OSN MARCH 4, 2021

Fortify Security Team
Mar 4, 2021

Title: DHS Orders Agencies to Urgently Patch or Disconnect Exchange Servers
Date Published: March 4, 2021


Excerpt: “CISA “strongly” recommended federal agencies to examine their networks to detect malicious activity related to zero-day attacks targeting Exchange servers. “If no indications of compromise have been found, agencies must immediately apply Microsoft patches for Microsoft Exchange servers and proceed to Action 5,” CISA added. Agencies that identify indications of compromise should “immediately disconnect Microsoft Exchange on-premises servers” and “await guidance before rebuilding from trusted sources utilizing the latest version of the product available”.”

Title: Ransomware as a Service Is the New Big Problem for Business
Date Published: March 4, 2021


Excerpt: “”Affiliate programs make this kind of attack more attractive for cybercriminals. The tremendous popularity of such attacks made almost every company, regardless of their size and industry, a potential victim,” Oleg Skulkin, a senior digital forensics analyst at Group-IB, told ZDNet. “Companies had to provide their employees with the capability to work remotely and we saw an increase in the number of publicly accessible RDP servers. Of course, nobody thought about security and many of such servers became the points of initial access for many ransomware operators,” said Skulkin.”

Title: Microsoft: We’re Cracking Down on Excel Macro Malware
Date Published: March 4,  2021


Excerpt: “AMSI allows applications to integrate with any antivirus on a Windows machine to enable the antivirus to detect and block a range of malicious scripts in Office documents. Microsoft notes its Defender anti-malware is using this integration to detect and block XML-based malware and is encouraging other anti-malware providers to adopt it, too.”

Title: Treasury and Commerce Department Hacked Through 3rd Party
Date Published: March 4, 2021


Excerpt: “According to an article in the Washington Post, the hackers known as APT29 or CozyBear were part of a months-long planning effort that finally found its way to several government agencies. It’s important to note that all of the organizations were breached through the update server of a network management system made by SolarWinds. Products by SolarWinds are used by more than 300,000 customers including all five branches of the U.S. military and numerous other government agencies.”

Title: COVID-19 Website Warning: Rise in Vaccine-Related Domain Registrations Means Increased Risk of Scams
Date Published: March 3, 2021


Excerpt: “Although the main domain (infection-alerts[.]com) was created in April 2020, CPR believes its sub-domains were created recently. Browsing to this malicious website was first spotted in late January 2021, and a few weeks before, there was another similar subdomain used by hackers – covid19\.vaccine\.infection-alerts\.com, which is now inactive. CPR expects the vaccine related scams to continue in the near-term future, and we advise people everywhere to watch out for and learn how to protect themselves against phishing and domain spoofing attacks.”

Title: Maza Russian Cybercriminal Forum Suffers Data Breach
Date Published: March 4,  2021


Excerpt: “On March 3, Flashpoint researchers detected the breach on Maza — once known as Mazafaka — which has been online since at least 2003. Maza is a closed and heavily-restricted forum for Russian-speaking threat actors. The community has been connected to carding — the trafficking of stolen financial data and payment card information — and the discussion of topics including malware, exploits, spam, money laundering, and more.”

Title: 21 Million Free Vpn Users’ Data Exposed
Date Published: March 3,  2021


Excerpt: “The attacks, which have not been confirmed by the VPN developers, represent the most recent privacy broadsides against the VPN industry. Two similar blunders have been revealed to the public since 2019, including one massive data leak that exposed several VPN apps’ empty promises to collect “no logs” of their users’ activity. In that data leak, not only did the VPN providers fail to live up to their words, but they also hoovered up additional data, including users’ email addresses, clear text passwords, IP addresses, home addresses, phone models, and device IDs.”

Title: Another Chrome Zero-Day Exploit – So Get That Update Done!
Date Published: March 4, 2021


Excerpt: “Two of the eight High Severity bugs in this set of patches were apparently found in the same part of Chrome, denoted in Google’s list merely as: Object lifecycle issue in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research. The first bug is numbered CVE-2021-21165, reported on 2021-02-04, a month ago; the second was dubbed CVE-2021-21166, reported a week after that on 2021-02-11. An object lifecycle issue is a jargon way of referring to what probably amounts to some kind of memory mismanagement.”

Title: Compucom MSP Confirms Ongoing Outage Following Malware Incident
Date Published: March 3, 2021


Excerpt: “US managed service provider CompuCom has suffered a cyberattack leading to service outages and customers disconnecting from the MSP’s network to prevent the spread of malware. CompuCom is an IT managed services provider (MSP) that provides remote support, hardware and software repair, and other technology services to companies. CompuCom is a wholly-owned subsidiary of The ODP Corporation (Office Depot/Office Max) and employs approximately 8,000 people.”

Title: Grub2 Boot Loader Maintainers Fixed Hundreds of Flaws
Date Published: March 4, 2021


Excerpt: “GRUB2 (the GRand Unified Bootloader version 2) is a replacement for the original GRUB Legacy boot loader, which is now referred to as “GRUB Legacy”. The mechanism is designed to protect the boot process from attacks. In July 2020, researchers at the cybersecurity firmware Eclypsium disclosed a buffer overflow vulnerability, tracked as CVE-2020-10713 and dubbed BootHole, which can be exploited by attackers to install persistent and stealthy malware.”

Recent Posts

November 23, 2021

Title: Over 4000 UK Retailers Compromised by Magecart Attacks Date Published: November 23, 2021 https://www.infosecurity-magazine.com/news/4000-uk-retailers-compromised/ Excerpt: “UK government security experts have been forced to notify over 4000 domestic online...

November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...