OSN April 15, 2021

by | Apr 15, 2021 | Open Source News

Title: Cisa Urges Caution for Security Researchers Targeted in Attack Campaign

Date Published: April 14, 2021

https://www.darkreading.com/perimeter/cisa-urges-caution-for-security-researchers-targeted-in-attack-campaign/d/d-id/1340680

Excerpt: The attacks, first disclosed in January, target security researchers working on vulnerability research and development in various organizations. The researchers were contacted on several platforms including Twitter, LinkedIn, Telegram, Discord, Keybase, and email.  The attackers created fraudulent social media profiles to interact with researchers, share videos of claimed exploits, retweet other attacker-controlled accounts, and link to their blog. Their goal was to trick victims into running malicious code, by downloading a file or clicking a link, after gaining their trust.”

Title: Attackers Target ProxyLogon Exploit to Install Cryptolocker

Date Published: April 15, 2021

https://threatpost.com/attackers-target-proxylogon-cryptojacker/165418/

Excerpt: “Cryptojacking can be added to the list of threats that face any unpatched Exchange servers that remain vulnerable to the now-infamous ProxyLogon exploit, new research has found. Researchers discovered the threat actors using Exchange servers compromised using the highly publicized exploit chain—which suffered a barrage of attacks from advanced persistent threat (APT) groups to infect systems with everything from ransomware to webshells—to host Monero crypto mining malware.”

Title: Google Chrome 90 Released With HTTPS as the Default Protocol

Date Published: April 14, 2021

https://www.bleepingcomputer.com/news/google/google-chrome-90-released-with-https-as-the-default-protocol/

Excerpt: “With the release of Chrome 90, any URL entered in the address bar that does not contain a protocol (https:// or https://) will automatically be considered to be an HTTPS connection. For example, if you type example.com in the address bar and press entered, Google Chrome previously would attempt to connect to the URL using the http:// protocol. With Chrome 90, Google has switched the default protocol to https:// to increase security while browsing the web. Furthermore, as many sites redirect HTTP connections to HTTPS connections, this new default will increase performance as browsers will no longer be redirected.”

Title: April 2021 Security Patch Day Fixes a Critical Flaw in SAP Commerce

Date Published: April 15, 2021

https://securityaffairs.co/wordpress/116854/security/sap-commerce-critical-flaw.html

Excerpt: “Similar to SAP’s February Patch Day, the only HotNews note besides the regularly recurring SAP Business Client note #2622660 and the minor update of HotNews #3022422 note, fixes a vulnerability in the Rules Engine of SAP Commerce. SAP Security Note #3040210, tagged with a CVSS score of 9.9 describes that certain authorized users of the SAP Commerce Backoffice application can exploit the scripting capabilities of the Rules engine to inject malicious code in the source rules. This can lead to a remote code execution with critical impact on the system’s confidentiality, integrity, and availability.”

Title: Yikes! Hackers Flood the Web With 100,000 Pages Offering Malicious PDFs

Date Published: April 15, 2021

https://thehackernews.com/2021/04/yikes-cybercriminals-flood-intrenet.html

Excerpt: “Once the RAT is on the victim’s computer and activated, the threat actors can send commands and upload additional malware to the infected system, such as ransomware, a credential stealer, a banking trojan, or simply use the RAT as a foothold into the victim’s network,” researchers from eSentire said in a write-up published on Tuesday.”

Title: Global Attacker Dwell Time Drops to Just 24 Days

Date Published: April 15, 2021

https://www.infosecurity-magazine.com/news/global-attacker-dwell-time-drops/

Excerpt: “Organizations are spotting attackers inside their networks faster than ever before, although the figure for “dwell time” may have been influenced by a surge in ransomware attacks, according to Mandiant. The FireEye-owned forensic specialist’s M-Trends 2021 report was compiled from investigations of targeted attack activity between October 1, 2019 and September 30, 2020.”

Title: Down The Vulnerability Rabbit Hole

https://www.riskbasedsecurity.com/2021/04/15/down-the-vulnerability-rabbit-hole/

Date Published: April 15, 2021

Excerpt: “A vulnerability rabbit hole means that we spent an exorbitant amount of time trying to figure out details for a vulnerability. Hopefully you are already asking yourself the same question we always do, “why should we have to do that?” This is typically the result of a vulnerability disclosure that fell short, in our opinion, either by not providing enough information to make it actionable or by giving conflicting or ambiguous information.”

Title: NSA, FBI, DHS Expose Russian Intelligence Hacking Tradecraft

Date Published: April 15, 2021

https://www.cyberscoop.com/nsa-fbi-dhs-russian-hacking-svr-solarwinds-apt29-cozy-bear/

Excerpt: “The SVR hackers are specifically actively exploiting vulnerabilities in Fortinet FortiGate VPN, Synacor Zimbra Collaboration Suite, Pulse Secure Pulse Connect Secure VPN, Citrix Application Delivery Controller and Gateway and VMware Workspace ONE Access to gain initial footholds into networks, the government said in its alert. The hackers have been using these initial footholds to collect victims’ authentication credentials to burrow further into networks.”

Title: A Look at Digital Attacks on Gaming Resources During the Pandemic

Date Published: April 15, 2021

https://blog.radware.com/security/ddosattacks/2021/04/a-look-at-digital-attacks-on-gaming-resources-during-the-pandemic/

Excerpt: “Back in March, Respawn, the creators of Apex Legends (plagued by DDoS attacks), began banning users for launching DDoS attacks and cheating. This is similar to the 360,000 total accounts Activision banned from Call of Duty and Call of Duty: Warzone and the 91,000 Rainbow Six Siege accounts Ubisoft banned in 2020. But do bans accomplish anything? In my opinion, no. This is mainly because these users who cheat and DDoS can easily skirt the rules, regulations and circumvent the ban by simply making a new account.”

Title: Zero-Day Vulnerability in Desktop Window Manager (CVE-2021-28310) Used in the Wild

Date Published: April 13, 2021

https://securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/

Excerpt: “CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). Due to the lack of bounds checking, attackers are able to create a situation that allows them to write controlled data at a controlled offset using DirectComposition API. DirectComposition is a Windows component that was introduced in Windows 8 to enable bitmap composition with transforms, effects and animations, with support for bitmaps of different sources (GDI, DirectX, etc.).”