OSN MARCH 4, 2021

Fortify Security Team
Mar 4, 2021

Title: DHS Orders Agencies to Urgently Patch or Disconnect Exchange Servers
Date Published: March 4, 2021


Excerpt: “CISA “strongly” recommended federal agencies to examine their networks to detect malicious activity related to zero-day attacks targeting Exchange servers. “If no indications of compromise have been found, agencies must immediately apply Microsoft patches for Microsoft Exchange servers and proceed to Action 5,” CISA added. Agencies that identify indications of compromise should “immediately disconnect Microsoft Exchange on-premises servers” and “await guidance before rebuilding from trusted sources utilizing the latest version of the product available”.”

Title: Ransomware as a Service Is the New Big Problem for Business
Date Published: March 4, 2021


Excerpt: “”Affiliate programs make this kind of attack more attractive for cybercriminals. The tremendous popularity of such attacks made almost every company, regardless of their size and industry, a potential victim,” Oleg Skulkin, a senior digital forensics analyst at Group-IB, told ZDNet. “Companies had to provide their employees with the capability to work remotely and we saw an increase in the number of publicly accessible RDP servers. Of course, nobody thought about security and many of such servers became the points of initial access for many ransomware operators,” said Skulkin.”

Title: Microsoft: We’re Cracking Down on Excel Macro Malware
Date Published: March 4,  2021


Excerpt: “AMSI allows applications to integrate with any antivirus on a Windows machine to enable the antivirus to detect and block a range of malicious scripts in Office documents. Microsoft notes its Defender anti-malware is using this integration to detect and block XML-based malware and is encouraging other anti-malware providers to adopt it, too.”

Title: Treasury and Commerce Department Hacked Through 3rd Party
Date Published: March 4, 2021


Excerpt: “According to an article in the Washington Post, the hackers known as APT29 or CozyBear were part of a months-long planning effort that finally found its way to several government agencies. It’s important to note that all of the organizations were breached through the update server of a network management system made by SolarWinds. Products by SolarWinds are used by more than 300,000 customers including all five branches of the U.S. military and numerous other government agencies.”

Title: COVID-19 Website Warning: Rise in Vaccine-Related Domain Registrations Means Increased Risk of Scams
Date Published: March 3, 2021


Excerpt: “Although the main domain (infection-alerts[.]com) was created in April 2020, CPR believes its sub-domains were created recently. Browsing to this malicious website was first spotted in late January 2021, and a few weeks before, there was another similar subdomain used by hackers – covid19\.vaccine\.infection-alerts\.com, which is now inactive. CPR expects the vaccine related scams to continue in the near-term future, and we advise people everywhere to watch out for and learn how to protect themselves against phishing and domain spoofing attacks.”

Title: Maza Russian Cybercriminal Forum Suffers Data Breach
Date Published: March 4,  2021


Excerpt: “On March 3, Flashpoint researchers detected the breach on Maza — once known as Mazafaka — which has been online since at least 2003. Maza is a closed and heavily-restricted forum for Russian-speaking threat actors. The community has been connected to carding — the trafficking of stolen financial data and payment card information — and the discussion of topics including malware, exploits, spam, money laundering, and more.”

Title: 21 Million Free Vpn Users’ Data Exposed
Date Published: March 3,  2021


Excerpt: “The attacks, which have not been confirmed by the VPN developers, represent the most recent privacy broadsides against the VPN industry. Two similar blunders have been revealed to the public since 2019, including one massive data leak that exposed several VPN apps’ empty promises to collect “no logs” of their users’ activity. In that data leak, not only did the VPN providers fail to live up to their words, but they also hoovered up additional data, including users’ email addresses, clear text passwords, IP addresses, home addresses, phone models, and device IDs.”

Title: Another Chrome Zero-Day Exploit – So Get That Update Done!
Date Published: March 4, 2021


Excerpt: “Two of the eight High Severity bugs in this set of patches were apparently found in the same part of Chrome, denoted in Google’s list merely as: Object lifecycle issue in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research. The first bug is numbered CVE-2021-21165, reported on 2021-02-04, a month ago; the second was dubbed CVE-2021-21166, reported a week after that on 2021-02-11. An object lifecycle issue is a jargon way of referring to what probably amounts to some kind of memory mismanagement.”

Title: Compucom MSP Confirms Ongoing Outage Following Malware Incident
Date Published: March 3, 2021


Excerpt: “US managed service provider CompuCom has suffered a cyberattack leading to service outages and customers disconnecting from the MSP’s network to prevent the spread of malware. CompuCom is an IT managed services provider (MSP) that provides remote support, hardware and software repair, and other technology services to companies. CompuCom is a wholly-owned subsidiary of The ODP Corporation (Office Depot/Office Max) and employs approximately 8,000 people.”

Title: Grub2 Boot Loader Maintainers Fixed Hundreds of Flaws
Date Published: March 4, 2021


Excerpt: “GRUB2 (the GRand Unified Bootloader version 2) is a replacement for the original GRUB Legacy boot loader, which is now referred to as “GRUB Legacy”. The mechanism is designed to protect the boot process from attacks. In July 2020, researchers at the cybersecurity firmware Eclypsium disclosed a buffer overflow vulnerability, tracked as CVE-2020-10713 and dubbed BootHole, which can be exploited by attackers to install persistent and stealthy malware.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...