OSN April 7, 2021

Fortify Security Team
Apr 7, 2021

Title: Microsoft Teams, Exchange Server, Windows 10 Hacked in Pwn2Own 2021

Date Published: April 6, 2021


Excerpt: “In the Enterprise Communications category, a researcher who goes by OV demonstrated code execution on Microsoft Teams with a pair of vulnerabilities, earning himself $200,000 and 20 points toward Master of Pwn. Team Viettel targeted Windows 10 in the Local Escalation of Privilege category. The team used an integer overflow in Windows 10 to escalate from a regular user and achieve system privileges, earning $40,000 and 4 points toward Master of Pwn.”

Title: Crooks Use Telegram Bots and Google Forms to Automate Phishing

Date Published: April 7, 2021


Excerpt: “Group-IB’s Computer Emergency Response Team (CERT-GIB) analyzed the tools used to create phishing web pages (phishing kits) and discovered that, in the past year, they were most often used to generate web pages mimicking online services (online tools to view documents, online shopping, streaming services, etc.), email clients, and — traditionally — financial organizations. Last year, Group-IB identified phishing kits targeting over 260 unique brands.”

Title: Gigaset Android Smartphones Infected With Malware After Supply Chain Attack

Date Published: April 7, 2021


Excerpt: “The supply chain attack took place around April 1, 2021, the malware was delivered to the Android devices of the German vendor. According to the blog BornCity, multiple users have been reporting malware infections, their devices were infected with adware designed to display unwanted and invasive ads. Many Android users reported the infections on the Google support forums The German website heise.de published a list of the unwanted apps (or package names) and services that have been installed on the devices of the users.”

Title: Critical Auth Bypass Bug Found in VMWare Data Centre Security Product

Date Published: April 7, 2021


Excerpt: “A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the product prior to 1.0.1. Carbon Black Cloud Workload is a data center security product from VMware that aims to protect critical servers and workloads hosted on vSphere, the company’s cloud-computing virtualization platform.”

Title: Pirate Bay: Law Firm Wins Prestigious Industry Award For Dynamic Blocking Injunction

Date Published: April 6, 2021


Excerpt: “The practice is underway in several regions, including in Europe, where thousands of sites are blocked by ISPs. In Sweden, the first big win came in 2017 when the Court of Appeal ruled in favor of Universal Music, Sony Music, Warner Music, and the Swedish film industry, ordering local ISP Bredbandsbolaget to block access to The Pirate Bay. But of course, this was just the beginning.”

Title: Inside the Ransomware Campaigns Targeting Exchange Servers

Date Published: April 6, 2021


Excerpt: “News of ransomware activity first emerged on March 12, only 10 days after Microsoft released the patches, and it arrived as researchers noticed an uptick in ransomware attacks following the disclosure of the Exchange Server zero-days. In the week ending March 30, the number of attacks involving the Exchange Server flaws had tripled to more than 50,000 around the world.”

Title: The Trusted Internet: Who Governs Who Gets to Buy Spyware From Surveillance Software Companies?


Date Published: April 7, 2021

Excerpt: “When hackers get hacked, that’s when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public – including the company’s client list of close to 60 customers. The list included countries such as Sudan, Kazakhstan and Saudi Arabia – despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).”

Title: Security Falls Short in Rapid COVID Cloud Migration

Date Published: April 6, 2021


Excerpt: “The industries with the highest increases in security incidents were retail, manufacturing, and government, which saw incidents rise 402%, 230%, and 205%, respectively. The same industries faced the greatest pressures to adapt and scale in the face of the pandemic — retailers for basic necessities, and manufacturing and government for COVID-19 supplies and aid — researchers note.”

Title: SAP Systems Are Targeted Within 72 Hours After Updates Are Released

Date Published: April 6, 2021


Excerpt: “Furthermore, attackers used proof-of-concept code to attack SAP systems, but also brute-force attacks to take over high-privileged SAP user accounts. The goal of these attacks was to take full control of an SAP deployment in order to modify configurations and user accounts to exfiltrate business information. Sophisticated attackers show a deep knowledge of the SAP architecture, they use to chain multiple vulnerabilities to target specific SAP applications to maximize the efficiency of the intrusions, in many cases experts observed the use of private exploits.”

Title: Malspam with Lokibot vs. Outlook and RFCs

Date Published: April 6, 2021


Excerpt: “Although a missing sender address in an email from an unknown/external sender would be most suspicious to any security-minded recipient, to most regular users the fact that only a (potentially well-known) name would be displayed where a sender address should be could make any message appear much more trustworthy. So even though the use of non-compliant sender addresses probably won’t be the “next big thing” in phishing, it is certainly good to know that it is possible and that it is used in the wild, even if (at least so far) completely unintentionally. And it may also be worth it to mention the corresponding behavior of Outlook in any advanced security awareness classes dealing with targeted attacks that you might teach.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...