OSN April 6, 2021

Fortify Security Team
Apr 6, 2021

Title: Kaspersky Uncovers New APAC Cyberespionage Campaign
Date Published: April 5, 2021

https://www.darkreading.com/application-security/kaspersky-uncovers-new-apac-cyberespionage-campaign/d/d-id/1340588

Excerpt: “Kaspersky researchers have uncovered an advanced cyberespionage campaign targeting government and military organizations in Vietnam. They believe this campaign was conducted by a group related to Cycldek, a Chinese-speaking threat group that has been active since at least 2013. New tactics seen in this campaign represent “a major advancement in terms of sophistication,” Kaspersky says in a statement on the findings.”

Title: Data from 553 Million Facebook Accounts Leaked Online
Date Published: April 5, 2021

https://www.darkreading.com/attacks-breaches/data-from-553-million-facebook-accounts-leaked-online/d/d-id/1340589

Excerpt: “This is old data that was previously reported on in 2019,” wrote Liz Bourgeois, Facebook’s director of strategic response communications, in a tweet. “We found and fixed this issue in August 2019.” But while the data itself may be a couple of years old, it could prove relevant and handy to scammers who want to impersonate individuals or launch spear-phishing attacks, wrote Alon Gal, CTO and co-founder at security firm Hudson Rock, in a tweet discussing the massive data leak on April 3. The 553 million Facebook users affected make up about 20% of its total user base.”

Title: How Alleged Iranian Hackers Are Posing as an Israeli Scientist to Spy on Us Medical Professionals
Date Published: April 5, 2021

https://www.proofpoint.com/us/newsroom/news/how-alleged-iranian-hackers-are-posing-israeli-scientist-spy-us-medical-professionals

Excerpt: “Suspected Iranian hackers have impersonated a well-known Israeli physicist as part of a broader campaign to break into the email accounts of some two-dozen medical researchers in Israel and the U.S., email security firm Proofpoint said Wednesday. The intrusion attempts — carefully crafted efforts to spy on senior medical professionals in the genetic, neurology and oncology fields — are the handiwork of the Charming Kitten hacking group, Proofpoint said. A 2019 U.S Justice Department indictment linked the group to the Iranian military.”

Title: The Leap of a Cycldek-Related Threat Actor
Date Published: April 5, 2021

https://securelist.com/the-leap-of-a-cycldek-related-threat-actor/101243/

Excerpt: “In the nebula of Chinese-speaking threat actors, it is quite common to see tools and methodologies being shared. One such example of this is the infamous “DLL side-loading triad”: a legitimate executable, a malicious DLL to be sideloaded by it, and an encoded payload, generally dropped from a self-extracting archive. Initially considered to be the signature of LuckyMouse, we observed other groups starting to use similar “triads” such as HoneyMyte.”

Title: Experts Discovered a Privilege Escalation Issue in Popular Umbraco CMS
Date Published: April 6, 2021

https://securityaffairs.co/wordpress/116381/security/privilege-escalation-umbraco-cms.html

Excerpt: “The vulnerability affects an API endpoint that fails to properly check the user’s authorization prior to returning results found to the application’s logging section. “Umbraco version 8.9.0 (also seen in 8.6.3) has a privilege escalation issue in the core administrative screens which allows a low privileged user to access various resources otherwise limited to higher privileged users.” reads the post published by Trustwave. “The issue exists in an API endpoint that does not properly check the user’s authorization prior to returning results found in the application’s logging section.”

Title: Experts Found Critical Flaws in Rockwell Factorytalk Assetcentre
Date Published: April 6, 2021

https://securityaffairs.co/wordpress/116391/ics-scada/rockwell-factorytalk-assetcentre-flaws.html

Excerpt: “Claroty researchers were able to find deserialization vulnerabilities in a number of remoting services running on FactoryTalk AssetCentre, which handle inter-process communication within an OT network, as well as SQL-injection vulnerabilities in other service functions. These services run with the highest system privileges, meaning that any arbitrary code supplied by an attacker would also execute with those same privileges, allowing full access to the machine.”

Title: ‘Anomalous Surge in DNS Queries’ Knocked Microsoft’s Cloud off the Web Last Week
Date Published: April 6, 2021

https://go.theregister.com/feed/www.theregister.com/2021/04/06/in_brief_security/

Excerpt: “It was a tsunami of DNS queries that ultimately took out a host of Microsoft services, from Xbox Live to Teams, for some netizens about an hour on April Fools’ Day, Redmond has said. Or as the Windows giant put it, the outage was the result of “an anomalous surge in DNS queries from across the globe targeting a set of domains hosted on Azure.” In a postmortem examination of the downtime, Microsoft said the flood of requests triggered a programming flaw in its infrastructure that hampered its ability to cope with the demand.”

Title: Hackers Targeting professionals With ‘more_eggs’ Malware via LinkedIn Job Offers
Date Published: April 6, 2021

https://thehackernews.com/2021/04/hackers-targeting-professionals-with.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29

Excerpt: “Campaigns delivering more_eggs using the same modus operandi have been spotted at least since 2018, with the backdoor attributed to a malware-as-a-service (MaaS) provider called Golden Chickens. The adversaries behind this new wave of attacks remain unknown as yet, although more_eggs has been put to use by various cybercrime groups such as Cobalt, FIN6, and EvilNum in the past.”

Title: Firmware Attacks, a Grey Area in Cybersecurity of Organizations
Date Published: April 5, 2021

http://feedproxy.google.com/~r/rebus/~3/ZsdZRi2AJbo/firmware-attacks-microsoft-survey.html

Excerpt: “The study showed that current investment is going to security updates, vulnerability scanning, and advanced threat protection solutions.” reads the report published by Microsoft. “Yet despite this, many organizations are concerned about malware accessing their system as well as the difficulty in detecting threats, suggesting that firmware is more difficult to monitor and control. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation.”

Title: Ubiquiti All But Confirms Breach Response Iniquity
Date Published: April 4, 2021

https://krebsonsecurity.com/2021/04/ubiquiti-all-but-confirms-breach-response-iniquity/

Excerpt: “In reality, Adam said, the attackers had gained administrative access to Ubiquiti’s servers at Amazon’s cloud service, which secures the underlying server hardware and software but requires the cloud tenant (client) to secure access to any data stored there. “They were able to get cryptographic secrets for single sign-on cookies and remote access, full source code control contents, and signing keys exfiltration.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...