OSN April 7, 2021

Fortify Security Team
Apr 7, 2021

Title: Microsoft Teams, Exchange Server, Windows 10 Hacked in Pwn2Own 2021

Date Published: April 6, 2021

https://www.darkreading.com/threat-intelligence/microsoft-teams-exchange-server-windows-10-hacked-in-pwn2own-2021/d/d-id/1340601

Excerpt: “In the Enterprise Communications category, a researcher who goes by OV demonstrated code execution on Microsoft Teams with a pair of vulnerabilities, earning himself $200,000 and 20 points toward Master of Pwn. Team Viettel targeted Windows 10 in the Local Escalation of Privilege category. The team used an integer overflow in Windows 10 to escalate from a regular user and achieve system privileges, earning $40,000 and 4 points toward Master of Pwn.”

Title: Crooks Use Telegram Bots and Google Forms to Automate Phishing

Date Published: April 7, 2021

https://securityaffairs.co/wordpress/116459/cyber-crime/telegram-bots-google-forms-phishing.html

Excerpt: “Group-IB’s Computer Emergency Response Team (CERT-GIB) analyzed the tools used to create phishing web pages (phishing kits) and discovered that, in the past year, they were most often used to generate web pages mimicking online services (online tools to view documents, online shopping, streaming services, etc.), email clients, and — traditionally — financial organizations. Last year, Group-IB identified phishing kits targeting over 260 unique brands.”

Title: Gigaset Android Smartphones Infected With Malware After Supply Chain Attack

Date Published: April 7, 2021

https://securityaffairs.co/wordpress/116450/cyber-crime/gigaset-malware-supply-chain-attack.html

Excerpt: “The supply chain attack took place around April 1, 2021, the malware was delivered to the Android devices of the German vendor. According to the blog BornCity, multiple users have been reporting malware infections, their devices were infected with adware designed to display unwanted and invasive ads. Many Android users reported the infections on the Google support forums The German website heise.de published a list of the unwanted apps (or package names) and services that have been installed on the devices of the users.”

Title: Critical Auth Bypass Bug Found in VMWare Data Centre Security Product

Date Published: April 7, 2021

https://thehackernews.com/2021/04/critical-auth-bypass-bug-found-in.html

Excerpt: “A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the product prior to 1.0.1. Carbon Black Cloud Workload is a data center security product from VMware that aims to protect critical servers and workloads hosted on vSphere, the company’s cloud-computing virtualization platform.”

Title: Pirate Bay: Law Firm Wins Prestigious Industry Award For Dynamic Blocking Injunction

Date Published: April 6, 2021

https://torrentfreak.com/pirate-bay-law-firm-wins-prestigious-industry-award-for-dynamic-blocking-injunction-210403/

Excerpt: “The practice is underway in several regions, including in Europe, where thousands of sites are blocked by ISPs. In Sweden, the first big win came in 2017 when the Court of Appeal ruled in favor of Universal Music, Sony Music, Warner Music, and the Swedish film industry, ordering local ISP Bredbandsbolaget to block access to The Pirate Bay. But of course, this was just the beginning.”

Title: Inside the Ransomware Campaigns Targeting Exchange Servers

Date Published: April 6, 2021

https://www.darkreading.com/attacks-breaches/inside-the-ransomware-campaigns-targeting-exchange-servers/d/d-id/1340582

Excerpt: “News of ransomware activity first emerged on March 12, only 10 days after Microsoft released the patches, and it arrived as researchers noticed an uptick in ransomware attacks following the disclosure of the Exchange Server zero-days. In the week ending March 30, the number of attacks involving the Exchange Server flaws had tripled to more than 50,000 around the world.”

Title: The Trusted Internet: Who Governs Who Gets to Buy Spyware From Surveillance Software Companies?

https://www.f-secure.com/weblog/archives/00002818.html

Date Published: April 7, 2021

Excerpt: “When hackers get hacked, that’s when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public – including the company’s client list of close to 60 customers. The list included countries such as Sudan, Kazakhstan and Saudi Arabia – despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).”

Title: Security Falls Short in Rapid COVID Cloud Migration

Date Published: April 6, 2021

https://www.darkreading.com/cloud/security-falls-short-in-rapid-covid-cloud-migration/d/d-id/1340599

Excerpt: “The industries with the highest increases in security incidents were retail, manufacturing, and government, which saw incidents rise 402%, 230%, and 205%, respectively. The same industries faced the greatest pressures to adapt and scale in the face of the pandemic — retailers for basic necessities, and manufacturing and government for COVID-19 supplies and aid — researchers note.”

Title: SAP Systems Are Targeted Within 72 Hours After Updates Are Released

Date Published: April 6, 2021

https://securityaffairs.co/wordpress/116431/reports/sap-systems-under-attacks.html

Excerpt: “Furthermore, attackers used proof-of-concept code to attack SAP systems, but also brute-force attacks to take over high-privileged SAP user accounts. The goal of these attacks was to take full control of an SAP deployment in order to modify configurations and user accounts to exfiltrate business information. Sophisticated attackers show a deep knowledge of the SAP architecture, they use to chain multiple vulnerabilities to target specific SAP applications to maximize the efficiency of the intrusions, in many cases experts observed the use of private exploits.”

Title: Malspam with Lokibot vs. Outlook and RFCs

Date Published: April 6, 2021

https://isc.sans.edu/forums/diary/Malspam+with+Lokibot+vs+Outlook+and+RFCs/27282/

Excerpt: “Although a missing sender address in an email from an unknown/external sender would be most suspicious to any security-minded recipient, to most regular users the fact that only a (potentially well-known) name would be displayed where a sender address should be could make any message appear much more trustworthy. So even though the use of non-compliant sender addresses probably won’t be the “next big thing” in phishing, it is certainly good to know that it is possible and that it is used in the wild, even if (at least so far) completely unintentionally. And it may also be worth it to mention the corresponding behavior of Outlook in any advanced security awareness classes dealing with targeted attacks that you might teach.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...