OSN April 13, 2021

Fortify Security Team
Apr 13, 2021

Title: Google Chrome, Microsoft Edge Zero-Day Vulnerability Shared On Twitter

Date Published: April 13, 2021


Excerpt: “The bad news is that the patch has yet to be implemented into official releases of the major Chromium-based browsers, including Chrome and Edge, that remain vulnerable to the attack. The partially good news is that the code released by Agarwal only allows an attacker to run malicious code on a user’s operating system but is not able to escape the Chrome sandbox, which means that it could not be used to compromise the underlying machine.”

Title: Expired Certificate Caused a Pulse Secure VPN Global Scale Outage

Date Published: April 13, 2021


Excerpt: “The outage stems from a bug related to the improper verification of the signature for Pulse Secure components. The check of the signature was performed on the certificate’s expiration date rather than the timestamp on a digitally signed file. Experts noticed that the code-signing certificate used to sign the file expired on April 12, which means that the signature analyzed was considered not valid and caused the massive outage.”

Title: Name:Wreck Bugs Could Impact 100M IoT Devices

Date Published: April 13, 2021


Excerpt: “The bugs themselves enable either remote code execution or denial of service, with sectors including government, enterprise, healthcare, manufacturing and retail at risk. Plausible but hypothetical scenarios include attackers exploiting the flaws to extort payments from victim organizations by sabotaging critical functions in manufacturing plants, hospitals, hotels and retail facilities.”

Title: Watch Out for This W-2 Phishing Scam Targeting the 2021 Tax Season

Date Published: April 13, 2021


Excerpt: “In the past, companies always sent US tax documents via postal mail but have more recently started to move towards digital delivery of tax documents, such as 1099 and W-2 forms. While the above email does not stand up to scrutiny, for someone who is overwhelmed, receiving a tax form via email would not necessarily trigger suspicion and could lead them to mistakenly clicking on the embedded link. When a recipient clicks on the link to retrieve the document, they are brought to a TypeForm form that includes a blurred out 2020 W-2 tax document pretending to be secured by the Adobe Secure Document service.”

Title: New Malware Downloader Spotted in Targeted Campaigns

Date Published: April 13, 2021


Excerpt: “Attackers are using “contact us” forms on websites to send emails targeting organizations with trumped-up legal threats, researchers said. The messages consistently mention a copyright infringement by a photographer, illustrator or designer, and they contain a link to purported “evidence” for these legal infractions. But the link in actuality leads to a Google page that downloads IcedID (a.k.a. BokBot), which is an information-stealer and loader for other malware.”

Title: Microsoft: 92% Of Microsoft Exchange Server Has Mitigated High-Risk Security Vulnerabilities

Date Published: April 12, 2021


Excerpt: “Statistics show that 92% of Exchange Servers have been repaired or deployed mitigation plans, but there are still 8% of Exchange Servers that are at great risk. Based on serious security threats, Microsoft continues to strongly remind companies to quickly fix this vulnerability. Telemetry data shows that installing the patch will not affect all current normal functions. Microsoft said that companies should immediately fix the vulnerability by installing patches, and if they cannot install patches immediately, they should also deploy mitigation plans in a timely manner.”

Title: Texas Man Charged With Planning to Bomb AWS Data Center


Date Published: April 12, 2021

Excerpt: “The FBI arrested a Texas man on Thursday for allegedly planning to “kill of about 70% of the internet” in a bomb attack targeting an Amazon Web Services (AWS) data center on Smith Switch Road in Ashburn, Virginia. Seth Aaron Pendley, 28, was charged via criminal complaint on Friday morning for attempting to destroy a building using C-4 plastic explosives he tried to buy from an undercover FBI employee.”

Title: IcedID Circulates via Web Forms, Google URLs

Date Published: April 12, 2021


Excerpt: “The CMA said on Friday that Facebook had taken down a further 16,000 groups that were dealing in fake and misleading reviews. The company has also changed the way it identifies, removes, and blocks from its platforms paid content that could mislead Facebook and Instagram users. “We have engaged extensively with the CMA to address this issue,” said a spokesperson for Facebook”.”

Title: Biden Nominates Former NSA Officials for Top Cybersecurity Roles

Date Published: April 12, 2021


Excerpt: “President Biden has formally nominated former NSA official Jen Easterly to become director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). In addition, he reportedly plans to name former NSA deputy director Chris Inglis as the United States’ first-ever national cyber director. Easterly is a former US Army officer with more than 20 years of service in intelligence and cyber operations. She was responsible for standing up the Army’s first cyber battalion and was involved in the design and creation of US Cyber Command, according to a White House statement. Easterly has served at the White House as special assistant to the president and senior director of counterterrorism, as well as deputy director for counterterrorism for the NSA.”

Title: Shiny Hunters Dump Partial Database of Broker Firm Upstox

Date Published: April 12, 2021


Excerpt: “The hacker behind the breach is ShinyHunters who published partial stolen data from Upstox and claimed that the reason behind dumping the data was to send a message to the company. ShinyHunters added that Upstox did not respond to them when the company was informed about the breach. However, since the company admitted on Sunday that its databases had been breached, ShinyHunters has removed the download links from Raid Forums, an infamous hacker forum, and revealed that Upstox has responded and “negotiations” are in process.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...