OSN MARCH 17, 2021

by | Mar 17, 2021 | Open Source News

Title: Microsoft’s Azure Sdk Site Tricked Into Listing Fake Package

Date Published: March 17, 2021

https://www.bleepingcomputer.com/news/security/microsofts-azure-sdk-site-tricked-into-listing-fake-package/

Excerpt: “A security researcher was able to add a counterfeit test package to the official list of Microsoft Azure SDK latest releases. The simple trick if abused by an attacker can give off the impression that their malicious package is part of the Azure SDK suite. As of a few days ago, the Azure SDK releases page showed the authentic Microsoft Azure SDK releases alongside the mysterious package alexbirsantest.”

Title: Tampa Twitter Hacker Agrees to Three Years in Prison

Date Published: March 16, 2021

https://www.tampabay.com/news/crime/2021/03/16/tampa-twitter-hacker-agrees-to-three-years-in-prison-in-plea-deal/

Excerpt: “TAMPA — The Tampa teen who took control of well-known Twitter accounts last summer and used them to solicit more than $100,000 in Bitcoin pleaded guilty to state charges Tuesday in exchange for a three-year prison sentence. In a deal with prosecutors, Graham Ivan Clark agreed to serve three years in prison, followed by three years probation.”

Title: Microfinance Bank’s Fintech App Leaks Customer Accounts Online

Date Published: March 16, 2021

https://securitydiscovery.com/microfinance-banks-fintech-app-leaks-customer-accounts-online/

Excerpt: “On March 3rd I discovered a non-password protected database that contained 271k records. It was clear from the start that these were banking and financial transactions. Upon further investigation I was able to identify that many of the records referenced a fintech app called “Monéé”. I sent a responsible disclosure notice shortly after my discovery and another a week later. The database remained publicly accessible for at least 10 days before it was finally closed.”

Title: Serious Security: The Linux Kernel Bugs That Surfaced After 15 Years

https://nakedsecurity.sophos.com/2021/03/17/serious-security-the-linux-kernel-bugs-that-surfaced-after-15-years/

Date Published: March 17, 2021

Excerpt: “The bugs were found in the kernel code that implements iSCSI, a component that implements the venerable SCSI data interface over the network, so you can talk to SCSI devices such as tape and disk drives that aren’t connected directly to your own computer. Of course, if you don’t use SCSI or iSCSI anywhere in your network any more, you’re probably shrugging right now and thinking, “No worries for me, I don’t have any of the iSCSI kernel drivers loaded because I’m simply not using them”.”

Title: New Global Model Needed to Dismantle Ransomware Gangs, Experts Warn

Date Published: March 17, 2021

https://www.cyberscoop.com/ransomware-attacks-global-hacks-diplomacy/

Excerpt: “Government officials increasingly have been working together to tamp down on malicious cyber activity in recent years, as evidenced by a European Union sanctions regime focused on hacking rolled out in the past year, and a 2015 agreement among United Nations members that cyberattacks intended to damage critical infrastructure are off limits. But a recent dramatic uptick in ransomware attacks has ignited interest in recasting the playing field so it doesn’t advantage the attackers — and concerns that developing norms alone won’t dramatically shift the balance.”

Title: Google Fixes Chrome Zero-Day Bug Exploited in the Wild

https://www.welivesecurity.com/2021/03/16/google-fixes-chrome-zero-day-bug-exploited-wild/

Date Published: March 16,  2021

Excerpt: “Google has rolled out an update for its Chrome web browser that fixes five security flaws, including a zero-day vulnerability that is known to be actively exploited by malicious actors. The bugs affect the Windows, macOS, and Linux versions of the popular browser. “Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild,” said Google about the newly disclosed zero-day vulnerability that stems from a use-after-free flaw in Blink, a browser rendering engine developed as part of Chromium.”

Title: Chinese Threat Actors Target Global 5G Operators

Date Published: March 17,  2021

https://www.bankinfosecurity.com/rushed-to-market-dearcry-ransomware-targeting-exchange-bug-a-16189

Excerpt: “While the initial vector for the infection is not entirely clear, the McAfee ATR team believes with a medium level of confidence that victims were lured to a domain under control of the threat actor, from which they were infected with malware which the threat actor leveraged to perform additional discovery and data collection,” explained McAfee regional solutions architect, Andrea Rossini. “It is our belief that the attackers used a phishing website masquerading as the Huawei company career page”.”

Title: Proxylogon POCs Trigger a Game of Whack-a-Mole

Date Published: March 16, 2021

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/03/proxylogon-poc-becomes-a-game-of-whack-a-mole/

Excerpt: “Some argue that since some attackers already possess exploit code, it’s only right for defenders to have it too, so they can test their systems by simulating what those attackers might do. Others say that PoC code doesn’t redress the balance because it’s a leg up for everyone, including criminals who haven’t created their own exploits yet. And while most researchers deliberately omit specific components of a PoC, others feel compelled to publish full working exploits, enabling even the most technically challenged script-kiddies to use them maliciously.”

Title: Microsoft Explains the Cause of Yesterday’s Massive Service Outage

Date Published: March 16, 2021

https://www.bleepingcomputer.com/news/microsoft/microsoft-explains-the-cause-of-yesterdays-massive-service-outage/

Excerpt: “This issue prevented users from authenticating to Microsoft 365, Exchange Online, Microsoft Teams, or any other service relying on Azure AD. “Between 19:00 UTC (approx) on March 15, 2021, and 09:25 UTC on March 16, 2021 customers may have encountered errors performing authentication operations for any Microsoft and third-party applications that depend on Azure Active Directory (Azure AD) for authentication,” Microsoft explained today in a preliminary root cause analysis report.”

Title: New Mirai Variant Appears in the Threat Landscape

Date Published: March 16, 2021

https://securityaffairs.co/wordpress/115664/uncategorized/mirai-botnet-variant-2.html

Excerpt: “The attacks are still ongoing at the time of this writing. Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers.” reads a post published by Palo Alto Networks’ Unit 42. The attacks were first observed on February 16, experts noticed that upon successful exploitation, the malicious code uses the wget utility to download a shell script from the C2. The shell script downloads several Mirai binaries that were compiled for different architectures, then it executes these binaries one by one.”