OSN April 22, 2021

Fortify Security Team
Apr 26, 2021

Title: Vulnerabilities Were Discovered in Smart Air Fryer
Date Published: April 21, 2021


Excerpt: “The cyber researchers tested the Cosori Smart 5.8-Quart Air Fryer CS158-AF (v.1.1.0) and discovered two vulnerabilities, called CVE-2020-28592 and CVE-2020-28593. CVE-2020-28592 is caused by an unauthenticated backdoor and CVE-2020-28593 is caused by a heap-based overflow issue. Both vulnerabilities could be exploited with the use of crafted traffic packets, although local access may be required for easier exploitation.”

Title: Foreign Spies Target British Nationals With Fake Social Media Profiles
Date Published: April 20, 2021


Excerpt: “At least 10,000 UK nationals have been approached by malicious individuals using fraudulent profiles on the professional networking site, the BBC reports, citing MI5. The agency is now alerting government employees to the threat. According to the report, MI5 warned those who had accepted fraudulent connection requests may have been tricked into sharing sensitive information.”

Title: Prometei Botnet Exploits Exchange Server Bugs to Grow
Date Published: April 22, 2021


Excerpt: “The victimology is quite random and opportunistic rather than highly targeted, which makes it even more dangerous and widespread. Prometei has been observed to be active in systems across a variety of industries, including: finance, insurance, retail, manufacturing, utilities, travel, and construction. After initial exploitation, the botnet is designed to spread across the network in order to install a Monero miner on as many endpoints as possible. To do this, it uses tried-and-tested exploits EternalBlue and BlueKeep, as well as harvesting credentials, and exploiting SMB and RDP alongside other components such as SSH client and SQL spreader.”

Title: Logins for 1.3 Million Windows RDP Servers Collected From Hacker Market
Date Published: April 21, 2021


Excerpt: “Since December 2018, a group of security researchers have had secret access to the database for the UAS marketplace and have been quietly collecting sold RDP credentials for almost three years. During this time period, the researchers have collected the IP addresses, usernames, and passwords, for 1,379,609 RDP accounts that have been sold at UAS since the end of 2018. There are also RDPs servers for many well-known, high-profile companies, with many servers from the healthcare industry.”

Title: Shared Intel: Report Details How Cyber Criminals Leverage HTTPS TLS to Hide Malware
Date Published: April 21, 2021


Excerpt: “What we’re seeing is a more hands-on, adversarial type of approach. Attackers are using nation-state tactics to find a way into an organization and locate the most valuable data. And then they may use off-the-shelf malware to carry out their attack. They’ll use encrypted traffic for any communications back to a command-and-control center or among other attackers in their group.”

Title: Global Trends Will Increase Nation-State Threats for the US in Next 20 Years
Date Published: April 21, 2021


Excerpt: “In releasing the ODNI report to the public, Avril Haines, director national intelligence, said, “The American people should know as much as possible about the threats facing our nation and what their intelligence agencies are doing to protect them. This report provides transparency to Congress and our nation’s citizens with the aim of bolstering trust in our work and institutions.”

Title: Novel Email-Based Campaign Targets Bloomberg Clients With Rats
Date Published: April 21, 2021


Excerpt: “The emails claim to contain an invoice for clients but instead include an attached Excel spreadsheet that contains macro code to either download the next infection stage or drop and run the final payload, which is always a JavaScript- or VB-based RAT “that allows the attacker to take control over the infected system using HTTP over a non-standard TCP port.”

Title: Justice Dept. Creates Task Force To Stop Ransomware Spread
Date Published: April 20, 2021


Excerpt: “Over the next 100 days, the DoE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) will partner with electric utilities to improve technologies and systems that provide visibility, detection, and response capabilities for electric utilities’ industrial control systems. Milestones in the plan aim to identify and deploy systems that enable situational awareness and response for critical ICS and OT networks, and improve IT network security.”

Title: Firefox 88 Patches Bugs and Kills Off a Sneaky Javascript Tracking Trick
Date Published: April 20, 2021


Excerpt: “As you’d expect from a four-weekly Firefox release, there are also numerous security fixes in the 88.0 version. None of them are rated critical, presumably because no one has yet figured out how to turn the more dangerous looking bugs into actual, working exploits. Nevertheless, several of the bugs deal with potentially dangerous and exploitable mismanagement of memory, including a buffer overflow (where you write to the wrong part of memory) and two use-after-free bugs (where you write to memory that has already been turned over for use elsewhere).”

Title: Access Token Theft and Manipulation Attacks – A Door to Local Privilege Escalation
Date Published: April 20, 2021


Excerpt: “Process access token manipulation is one such privilege escalation technique which is widely adopted by malware authors. These set of techniques include process access token theft and impersonation, which eventually allows malware to advance its lateral movement activities across the network in the context of another logged in user or higher privileged user.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...