OSN April 14, 2021

Fortify Security Team
Apr 14, 2021

Title: Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes

Date Published: April 14, 2021


Excerpt: “In all, Microsoft released patches for 110 security holes, 19 classified critical in severity and 88 considered important. The most dire of those flaws disclosed is arguably a Win32k elevation of privilege vulnerability (CVE-2021-28310) actively being exploited in the wild by the cybercriminal group BITTER APT.”

Title: Justice Department Announces Court-Authorized Effort to Disrupt Exploitation of Microsoft Exchange Server Vulnerabilities

Date Published: April 13, 2021


Excerpt: “Today’s court-authorized removal of the malicious web shells demonstrates the Department’s commitment to disrupt hacking activity using all of our legal tools, not just prosecutions,” said Assistant Attorney General John C. Demers for the Justice Department’s National Security Division. “Combined with the private sector’s and other government agencies’ efforts to date, including the release of detection tools and patches, we are together showing the strength that public-private partnership brings to our country’s cybersecurity.”

Title: Damaging Linux, macOS Malware Is Hiding in False Browserify NPM Package

Date Published: April 14, 2021


Excerpt: “The malicious package, named “web-browserify” resembles the popular Browserify NPM component which has been downloaded more than 160 million times throughout its lifecycle, with over 1.3 million weekly downloads on NPM alone, being used by 356,000 GitHub repositories. Apparently, the malicious component has been downloaded around 50 times before it was removed from the NPM within two days of its publishing.”

Title: Microsoft Patches Four More Critical Exchange Server Bugs

Date Published: April 14, 2021


Excerpt: “Microsoft released patches for over 100 flaws for the first time this year yesterday, including one being actively exploited in the wild and four new critical Exchange Server bugs reported by the NSA. The haul of 110 CVEs will keep sysadmins busy, with experts highlighting the zero-day elevation of privilege flaw in Win32k (CVE-2021-28310) as worthy of attention.”

Title: Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits

Date Published: April 13, 2021


Excerpt: “Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation. One of the two flaws concerns an insufficient validation of untrusted input in its V8 JavaScript rendering engine (CVE-2021-21220), which was demonstrated by Dataflow Security’s Bruno Keith and Niklas Baumstark at the Pwn2Own 2021 hacking contest last week.”

Title: Behind The Capcom Ransomware Attack

Date Published: April 14, 2021


Excerpt: “It seems that at the time of the attack, Capcom was in the process of boosting its network defenses, therefore the compromised VPN device was on its way out, but in the background of the pandemic pushing for remote work, the old VPN server continued to function as an emergency backup in case of communication problems.”

Title: COVID-Related Threats, PowerShell Attacks Lead Malware Surge


Date Published: April 13, 2021

Excerpt: “The world — and enterprises — adjusted amidst pandemic restrictions and sustained remote challenges, while security threats continued to evolve in complexity and increase in volume,” the report said. “Though a large percentage of employees grew more proficient and productive in working remotely, enterprises endured more opportunistic COVID-19-related campaigns among a new cast of bad-actor schemes. Prominent campaigns such as Sunburst and new ransomware tactics left [security operations centers] SOCs no time to rest.”

Title: Ransomware Attack Causes Supermarket Cheese Shortage in the Netherlands

Date Published: April 12, 2021


Excerpt: “One local media report, Bakker Logistiek director Toon Verhoeven suspected the attackers might have breached the company’s systems by exploiting the recently revealed flaw in Microsoft Exchange Server. Verhoeven says that all of Bakker Logistiek’s IT systems are operational once more after six days of recovery, and that should mean that shops will begin to receive deliveries and shelves will be filled again in the coming days. The company says that it has informed the authorities about the security breach, but is neither confirming or denying whether it paid any ransom to its attackers.”

Title: FireEye: 650 New Threat Groups Were Tracked In 2020

Date Published: April 14, 2021


Excerpt: “Since its launch, Mandiant tracked more than 2,400 threat groups, 650 of them were tracked in 2020. Over the years, the experts combined or eliminated approximately 500 groups, leaving more than 1,900 distinct groups tracked at this time (+100 compared to 2019). The threat actors tracked by Mandiant include nation-state actors, financially motivated groups, and uncategorized groups (known as UNCs).”

Title: Intelligence Report: 4 Nations Pose Serious Cyberthreat to US

Date Published: April 13, 2021


Excerpt: “Threats include disinformation campaigns that target elections and try to undermine democratic institutions as well as aggressive hacking campaigns, such as the SolarWinds supply chain attack, according to the report. In many cases, criminal gangs that maintain mutually beneficial relationships with nation-states pose a threat to the U.S., the report notes.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...