OSN April 22, 2021

Fortify Security Team
Apr 26, 2021

Title: Vulnerabilities Were Discovered in Smart Air Fryer
Date Published: April 21, 2021


Excerpt: “The cyber researchers tested the Cosori Smart 5.8-Quart Air Fryer CS158-AF (v.1.1.0) and discovered two vulnerabilities, called CVE-2020-28592 and CVE-2020-28593. CVE-2020-28592 is caused by an unauthenticated backdoor and CVE-2020-28593 is caused by a heap-based overflow issue. Both vulnerabilities could be exploited with the use of crafted traffic packets, although local access may be required for easier exploitation.”

Title: Foreign Spies Target British Nationals With Fake Social Media Profiles
Date Published: April 20, 2021


Excerpt: “At least 10,000 UK nationals have been approached by malicious individuals using fraudulent profiles on the professional networking site, the BBC reports, citing MI5. The agency is now alerting government employees to the threat. According to the report, MI5 warned those who had accepted fraudulent connection requests may have been tricked into sharing sensitive information.”

Title: Prometei Botnet Exploits Exchange Server Bugs to Grow
Date Published: April 22, 2021


Excerpt: “The victimology is quite random and opportunistic rather than highly targeted, which makes it even more dangerous and widespread. Prometei has been observed to be active in systems across a variety of industries, including: finance, insurance, retail, manufacturing, utilities, travel, and construction. After initial exploitation, the botnet is designed to spread across the network in order to install a Monero miner on as many endpoints as possible. To do this, it uses tried-and-tested exploits EternalBlue and BlueKeep, as well as harvesting credentials, and exploiting SMB and RDP alongside other components such as SSH client and SQL spreader.”

Title: Logins for 1.3 Million Windows RDP Servers Collected From Hacker Market
Date Published: April 21, 2021


Excerpt: “Since December 2018, a group of security researchers have had secret access to the database for the UAS marketplace and have been quietly collecting sold RDP credentials for almost three years. During this time period, the researchers have collected the IP addresses, usernames, and passwords, for 1,379,609 RDP accounts that have been sold at UAS since the end of 2018. There are also RDPs servers for many well-known, high-profile companies, with many servers from the healthcare industry.”

Title: Shared Intel: Report Details How Cyber Criminals Leverage HTTPS TLS to Hide Malware
Date Published: April 21, 2021


Excerpt: “What we’re seeing is a more hands-on, adversarial type of approach. Attackers are using nation-state tactics to find a way into an organization and locate the most valuable data. And then they may use off-the-shelf malware to carry out their attack. They’ll use encrypted traffic for any communications back to a command-and-control center or among other attackers in their group.”

Title: Global Trends Will Increase Nation-State Threats for the US in Next 20 Years
Date Published: April 21, 2021


Excerpt: “In releasing the ODNI report to the public, Avril Haines, director national intelligence, said, “The American people should know as much as possible about the threats facing our nation and what their intelligence agencies are doing to protect them. This report provides transparency to Congress and our nation’s citizens with the aim of bolstering trust in our work and institutions.”

Title: Novel Email-Based Campaign Targets Bloomberg Clients With Rats
Date Published: April 21, 2021


Excerpt: “The emails claim to contain an invoice for clients but instead include an attached Excel spreadsheet that contains macro code to either download the next infection stage or drop and run the final payload, which is always a JavaScript- or VB-based RAT “that allows the attacker to take control over the infected system using HTTP over a non-standard TCP port.”

Title: Justice Dept. Creates Task Force To Stop Ransomware Spread
Date Published: April 20, 2021


Excerpt: “Over the next 100 days, the DoE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) will partner with electric utilities to improve technologies and systems that provide visibility, detection, and response capabilities for electric utilities’ industrial control systems. Milestones in the plan aim to identify and deploy systems that enable situational awareness and response for critical ICS and OT networks, and improve IT network security.”

Title: Firefox 88 Patches Bugs and Kills Off a Sneaky Javascript Tracking Trick
Date Published: April 20, 2021


Excerpt: “As you’d expect from a four-weekly Firefox release, there are also numerous security fixes in the 88.0 version. None of them are rated critical, presumably because no one has yet figured out how to turn the more dangerous looking bugs into actual, working exploits. Nevertheless, several of the bugs deal with potentially dangerous and exploitable mismanagement of memory, including a buffer overflow (where you write to the wrong part of memory) and two use-after-free bugs (where you write to memory that has already been turned over for use elsewhere).”

Title: Access Token Theft and Manipulation Attacks – A Door to Local Privilege Escalation
Date Published: April 20, 2021


Excerpt: “Process access token manipulation is one such privilege escalation technique which is widely adopted by malware authors. These set of techniques include process access token theft and impersonation, which eventually allows malware to advance its lateral movement activities across the network in the context of another logged in user or higher privileged user.”

Recent Posts

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...

November 30, 2022

Title: China-Linked UNC4191 APT Relies on USB Devices in Attacks Against Entities in the Philippines Date Published: November 30, 2022 https://securityaffairs.co/wordpress/139097/apt/unc4191-used-usb-devices.html Excerpt: “An alleged China-linked cyberespionage group,...