OSN April 21, 2021

Fortify Security Team
Apr 21, 2021

Title: Would Be so Cool If Everyone Normalized These Pesky Data Leaks, Says Data-Leaking Facebook in Leaked Memo
Date Published: April 21, 2021


Excerpt: “Facebook wants you to believe that the scraping of 533 million people’s personal data from its platform, and the dumping of that data online by nefarious people, is something to be “normalized.” A blundering Facebook public relations operative managed to send a journalist a copy an internal document detailing the antisocial network’s strategy for containing the leaking of 533 million accounts – and what the memo contained was infuriating though unsurprising.”

Title: Unsecured Cloud Storage Led to Data Breach at Eversource Energy
Date Published: April 21, 2021


Excerpt: “Following the document shared with Bleeping Computer, the energy company conducted a security examination on March 16 and discovered a cloud data storage folder that was incorrectly configured so that anybody can obtain access to its contents. As soon as they detected the unsecured folder, they secured it and started investigating what data was saved on the folder. It was discovered that this folder contained unencrypted files created in August 2019 that included the personal information of 11,000 Eversource eastern Massachusetts clients.”

Title: Attackers Heavily Targeting VPN Vulnerabilities
Date Published: April 21, 2021


Excerpt: “According to the firm, attackers targeted vulnerabilities in a range of VPN appliances, including one in the Fortinet FortiGate VPN (CVE-2018-13379) and an older, previously patched flaw in Pulse Connect Secure VPN (CVE-2019-11510). Both the Fortinet and Pulse VPN appliances were the subject of a joint advisory last week from the National Security Agency (NSA), FBI, and the Cyber Security & Infrastructure Security Agency (CISA). The advisory warned US organizations of Russia’s Foreign Intelligence Services (SVR) — the actor behind the SolarWinds attack — actively targeting the VPN flaws and flaws in three other products.”

Title: Revil Ransomware Gang Recommends That Apple Buy Back Its Data Stolen in Quanta Hack
Date Published: April 21, 2021


Excerpt: “REvil ransomware gang is attempting to extort Apple ahead of the Apple Spring Loaded event threatening to sell stolen blueprints belonging to the IT giant that were stolen from Quanta Computer. Quanta Computer is a Taiwan-based manufacturer of notebook computers and other electronic hardware. Its customers include Apple Inc., Dell, Hewlett-Packard Inc., Alienware, Amazon.com, Cisco, Fujitsu, Gericom, Lenovo, LG, Maxdata, Microsoft, MPC, BlackBerry Ltd, Sharp Corporation, Siemens AG, Sony, Sun Microsystems, Toshiba, Verizon Wireless, and Vizio.”

Title: Pulse Secure Vulnerability Used to Hack Government Organizations
Date Published: April 21, 2021


Excerpt: “The vulnerability in question was previously exploited in the wild together with other Pulse Secure bugs. Cybersecurity company FireEye suspects that UNC2630 and UNC2717 have been deploying 12 malware strains in these attacks, with UNC2630 threat actor having possible ties to APT5, a known APT group operating on behalf of the Chinese government. At this time, there is no evidence that the threat actors have placed any backdoors through a supply chain attack of Pulse Secure network or software deployment process.”

Title: Zero-Day Vulnerabilities in Sonicwall Email Security Are Being Actively Exploited
Date Published: April 21, 2021


Excerpt: “SonicWall is urging customers to update their Email Security builds to version (Windows) or (Hardware/ESXi Virtual Appliance), which contain hotfixes for the vulnerabilities. Clients signed up for SonicWall Hosted Email Security (HES) products do not need to take further action as patches have been automatically applied in version However, the vendor says the critical vulnerabilities also impact SonicWall ES versions 7.0.0-9.2.2, which are end-of-life, legacy products not entitled to security updates. For users of these versions, SonicWall also urges an immediate upgrade.”

Title: Breaking ABUS Secvest Internet-Connected Alarm Systems (CVE-2020-28973)
Date Published: April 21, 2021


Excerpt: “ABUS Secvest is a wireless alarm system that is marketed at consumers and small businesses. It is usually deployed by a specialized company. A Secvest FUAA50000 controller costs about EUR400. A typical deployment with motion sensors, a siren and door/window sensors can cost thousands of euro’s. In this article I will describe how more than 10.000 internet-connected alarm systems could be hacked and deactivated remotely.”

Title: Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Date Published: April 20, 2021


Excerpt: “The most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.”

Title: Microsoft Partially Fixes Windows 7, Server 2008 Vulnerability
Date Published: April 20, 2021


Excerpt: “Microsoft has silently issued a partial fix for a local privilege escalation (LPE) vulnerability impacting all Windows 7 and Server 2008 R2 devices. This LPE vulnerability (not yet officially tracked using a CVE ID) stems from the misconfiguration of two service registry keys and it allows local attackers to escalate privileges on any fully patched systems.”

Title: A Hacker’s Tour of the x86 CPU Architecture
Date Published: April 20, 2021


Excerpt: “The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers.  While other architectures exist and are even taking some market share with mobile devices such as smartphones and even Apple begin including its ARM M1 chip in newer Macbooks and Mac Mini, this one still stands as the default CPU architecture for modern computer systems, barring embedded and mobile devices.  This architecture supports 64-bit, 32-bit, and 16-bit.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...