OSN April 21, 2021

by | Apr 21, 2021 | Open Source News

Title: Would Be so Cool If Everyone Normalized These Pesky Data Leaks, Says Data-Leaking Facebook in Leaked Memo
Date Published: April 21, 2021

https://www.theregister.com/2021/04/20/facebook_data_breach/

Excerpt: “Facebook wants you to believe that the scraping of 533 million people’s personal data from its platform, and the dumping of that data online by nefarious people, is something to be “normalized.” A blundering Facebook public relations operative managed to send a journalist a copy an internal document detailing the antisocial network’s strategy for containing the leaking of 533 million accounts – and what the memo contained was infuriating though unsurprising.”

Title: Unsecured Cloud Storage Led to Data Breach at Eversource Energy
Date Published: April 21, 2021

https://heimdalsecurity.com/blog/unsecured-cloud-storage-led-to-data-breach-at-eversource-energy/

Excerpt: “Following the document shared with Bleeping Computer, the energy company conducted a security examination on March 16 and discovered a cloud data storage folder that was incorrectly configured so that anybody can obtain access to its contents. As soon as they detected the unsecured folder, they secured it and started investigating what data was saved on the folder. It was discovered that this folder contained unencrypted files created in August 2019 that included the personal information of 11,000 Eversource eastern Massachusetts clients.”

Title: Attackers Heavily Targeting VPN Vulnerabilities
Date Published: April 21, 2021

https://www.bleepingcomputer.com/news/security/hundreds-of-networks-reportedly-hacked-in-codecov-supply-chain-attack/

Excerpt: “According to the firm, attackers targeted vulnerabilities in a range of VPN appliances, including one in the Fortinet FortiGate VPN (CVE-2018-13379) and an older, previously patched flaw in Pulse Connect Secure VPN (CVE-2019-11510). Both the Fortinet and Pulse VPN appliances were the subject of a joint advisory last week from the National Security Agency (NSA), FBI, and the Cyber Security & Infrastructure Security Agency (CISA). The advisory warned US organizations of Russia’s Foreign Intelligence Services (SVR) — the actor behind the SolarWinds attack — actively targeting the VPN flaws and flaws in three other products.”

Title: Revil Ransomware Gang Recommends That Apple Buy Back Its Data Stolen in Quanta Hack
Date Published: April 21, 2021

https://securityaffairs.co/wordpress/117083/cyber-crime/revil-ransomware-apple-quanta.html

Excerpt: “REvil ransomware gang is attempting to extort Apple ahead of the Apple Spring Loaded event threatening to sell stolen blueprints belonging to the IT giant that were stolen from Quanta Computer. Quanta Computer is a Taiwan-based manufacturer of notebook computers and other electronic hardware. Its customers include Apple Inc., Dell, Hewlett-Packard Inc., Alienware, Amazon.com, Cisco, Fujitsu, Gericom, Lenovo, LG, Maxdata, Microsoft, MPC, BlackBerry Ltd, Sharp Corporation, Siemens AG, Sony, Sun Microsystems, Toshiba, Verizon Wireless, and Vizio.”

Title: Pulse Secure Vulnerability Used to Hack Government Organizations
Date Published: April 21, 2021

https://heimdalsecurity.com/blog/pulse-secure-hack/

Excerpt: “The vulnerability in question was previously exploited in the wild together with other Pulse Secure bugs. Cybersecurity company FireEye suspects that UNC2630 and UNC2717 have been deploying 12 malware strains in these attacks, with UNC2630 threat actor having possible ties to APT5, a known APT group operating on behalf of the Chinese government. At this time, there is no evidence that the threat actors have placed any backdoors through a supply chain attack of Pulse Secure network or software deployment process.”

Title: Zero-Day Vulnerabilities in Sonicwall Email Security Are Being Actively Exploited
Date Published: April 21, 2021

https://www.zdnet.com/article/zero-day-vulnerabilities-in-sonicwall-email-security-are-being-exploited-in-the-wild/

Excerpt: “SonicWall is urging customers to update their Email Security builds to version 10.0.9.6173 (Windows) or 10.0.9.6177 (Hardware/ESXi Virtual Appliance), which contain hotfixes for the vulnerabilities. Clients signed up for SonicWall Hosted Email Security (HES) products do not need to take further action as patches have been automatically applied in version 10.0.9.6173. However, the vendor says the critical vulnerabilities also impact SonicWall ES versions 7.0.0-9.2.2, which are end-of-life, legacy products not entitled to security updates. For users of these versions, SonicWall also urges an immediate upgrade.”

Title: Breaking ABUS Secvest Internet-Connected Alarm Systems (CVE-2020-28973)
Date Published: April 21, 2021

https://eye.security/nl/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973

Excerpt: “ABUS Secvest is a wireless alarm system that is marketed at consumers and small businesses. It is usually deployed by a specialized company. A Secvest FUAA50000 controller costs about EUR400. A typical deployment with motion sensors, a siren and door/window sensors can cost thousands of euro’s. In this article I will describe how more than 10.000 internet-connected alarm systems could be hacked and deactivated remotely.”

Title: Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Date Published: April 20, 2021

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2021-054/

Excerpt: “The most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.”

Title: Microsoft Partially Fixes Windows 7, Server 2008 Vulnerability
Date Published: April 20, 2021

https://www.bleepingcomputer.com/news/security/microsoft-partially-fixes-windows-7-server-2008-vulnerability/

Excerpt: “Microsoft has silently issued a partial fix for a local privilege escalation (LPE) vulnerability impacting all Windows 7 and Server 2008 R2 devices. This LPE vulnerability (not yet officially tracked using a CVE ID) stems from the misconfiguration of two service registry keys and it allows local attackers to escalate privileges on any fully patched systems.”

Title: A Hacker’s Tour of the x86 CPU Architecture
Date Published: April 20, 2021

https://secureideas.com/blog/2021/04/a-hackers-tour-of-the-x86-cpu-architecture.html

Excerpt: “The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers.  While other architectures exist and are even taking some market share with mobile devices such as smartphones and even Apple begin including its ARM M1 chip in newer Macbooks and Mac Mini, this one still stands as the default CPU architecture for modern computer systems, barring embedded and mobile devices.  This architecture supports 64-bit, 32-bit, and 16-bit.”