OSN May 11, 2021

Fortify Security Team
May 11, 2021

Title: U.S Intelligence Agencies Warn About 5G Network Weaknesses

Date Published: May 11, 2021


Excerpt: “Specifically, the report cites undue influence from adversarial nations on the development of technical standards, which may pave the way for adopting untrusted proprietary technologies and equipment that could be difficult to update, repair, and replace. Also of concern, per the report, are the optional security controls baked into telecommunication protocols, which, if not implemented by network operators, could leave the door open to malicious attacks.”

Title: Everything You Need to Know About the Colonial Pipeline Ransomware Attack

Date Published: May 11, 2021


Excerpt: “However, what appears to have happened is a ransomware outbreak, linked to the DarkSide group, that struck Colonial Pipeline’s networks.  The oil giant said it “proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems.” Colonial Pipeline’s latest update, published on Monday 10, said that remediation is ongoing and each system is being worked on in an “incremental approach”.”

Title: FBI and Australia Acsc Agencies Warn of Ongoing Avaddon Ransomware Attacks

Date Published: May 11, 2021


Excerpt: “The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations worldwide in multiple industries, including government, finance, energy, manufacturing, and healthcare. The alert published by the ACSC provides a list of countries under attack which includes the US, UK, Germany, France, China, Italy, Brazil, India, UAE, France, and Spain.”

Title: Experts Warn of a New Android Banking Trojan Stealing Users’ Credentials

Date Published: May 11, 2021


Excerpt: “In the last link of the attack chain, TeaBot exploits the access to achieve real-time interaction with the compromised device, enabling the adversary to record keystrokes, in addition to taking screenshots and injecting malicious overlays on top of login screens of banking apps to steal credentials and credit card information. Other capabilities of TeaBot include disabling Google Play Protect, intercepting SMS messages, and accessing Google Authenticator 2FA codes. The collected information is then exfiltrated every 10 seconds to a remote server controlled by the attacker.”

Title: #CYBERUK21: We Have Reached a Moment of Reckoning in Cybersecurity, Says GCHQ Director

Date Published: May 11, 2021


Excerpt: “Fleming began his talk by highlighting the greater role technology is playing in our lives as a result of the ongoing COVID-19 pandemic. While accelerated digitization has enabled society to continue functioning while maintaining social distancing restrictions, it has also provided more opportunities for malicious actors to launch cyber-attacks. The result is that cybersecurity is even more relevant to our economy, society, and, increasingly, to our security.”

Title: 80% of Net Neutrality Comments to FCC Were Fudged

Date Published: May 7, 2021


Excerpt: “A secret campaign by the broadband industry to offer support to roll back net neutrality resulted in fake comments comprising more than 40 percent of those sent to the FCC during the public comments phase of its decision, according to the report by the New York State Office of the Attorney General. The industry also sent more than half a million fake letters to Congress to “create the appearance of widespread grassroots opposition to existing net neutrality rules, which as described in an internal campaign planning document would help provide ‘cover’ for the FCC’s proposed repeal.”

Title: 90% of Security Leaders View BOT Management as a Top Priority

Date Published: May 11, 2021


Excerpt: “HUMAN published a research into security leaders’ perceptions of and responses to sophisticated bot attacks. The research, which was conducted by Enterprise Strategy Group (ESG), revealed concerns about the threats bots pose, including site slowdowns caused by overwhelming traffic, new account fraud, credential cracking/brute force attacks, account takeover, content manipulation, sensitive content scraping, and inventory exhaustion and cart abandonment.”

Title: Four Plead Guilty to RICO Conspiracy Involving Hosting Services for Cybercrime

Date Published: May 10, 2021


Excerpt: “The four defendants were founders and/or members of a group that rented IP addresses, servers, and domains to their cybercriminal clients, the Department of Justice reported late last week. Criminals used the infrastructure to spread malware and gain access to victim machines, create botnets, and steal banking credentials that they could use to conduct more fraud.”

Title: App Tracking: Apps Plead for Users to Press Allow, but 85% of Apple Ios Consumers Are Not Opting in

Date Published: May 11, 2021


Excerpt: “Mobile app analytics company Flurry is measuring how many users of iOS 14.5 are opting in to allow apps to request to track them – and so far only 15 percent worldwide have done so. iOS 14.5 was released on April 26 and is gradually rolling out to users with compatible iOS devices. One of its new features is enforcement of what Apple calls AppTrackingTransparency, which means that apps must request permission from the user before tracking them or accessing the Apple device identifier (IDFA).”

Title: Hacking Kerberos With AS-REP Roasting

Date Published: May 11, 2021


Excerpt: “Kerberos, developed by MIT, is a network authentication protocol used in Active Directory most commonly running on port 88 with password management on port 464.
The Kerberos protocol enables a client/user to identify itself to a server (and vice versa) across a network — thus providing strong authentication. However, Kerberos does not Authorize which services the client/user can access (this is normally done by LDAP).”

Recent Posts

June 30, 2022

Title: Google Blocked Dozens of Domains Used by Hack-For-Hire Groups Date Published: June 30, 2022 https://www.bleepingcomputer.com/news/security/google-blocked-dozens-of-domains-used-by-hack-for-hire-groups/ Excerpt: “Google's Threat Analysis Group (TAG) has blocked...

June 28, 2022

Title: Over 900,000 Kubernetes Instances Found Exposed Online Date Published: June 28, 2022 https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/ Excerpt: “Over 900,000 misconfigured Kubernetes clusters were found...

June 27, 2022

Title: CafePress Fined $500,000 for Breach Affecting 23 Million Users Date Published: June 24, 2022 https://www.bleepingcomputer.com/news/security/cafepress-fined-500-000-for-breach-affecting-23-million-users/ Excerpt: “The U.S. Federal Trade Commission (FTC) has...

June 24, 2022

Title: Scalper Bots out of Control in Israel, Selling State Appointments Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/scalper-bots-out-of-control-in-israel-selling-state-appointments/ Excerpt: “Out-of-control scalper bots have created...

June 23, 2022

Title: New MetaMask Phishing Campaign uses KYC Lures to Steal Passphrases Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/new-metamask-phishing-campaign-uses-kyc-lures-to-steal-passphrases/ Excerpt: “A new phishing campaign is targeting...

June 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage Date Published: June 22, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/ Excerpt: “Microsoft has revealed that this week's...

June 21, 2022

Title: Microsoft 365 Outage Affects Microsoft Teams and Exchange Online Date Published: June 21, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-affects-microsoft-teams-and-exchange-online/ Excerpt: “An ongoing outage affects multiple...