OSN MARCH 9, 2021

Fortify Security Team
Mar 9, 2021

Title: Microsoft Releases Proxy Logon Updates for Unsupported Exchange Servers
Date Published: March 9, 2021


Excerpt: “These additional security updates are meant to be installed only on machines running Exchange Server versions not supported by the original Match 2021 security patches released a week ago, only if the admin can’t find an update path to a supported version. Applying these security updates will only address the Exchange Server vulnerabilities fixed earlier this month (tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065). “This is intended only as a temporary measure to help you protect vulnerable machines right now,” the Exchange team said. “You still need to update to the latest supported CU and then apply the applicable SUs”.”

Title: A Great Deal of Employees Have Inappropriate Access to Sensitive Data
Date Published: March 9, 2021


Excerpt: “The study highlighted major concerns for the virtual workforce, with 52% of respondents stating that identity-specific threats are keeping them up at night. For a workforce that is both remote and distributed, decision-makers expressed concern over malicious actors impersonating employees, alongside instances of inappropriate access to sensitive information. The other major concern is centered around the dynamic nature of modern multi-cloud environments, which saw a significant acceleration due to quick implementation of digital transformation initiatives, complicating access control and enforcement.”

Title: Crypto-Miner Campaign Targets Unpatched QNAP NAS Devices
Date Published: March 8, 2021


Excerpt: “The bugs affect prior versions of QNAP’s 3.0.3 Helpdesk firmware. The bug, tracked as CVE-2020-2506, is an improper-access-control vulnerability that allows attackers to obtain control of a QNAP device. The second flaw, identified as CVE-2020-2507, is a “command injection vulnerability [and] could allow remote attackers to run arbitrary commands,” according to an October QNAP security advisory. Disproportionately impacted are the 1.1 million QNAP NAS users within the United States (554,481) and China (550,465) – representing nearly 80 percent of total global infections, according to a recent mapping of QNAP devices visible online.”

Title: Why Does EternalBlue-Targeting WannaCry Remain at Large?
Date Published: March 9, 2021


Excerpt: “While that’s all positive, that WannaCry continues to circulate means it is still continuing to infect at least some unpatched systems. Unfortunately, some unpatched systems fade away asymptotically, declining in number but never reaching zero (see: Eternally Blue? Scanner Finds EternalBlue Still Widespread). In 2020, for example, the fifteenth most-seen piece of malware by Trend Micro was Conficker – a malware family that was first spotted hitting a Microsoft Server vulnerability in 2008. “Other variants after the first Conficker worm spread to other machines by dropping copies of itself in removable drives and network shares.”

Title: New Sarbloh Ransomware Supports Indian Farmers’ Protest
Date Published: March 8, 2021


Excerpt: “A new ransomware known as Sarbloh encrypts your files while at the same time delivering a message supporting the protests of Indian farmers. Last year the Indian government passed a new set of laws called the ‘Indian agriculture acts of 2020’, also known as the Farm Bills, which the government says is necessary to modernize its agricultural industry. Farmers believe that these new laws will hurt their livelihoods and make it more challenging to generate revenue as the new laws removed restrictions on how farmers can sell goods and for how much.”

Title: Huge Rise in Hackers Submitting Vulnerabilities During #COVID19
Date Published: March 9,  2021


Excerpt: “The bug bounty platform noted that hackers ramped up their workload in response to the digital shift during COVID-19, with 38% of those surveyed stating they have spent more time hacking since the start of the pandemic. There was also an increased focus on emerging threats last year. This includes security weaknesses linked to cloud adoption, with misconfiguration vulnerabilities rising by 310%, while submissions for both improper access control and privilege escalation went up by 53%.”

Title: Dangerous Malware Dropper Found in 9 Utility Apps on Google’s Play Store
Date Published: March 8,  2021


Excerpt: “Check Point Research (CPR) recently discovered a new dropper spreading via the Google Play store. The dropper, dubbed Clast82, has the ability to avoid detection by Google Play Protect, complete the evaluation period successfully, and change the payload dropped from a non-malicious payload to the AlienBot Banker and MRAT. The AlienBot malware family is a Malware-as-a-Service (MaaS) for Android devices that allows a remote attacker to inject malicious code into legitimate financial applications. The attacker obtains access to victims’ accounts, and eventually completely controls their device.”

Title: DARPA Ramps-Up FHE Encryption Project with Intel
Date Published: March 9, 2021


Excerpt: “The job of each is to create an FHE accelerator hardware and software stack designed to process FHE calculations at a similar speed to unencrypted data operations. In so doing, they will explore the use of CPUs with different sizes of “words” –  the units of data that determine a processor’s design. They’ll try everything from the 64-bit words used in modern processor designs to 1000 bits. They’ll also be looking into “novel approaches to memory management, flexible data structures and programming models, and formal verification methods,” according to DARPA.”

Title: The Launch of Williams New fw43b Car Ruined by Hackers
Date Published: March 8, 2021


Excerpt: “The hackers were able to hack the app, steal the information and leaked the image of the FW43B online before the scheduled launch. The formula 1 team planned to use an augmented reality app to present the car and give the fans an immersive experience, but “the app was hacked prior to launch.” The idea to use an augmented reality app was also a consequence of the ongoing pandemic and the need to involve the fans that were not able to physically participate in the event. The app was designed to allow fans to manipulate the car in its new livery in 3D.”

Title: European Banking Authority Restores Email Service in Wake of Microsoft Exchange Hack
Date Published: March 9, 2021


Excerpt: “The European Banking Authority (EBA) has confirmed it is another victim on the list of organisations affected by vulnerabilities in Microsoft Exchange. The EBA hurriedly pulled its email servers offline over the weekend as it realised that it was among the ranks of those hit by flaws in Microsoft Exchange being targeted by miscreants. While worries about personal data held in emails were a factor in the move, by Monday the authority was feeling confident that the data leaks stopped with its email servers and that no additional information extraction had occurred.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...