OSN April 21, 2021

Fortify Security Team
Apr 21, 2021

Title: Would Be so Cool If Everyone Normalized These Pesky Data Leaks, Says Data-Leaking Facebook in Leaked Memo
Date Published: April 21, 2021


Excerpt: “Facebook wants you to believe that the scraping of 533 million people’s personal data from its platform, and the dumping of that data online by nefarious people, is something to be “normalized.” A blundering Facebook public relations operative managed to send a journalist a copy an internal document detailing the antisocial network’s strategy for containing the leaking of 533 million accounts – and what the memo contained was infuriating though unsurprising.”

Title: Unsecured Cloud Storage Led to Data Breach at Eversource Energy
Date Published: April 21, 2021


Excerpt: “Following the document shared with Bleeping Computer, the energy company conducted a security examination on March 16 and discovered a cloud data storage folder that was incorrectly configured so that anybody can obtain access to its contents. As soon as they detected the unsecured folder, they secured it and started investigating what data was saved on the folder. It was discovered that this folder contained unencrypted files created in August 2019 that included the personal information of 11,000 Eversource eastern Massachusetts clients.”

Title: Attackers Heavily Targeting VPN Vulnerabilities
Date Published: April 21, 2021


Excerpt: “According to the firm, attackers targeted vulnerabilities in a range of VPN appliances, including one in the Fortinet FortiGate VPN (CVE-2018-13379) and an older, previously patched flaw in Pulse Connect Secure VPN (CVE-2019-11510). Both the Fortinet and Pulse VPN appliances were the subject of a joint advisory last week from the National Security Agency (NSA), FBI, and the Cyber Security & Infrastructure Security Agency (CISA). The advisory warned US organizations of Russia’s Foreign Intelligence Services (SVR) — the actor behind the SolarWinds attack — actively targeting the VPN flaws and flaws in three other products.”

Title: Revil Ransomware Gang Recommends That Apple Buy Back Its Data Stolen in Quanta Hack
Date Published: April 21, 2021


Excerpt: “REvil ransomware gang is attempting to extort Apple ahead of the Apple Spring Loaded event threatening to sell stolen blueprints belonging to the IT giant that were stolen from Quanta Computer. Quanta Computer is a Taiwan-based manufacturer of notebook computers and other electronic hardware. Its customers include Apple Inc., Dell, Hewlett-Packard Inc., Alienware, Amazon.com, Cisco, Fujitsu, Gericom, Lenovo, LG, Maxdata, Microsoft, MPC, BlackBerry Ltd, Sharp Corporation, Siemens AG, Sony, Sun Microsystems, Toshiba, Verizon Wireless, and Vizio.”

Title: Pulse Secure Vulnerability Used to Hack Government Organizations
Date Published: April 21, 2021


Excerpt: “The vulnerability in question was previously exploited in the wild together with other Pulse Secure bugs. Cybersecurity company FireEye suspects that UNC2630 and UNC2717 have been deploying 12 malware strains in these attacks, with UNC2630 threat actor having possible ties to APT5, a known APT group operating on behalf of the Chinese government. At this time, there is no evidence that the threat actors have placed any backdoors through a supply chain attack of Pulse Secure network or software deployment process.”

Title: Zero-Day Vulnerabilities in Sonicwall Email Security Are Being Actively Exploited
Date Published: April 21, 2021


Excerpt: “SonicWall is urging customers to update their Email Security builds to version (Windows) or (Hardware/ESXi Virtual Appliance), which contain hotfixes for the vulnerabilities. Clients signed up for SonicWall Hosted Email Security (HES) products do not need to take further action as patches have been automatically applied in version However, the vendor says the critical vulnerabilities also impact SonicWall ES versions 7.0.0-9.2.2, which are end-of-life, legacy products not entitled to security updates. For users of these versions, SonicWall also urges an immediate upgrade.”

Title: Breaking ABUS Secvest Internet-Connected Alarm Systems (CVE-2020-28973)
Date Published: April 21, 2021


Excerpt: “ABUS Secvest is a wireless alarm system that is marketed at consumers and small businesses. It is usually deployed by a specialized company. A Secvest FUAA50000 controller costs about EUR400. A typical deployment with motion sensors, a siren and door/window sensors can cost thousands of euro’s. In this article I will describe how more than 10.000 internet-connected alarm systems could be hacked and deactivated remotely.”

Title: Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Date Published: April 20, 2021


Excerpt: “The most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.”

Title: Microsoft Partially Fixes Windows 7, Server 2008 Vulnerability
Date Published: April 20, 2021


Excerpt: “Microsoft has silently issued a partial fix for a local privilege escalation (LPE) vulnerability impacting all Windows 7 and Server 2008 R2 devices. This LPE vulnerability (not yet officially tracked using a CVE ID) stems from the misconfiguration of two service registry keys and it allows local attackers to escalate privileges on any fully patched systems.”

Title: A Hacker’s Tour of the x86 CPU Architecture
Date Published: April 20, 2021


Excerpt: “The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers.  While other architectures exist and are even taking some market share with mobile devices such as smartphones and even Apple begin including its ARM M1 chip in newer Macbooks and Mac Mini, this one still stands as the default CPU architecture for modern computer systems, barring embedded and mobile devices.  This architecture supports 64-bit, 32-bit, and 16-bit.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...