OSN April 7, 2021

Fortify Security Team
Apr 7, 2021

Title: Microsoft Teams, Exchange Server, Windows 10 Hacked in Pwn2Own 2021

Date Published: April 6, 2021


Excerpt: “In the Enterprise Communications category, a researcher who goes by OV demonstrated code execution on Microsoft Teams with a pair of vulnerabilities, earning himself $200,000 and 20 points toward Master of Pwn. Team Viettel targeted Windows 10 in the Local Escalation of Privilege category. The team used an integer overflow in Windows 10 to escalate from a regular user and achieve system privileges, earning $40,000 and 4 points toward Master of Pwn.”

Title: Crooks Use Telegram Bots and Google Forms to Automate Phishing

Date Published: April 7, 2021


Excerpt: “Group-IB’s Computer Emergency Response Team (CERT-GIB) analyzed the tools used to create phishing web pages (phishing kits) and discovered that, in the past year, they were most often used to generate web pages mimicking online services (online tools to view documents, online shopping, streaming services, etc.), email clients, and — traditionally — financial organizations. Last year, Group-IB identified phishing kits targeting over 260 unique brands.”

Title: Gigaset Android Smartphones Infected With Malware After Supply Chain Attack

Date Published: April 7, 2021


Excerpt: “The supply chain attack took place around April 1, 2021, the malware was delivered to the Android devices of the German vendor. According to the blog BornCity, multiple users have been reporting malware infections, their devices were infected with adware designed to display unwanted and invasive ads. Many Android users reported the infections on the Google support forums The German website heise.de published a list of the unwanted apps (or package names) and services that have been installed on the devices of the users.”

Title: Critical Auth Bypass Bug Found in VMWare Data Centre Security Product

Date Published: April 7, 2021


Excerpt: “A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the product prior to 1.0.1. Carbon Black Cloud Workload is a data center security product from VMware that aims to protect critical servers and workloads hosted on vSphere, the company’s cloud-computing virtualization platform.”

Title: Pirate Bay: Law Firm Wins Prestigious Industry Award For Dynamic Blocking Injunction

Date Published: April 6, 2021


Excerpt: “The practice is underway in several regions, including in Europe, where thousands of sites are blocked by ISPs. In Sweden, the first big win came in 2017 when the Court of Appeal ruled in favor of Universal Music, Sony Music, Warner Music, and the Swedish film industry, ordering local ISP Bredbandsbolaget to block access to The Pirate Bay. But of course, this was just the beginning.”

Title: Inside the Ransomware Campaigns Targeting Exchange Servers

Date Published: April 6, 2021


Excerpt: “News of ransomware activity first emerged on March 12, only 10 days after Microsoft released the patches, and it arrived as researchers noticed an uptick in ransomware attacks following the disclosure of the Exchange Server zero-days. In the week ending March 30, the number of attacks involving the Exchange Server flaws had tripled to more than 50,000 around the world.”

Title: The Trusted Internet: Who Governs Who Gets to Buy Spyware From Surveillance Software Companies?


Date Published: April 7, 2021

Excerpt: “When hackers get hacked, that’s when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public – including the company’s client list of close to 60 customers. The list included countries such as Sudan, Kazakhstan and Saudi Arabia – despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).”

Title: Security Falls Short in Rapid COVID Cloud Migration

Date Published: April 6, 2021


Excerpt: “The industries with the highest increases in security incidents were retail, manufacturing, and government, which saw incidents rise 402%, 230%, and 205%, respectively. The same industries faced the greatest pressures to adapt and scale in the face of the pandemic — retailers for basic necessities, and manufacturing and government for COVID-19 supplies and aid — researchers note.”

Title: SAP Systems Are Targeted Within 72 Hours After Updates Are Released

Date Published: April 6, 2021


Excerpt: “Furthermore, attackers used proof-of-concept code to attack SAP systems, but also brute-force attacks to take over high-privileged SAP user accounts. The goal of these attacks was to take full control of an SAP deployment in order to modify configurations and user accounts to exfiltrate business information. Sophisticated attackers show a deep knowledge of the SAP architecture, they use to chain multiple vulnerabilities to target specific SAP applications to maximize the efficiency of the intrusions, in many cases experts observed the use of private exploits.”

Title: Malspam with Lokibot vs. Outlook and RFCs

Date Published: April 6, 2021


Excerpt: “Although a missing sender address in an email from an unknown/external sender would be most suspicious to any security-minded recipient, to most regular users the fact that only a (potentially well-known) name would be displayed where a sender address should be could make any message appear much more trustworthy. So even though the use of non-compliant sender addresses probably won’t be the “next big thing” in phishing, it is certainly good to know that it is possible and that it is used in the wild, even if (at least so far) completely unintentionally. And it may also be worth it to mention the corresponding behavior of Outlook in any advanced security awareness classes dealing with targeted attacks that you might teach.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...