OSN MARCH 9, 2021

Fortify Security Team
Mar 9, 2021

Title: Microsoft Releases Proxy Logon Updates for Unsupported Exchange Servers
Date Published: March 9, 2021


Excerpt: “These additional security updates are meant to be installed only on machines running Exchange Server versions not supported by the original Match 2021 security patches released a week ago, only if the admin can’t find an update path to a supported version. Applying these security updates will only address the Exchange Server vulnerabilities fixed earlier this month (tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065). “This is intended only as a temporary measure to help you protect vulnerable machines right now,” the Exchange team said. “You still need to update to the latest supported CU and then apply the applicable SUs”.”

Title: A Great Deal of Employees Have Inappropriate Access to Sensitive Data
Date Published: March 9, 2021


Excerpt: “The study highlighted major concerns for the virtual workforce, with 52% of respondents stating that identity-specific threats are keeping them up at night. For a workforce that is both remote and distributed, decision-makers expressed concern over malicious actors impersonating employees, alongside instances of inappropriate access to sensitive information. The other major concern is centered around the dynamic nature of modern multi-cloud environments, which saw a significant acceleration due to quick implementation of digital transformation initiatives, complicating access control and enforcement.”

Title: Crypto-Miner Campaign Targets Unpatched QNAP NAS Devices
Date Published: March 8, 2021


Excerpt: “The bugs affect prior versions of QNAP’s 3.0.3 Helpdesk firmware. The bug, tracked as CVE-2020-2506, is an improper-access-control vulnerability that allows attackers to obtain control of a QNAP device. The second flaw, identified as CVE-2020-2507, is a “command injection vulnerability [and] could allow remote attackers to run arbitrary commands,” according to an October QNAP security advisory. Disproportionately impacted are the 1.1 million QNAP NAS users within the United States (554,481) and China (550,465) – representing nearly 80 percent of total global infections, according to a recent mapping of QNAP devices visible online.”

Title: Why Does EternalBlue-Targeting WannaCry Remain at Large?
Date Published: March 9, 2021


Excerpt: “While that’s all positive, that WannaCry continues to circulate means it is still continuing to infect at least some unpatched systems. Unfortunately, some unpatched systems fade away asymptotically, declining in number but never reaching zero (see: Eternally Blue? Scanner Finds EternalBlue Still Widespread). In 2020, for example, the fifteenth most-seen piece of malware by Trend Micro was Conficker – a malware family that was first spotted hitting a Microsoft Server vulnerability in 2008. “Other variants after the first Conficker worm spread to other machines by dropping copies of itself in removable drives and network shares.”

Title: New Sarbloh Ransomware Supports Indian Farmers’ Protest
Date Published: March 8, 2021


Excerpt: “A new ransomware known as Sarbloh encrypts your files while at the same time delivering a message supporting the protests of Indian farmers. Last year the Indian government passed a new set of laws called the ‘Indian agriculture acts of 2020’, also known as the Farm Bills, which the government says is necessary to modernize its agricultural industry. Farmers believe that these new laws will hurt their livelihoods and make it more challenging to generate revenue as the new laws removed restrictions on how farmers can sell goods and for how much.”

Title: Huge Rise in Hackers Submitting Vulnerabilities During #COVID19
Date Published: March 9,  2021


Excerpt: “The bug bounty platform noted that hackers ramped up their workload in response to the digital shift during COVID-19, with 38% of those surveyed stating they have spent more time hacking since the start of the pandemic. There was also an increased focus on emerging threats last year. This includes security weaknesses linked to cloud adoption, with misconfiguration vulnerabilities rising by 310%, while submissions for both improper access control and privilege escalation went up by 53%.”

Title: Dangerous Malware Dropper Found in 9 Utility Apps on Google’s Play Store
Date Published: March 8,  2021


Excerpt: “Check Point Research (CPR) recently discovered a new dropper spreading via the Google Play store. The dropper, dubbed Clast82, has the ability to avoid detection by Google Play Protect, complete the evaluation period successfully, and change the payload dropped from a non-malicious payload to the AlienBot Banker and MRAT. The AlienBot malware family is a Malware-as-a-Service (MaaS) for Android devices that allows a remote attacker to inject malicious code into legitimate financial applications. The attacker obtains access to victims’ accounts, and eventually completely controls their device.”

Title: DARPA Ramps-Up FHE Encryption Project with Intel
Date Published: March 9, 2021


Excerpt: “The job of each is to create an FHE accelerator hardware and software stack designed to process FHE calculations at a similar speed to unencrypted data operations. In so doing, they will explore the use of CPUs with different sizes of “words” –  the units of data that determine a processor’s design. They’ll try everything from the 64-bit words used in modern processor designs to 1000 bits. They’ll also be looking into “novel approaches to memory management, flexible data structures and programming models, and formal verification methods,” according to DARPA.”

Title: The Launch of Williams New fw43b Car Ruined by Hackers
Date Published: March 8, 2021


Excerpt: “The hackers were able to hack the app, steal the information and leaked the image of the FW43B online before the scheduled launch. The formula 1 team planned to use an augmented reality app to present the car and give the fans an immersive experience, but “the app was hacked prior to launch.” The idea to use an augmented reality app was also a consequence of the ongoing pandemic and the need to involve the fans that were not able to physically participate in the event. The app was designed to allow fans to manipulate the car in its new livery in 3D.”

Title: European Banking Authority Restores Email Service in Wake of Microsoft Exchange Hack
Date Published: March 9, 2021


Excerpt: “The European Banking Authority (EBA) has confirmed it is another victim on the list of organisations affected by vulnerabilities in Microsoft Exchange. The EBA hurriedly pulled its email servers offline over the weekend as it realised that it was among the ranks of those hit by flaws in Microsoft Exchange being targeted by miscreants. While worries about personal data held in emails were a factor in the move, by Monday the authority was feeling confident that the data leaks stopped with its email servers and that no additional information extraction had occurred.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...