was clear from the start that these were banking and financial transactions. Upon further investigation I was able to identify that many of the records referenced a fintech app called “Monéé”. I sent a responsible disclosure notice shortly after my discovery and another a week later. The database remained publicly accessible for at least 10 days before it was finally closed.”

Title: Serious Security: The Linux Kernel Bugs That Surfaced After 15 Years

https://nakedsecurity.sophos.com/2021/03/17/serious-security-the-linux-kernel-bugs-that-surfaced-after-15-years/

Date Published: March 17, 2021

Excerpt: “The bugs were found in the kernel code that implements iSCSI, a component that implements the venerable SCSI data interface over the network, so you can talk to SCSI devices such as tape and disk drives that aren’t connected directly to your own computer. Of course, if you don’t use SCSI or iSCSI anywhere in your network any more, you’re probably shrugging right now and thinking, “No worries for me, I don’t have any of the iSCSI kernel drivers loaded because I’m simply not using them”.”

Title: New Global Model Needed to Dismantle Ransomware Gangs, Experts Warn

Date Published: March 17, 2021

https://www.cyberscoop.com/ransomware-attacks-global-hacks-diplomacy/

Excerpt: “Government officials increasingly have been working together to tamp down on malicious cyber activity in recent years, as evidenced by a European Union sanctions regime focused on hacking rolled out in the past year, and a 2015 agreement among United Nations members that cyberattacks intended to damage critical infrastructure are off limits. But a recent dramatic uptick in ransomware attacks has ignited interest in recasting the playing field so it doesn’t advantage the attackers — and concerns that developing norms alone won’t dramatically shift the balance.”

Title: Google Fixes Chrome Zero-Day Bug Exploited in the Wild

https://www.welivesecurity.com/2021/03/16/google-fixes-chrome-zero-day-bug-exploited-wild/

Date Published: March 16,  2021

Excerpt: “Google has rolled out an update for its Chrome web browser that fixes five security flaws, including a zero-day vulnerability that is known to be actively exploited by malicious actors. The bugs affect the Windows, macOS, and Linux versions of the popular browser. “Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild,” said Google about the newly disclosed zero-day vulnerability that stems from a use-after-free flaw in Blink, a browser rendering engine developed as part of Chromium.”

Title: Chinese Threat Actors Target Global 5G Operators

Date Published: March 17,  2021

https://www.bankinfosecurity.com/rushed-to-market-dearcry-ransomware-targeting-exchange-bug-a-16189

Excerpt: “While the initial vector for the infection is not entirely clear, the McAfee ATR team believes with a medium level of confidence that victims were lured to a domain under control of the threat actor, from which they were infected with malware which the threat actor leveraged to perform additional discovery and data collection,” explained McAfee regional solutions architect, Andrea Rossini. “It is our belief that the attackers used a phishing website masquerading as the Huawei company career page”.”

Title: Proxylogon POCs Trigger a Game of Whack-a-Mole

Date Published: March 16, 2021

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/03/proxylogon-poc-becomes-a-game-of-whack-a-mole/

Excerpt: “Some argue that since some attackers already possess exploit code, it’s only right for defenders to have it too, so they can test their systems by simulating what those attackers might do. Others say that PoC code doesn’t redress the balance because it’s a leg up for everyone, including criminals who haven’t created their own exploits yet. And while most researchers deliberately omit specific components of a PoC, others feel compelled to publish full working exploits, enabling even the most technically challenged script-kiddies to use them maliciously.”

Title: Microsoft Explains the Cause of Yesterday’s Massive Service Outage

Date Published: March 16, 2021

https://www.bleepingcomputer.com/news/microsoft/microsoft-explains-the-cause-of-yesterdays-massive-service-outage/

Excerpt: “This issue prevented users from authenticating to Microsoft 365, Exchange Online, Microsoft Teams, or any other service relying on Azure AD. “Between 19:00 UTC (approx) on March 15, 2021, and 09:25 UTC on March 16, 2021 customers may have encountered errors performing authentication operations for any Microsoft and third-party applications that depend on Azure Active Directory (Azure AD) for authentication,” Microsoft explained today in a preliminary root cause analysis report.”

Title: New Mirai Variant Appears in the Threat Landscape

Date Published: March 16, 2021

https://securityaffairs.co/wordpress/115664/uncategorized/mirai-botnet-variant-2.html

Excerpt: “The attacks are still ongoing at the time of this writing. Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers.” reads a post published by Palo Alto Networks’ Unit 42. The attacks were first observed on February 16, experts noticed that upon successful exploitation, the malicious code uses the wget utility to download a shell script from the C2. The shell script downloads several Mirai binaries that were compiled for different architectures, then it executes these binaries one by one.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...