OSN April 13, 2021

Fortify Security Team
Apr 13, 2021

Title: Google Chrome, Microsoft Edge Zero-Day Vulnerability Shared On Twitter

Date Published: April 13, 2021


Excerpt: “The bad news is that the patch has yet to be implemented into official releases of the major Chromium-based browsers, including Chrome and Edge, that remain vulnerable to the attack. The partially good news is that the code released by Agarwal only allows an attacker to run malicious code on a user’s operating system but is not able to escape the Chrome sandbox, which means that it could not be used to compromise the underlying machine.”

Title: Expired Certificate Caused a Pulse Secure VPN Global Scale Outage

Date Published: April 13, 2021


Excerpt: “The outage stems from a bug related to the improper verification of the signature for Pulse Secure components. The check of the signature was performed on the certificate’s expiration date rather than the timestamp on a digitally signed file. Experts noticed that the code-signing certificate used to sign the file expired on April 12, which means that the signature analyzed was considered not valid and caused the massive outage.”

Title: Name:Wreck Bugs Could Impact 100M IoT Devices

Date Published: April 13, 2021


Excerpt: “The bugs themselves enable either remote code execution or denial of service, with sectors including government, enterprise, healthcare, manufacturing and retail at risk. Plausible but hypothetical scenarios include attackers exploiting the flaws to extort payments from victim organizations by sabotaging critical functions in manufacturing plants, hospitals, hotels and retail facilities.”

Title: Watch Out for This W-2 Phishing Scam Targeting the 2021 Tax Season

Date Published: April 13, 2021


Excerpt: “In the past, companies always sent US tax documents via postal mail but have more recently started to move towards digital delivery of tax documents, such as 1099 and W-2 forms. While the above email does not stand up to scrutiny, for someone who is overwhelmed, receiving a tax form via email would not necessarily trigger suspicion and could lead them to mistakenly clicking on the embedded link. When a recipient clicks on the link to retrieve the document, they are brought to a TypeForm form that includes a blurred out 2020 W-2 tax document pretending to be secured by the Adobe Secure Document service.”

Title: New Malware Downloader Spotted in Targeted Campaigns

Date Published: April 13, 2021


Excerpt: “Attackers are using “contact us” forms on websites to send emails targeting organizations with trumped-up legal threats, researchers said. The messages consistently mention a copyright infringement by a photographer, illustrator or designer, and they contain a link to purported “evidence” for these legal infractions. But the link in actuality leads to a Google page that downloads IcedID (a.k.a. BokBot), which is an information-stealer and loader for other malware.”

Title: Microsoft: 92% Of Microsoft Exchange Server Has Mitigated High-Risk Security Vulnerabilities

Date Published: April 12, 2021


Excerpt: “Statistics show that 92% of Exchange Servers have been repaired or deployed mitigation plans, but there are still 8% of Exchange Servers that are at great risk. Based on serious security threats, Microsoft continues to strongly remind companies to quickly fix this vulnerability. Telemetry data shows that installing the patch will not affect all current normal functions. Microsoft said that companies should immediately fix the vulnerability by installing patches, and if they cannot install patches immediately, they should also deploy mitigation plans in a timely manner.”

Title: Texas Man Charged With Planning to Bomb AWS Data Center


Date Published: April 12, 2021

Excerpt: “The FBI arrested a Texas man on Thursday for allegedly planning to “kill of about 70% of the internet” in a bomb attack targeting an Amazon Web Services (AWS) data center on Smith Switch Road in Ashburn, Virginia. Seth Aaron Pendley, 28, was charged via criminal complaint on Friday morning for attempting to destroy a building using C-4 plastic explosives he tried to buy from an undercover FBI employee.”

Title: IcedID Circulates via Web Forms, Google URLs

Date Published: April 12, 2021


Excerpt: “The CMA said on Friday that Facebook had taken down a further 16,000 groups that were dealing in fake and misleading reviews. The company has also changed the way it identifies, removes, and blocks from its platforms paid content that could mislead Facebook and Instagram users. “We have engaged extensively with the CMA to address this issue,” said a spokesperson for Facebook”.”

Title: Biden Nominates Former NSA Officials for Top Cybersecurity Roles

Date Published: April 12, 2021


Excerpt: “President Biden has formally nominated former NSA official Jen Easterly to become director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). In addition, he reportedly plans to name former NSA deputy director Chris Inglis as the United States’ first-ever national cyber director. Easterly is a former US Army officer with more than 20 years of service in intelligence and cyber operations. She was responsible for standing up the Army’s first cyber battalion and was involved in the design and creation of US Cyber Command, according to a White House statement. Easterly has served at the White House as special assistant to the president and senior director of counterterrorism, as well as deputy director for counterterrorism for the NSA.”

Title: Shiny Hunters Dump Partial Database of Broker Firm Upstox

Date Published: April 12, 2021


Excerpt: “The hacker behind the breach is ShinyHunters who published partial stolen data from Upstox and claimed that the reason behind dumping the data was to send a message to the company. ShinyHunters added that Upstox did not respond to them when the company was informed about the breach. However, since the company admitted on Sunday that its databases had been breached, ShinyHunters has removed the download links from Raid Forums, an infamous hacker forum, and revealed that Upstox has responded and “negotiations” are in process.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...