OSN April 13, 2021

Fortify Security Team
Apr 13, 2021

Title: Google Chrome, Microsoft Edge Zero-Day Vulnerability Shared On Twitter

Date Published: April 13, 2021


Excerpt: “The bad news is that the patch has yet to be implemented into official releases of the major Chromium-based browsers, including Chrome and Edge, that remain vulnerable to the attack. The partially good news is that the code released by Agarwal only allows an attacker to run malicious code on a user’s operating system but is not able to escape the Chrome sandbox, which means that it could not be used to compromise the underlying machine.”

Title: Expired Certificate Caused a Pulse Secure VPN Global Scale Outage

Date Published: April 13, 2021


Excerpt: “The outage stems from a bug related to the improper verification of the signature for Pulse Secure components. The check of the signature was performed on the certificate’s expiration date rather than the timestamp on a digitally signed file. Experts noticed that the code-signing certificate used to sign the file expired on April 12, which means that the signature analyzed was considered not valid and caused the massive outage.”

Title: Name:Wreck Bugs Could Impact 100M IoT Devices

Date Published: April 13, 2021


Excerpt: “The bugs themselves enable either remote code execution or denial of service, with sectors including government, enterprise, healthcare, manufacturing and retail at risk. Plausible but hypothetical scenarios include attackers exploiting the flaws to extort payments from victim organizations by sabotaging critical functions in manufacturing plants, hospitals, hotels and retail facilities.”

Title: Watch Out for This W-2 Phishing Scam Targeting the 2021 Tax Season

Date Published: April 13, 2021


Excerpt: “In the past, companies always sent US tax documents via postal mail but have more recently started to move towards digital delivery of tax documents, such as 1099 and W-2 forms. While the above email does not stand up to scrutiny, for someone who is overwhelmed, receiving a tax form via email would not necessarily trigger suspicion and could lead them to mistakenly clicking on the embedded link. When a recipient clicks on the link to retrieve the document, they are brought to a TypeForm form that includes a blurred out 2020 W-2 tax document pretending to be secured by the Adobe Secure Document service.”

Title: New Malware Downloader Spotted in Targeted Campaigns

Date Published: April 13, 2021


Excerpt: “Attackers are using “contact us” forms on websites to send emails targeting organizations with trumped-up legal threats, researchers said. The messages consistently mention a copyright infringement by a photographer, illustrator or designer, and they contain a link to purported “evidence” for these legal infractions. But the link in actuality leads to a Google page that downloads IcedID (a.k.a. BokBot), which is an information-stealer and loader for other malware.”

Title: Microsoft: 92% Of Microsoft Exchange Server Has Mitigated High-Risk Security Vulnerabilities

Date Published: April 12, 2021


Excerpt: “Statistics show that 92% of Exchange Servers have been repaired or deployed mitigation plans, but there are still 8% of Exchange Servers that are at great risk. Based on serious security threats, Microsoft continues to strongly remind companies to quickly fix this vulnerability. Telemetry data shows that installing the patch will not affect all current normal functions. Microsoft said that companies should immediately fix the vulnerability by installing patches, and if they cannot install patches immediately, they should also deploy mitigation plans in a timely manner.”

Title: Texas Man Charged With Planning to Bomb AWS Data Center


Date Published: April 12, 2021

Excerpt: “The FBI arrested a Texas man on Thursday for allegedly planning to “kill of about 70% of the internet” in a bomb attack targeting an Amazon Web Services (AWS) data center on Smith Switch Road in Ashburn, Virginia. Seth Aaron Pendley, 28, was charged via criminal complaint on Friday morning for attempting to destroy a building using C-4 plastic explosives he tried to buy from an undercover FBI employee.”

Title: IcedID Circulates via Web Forms, Google URLs

Date Published: April 12, 2021


Excerpt: “The CMA said on Friday that Facebook had taken down a further 16,000 groups that were dealing in fake and misleading reviews. The company has also changed the way it identifies, removes, and blocks from its platforms paid content that could mislead Facebook and Instagram users. “We have engaged extensively with the CMA to address this issue,” said a spokesperson for Facebook”.”

Title: Biden Nominates Former NSA Officials for Top Cybersecurity Roles

Date Published: April 12, 2021


Excerpt: “President Biden has formally nominated former NSA official Jen Easterly to become director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). In addition, he reportedly plans to name former NSA deputy director Chris Inglis as the United States’ first-ever national cyber director. Easterly is a former US Army officer with more than 20 years of service in intelligence and cyber operations. She was responsible for standing up the Army’s first cyber battalion and was involved in the design and creation of US Cyber Command, according to a White House statement. Easterly has served at the White House as special assistant to the president and senior director of counterterrorism, as well as deputy director for counterterrorism for the NSA.”

Title: Shiny Hunters Dump Partial Database of Broker Firm Upstox

Date Published: April 12, 2021


Excerpt: “The hacker behind the breach is ShinyHunters who published partial stolen data from Upstox and claimed that the reason behind dumping the data was to send a message to the company. ShinyHunters added that Upstox did not respond to them when the company was informed about the breach. However, since the company admitted on Sunday that its databases had been breached, ShinyHunters has removed the download links from Raid Forums, an infamous hacker forum, and revealed that Upstox has responded and “negotiations” are in process.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...