OSN May 12, 2021

Fortify Security Team
May 12, 2021

Title: All WI-Fi Devices Impacted by New Fragattacks Vulnerabilities
Date Published: May 11, 2021


Excerpt: “Three of these bugs are Wi-Fi 802.11 standard design flaws in the frame aggregation and frame fragmentation functionalities affecting most devices, while others are programming mistakes in Wi-Fi products. “The discovered vulnerabilities affect all modern security protocols of Wi-Fi, including the latest WPA3 specification. Even the original security protocol of Wi-Fi, called WEP, is affected. Attackers abusing these design and implementation flaws have to be in the Wi-Fi range of targeted devices to steal sensitive user data and execute malicious code following successful exploitation, potentially leading to full device takeover.”

Title: TeaBot Trojan Targets Banks via Hijacked Android Handsets
Date Published: May 12, 2021


Excerpt: “TeaBot also can send, intercept or hide SMS messages; enable key-logging functionalities; steal Google Authentications codes; and use Accessibility Services and real-time screen sharing to obtain full remote control of an Android device, according to researchers. We assume that TeaBot, similar to Oscorp, is trying to achieve a real-time interaction with the compromised device combined with the abuse of Android Accessibility Services bypassing the need of a ‘new device enrollment’ to perform an Account Takeover scenario.”

Title: Patch Tuesday, May 2021: Microsoft Delivers 55 Fixed, Patches Four Critical Bugs and Three Zero-Day Vulnerabilities
Date Published: May 12, 2021


Excerpt: “Microsoft’s May Patch Tuesday fixed 55 common and uncommon vulnerabilities. The fixes include Hyper-V, Internet Explorer, HTTP.sys, Microsoft’s Graphic Component, Office suite (i.e., Access, Excel, SharePoint, Word, Microsoft Projected File System FS Filter, RPD Client, SMB, Accessibility Insights for Web, and more. The full list of fixes can be found on Microsoft’s Security Update Guide website. All fixes rolled out as part of May security rollout impact Windows 10 (i.e., version 1909, Windows Server v.1909, version 1809, Windows Server 2019, Win 10 v.2004, Win Server v.2004, Win10 20H2, Win Server v.20H2, Win10 v.1607, Win Server 2016), Windows Server 2012, Win 8.1, Win Server 2012 R2, Win Server 2008 SP2, win 8.1 Windows Server 2012 R2, Win Server 2008 SP2, Win 7 SP1, Win Server 2208 R2, and Exchange Server, versions 2013 through 2019.”

Title: Shining a Light on DARKSIDE Ransomware Operations
Date Published: May 11, 2021


Excerpt: “Mandiant has identified multiple DARKSIDE victims through our incident response engagements and from reports on the DARKSIDE blog. Most of the victim organizations were based in the United States and span across multiple sectors, including financial services, legal, manufacturing, professional services, retail, and technology. The number of publicly named victims on the DARKSIDE blog has increased overall since August 2020, with the exception of a significant dip in the number of victims named during January 2021.”

Title: Latest Microsoft Windows Updates Patch Dozens of Security Flaws
Date Published: May 12, 2021


Excerpt: “The most critical of the flaws addressed is CVE-2021-31166, a wormable remote code execution vulnerability in the HTTP protocol stack. The issue, which could allow an unauthenticated attacker to send a specially crafted packet to a targeted server, is rated 9.8 out of a maximum of 10 on the CVSS scale.  Another vulnerability of note is a remote code execution flaw in Hyper-V (CVE-2021-28476), which also scores the highest severity among all flaws patched this month with a CVSS rating of 9.9.”

Title: FBI, CISA Publish Alert on Darkside Ransomware
Date Published: May 12, 2021


Excerpt: “The alert, published on Tuesday, provides details on DarkSide, malware operators that run a Ransomware-as-a-Service (RaaS) network. DarkSide is responsible for the recent cyberattack on Colonial Pipeline. Last Friday, the fuel giant said a cyberattack had forced the company to halt pipeline operations and temporarily pull IT systems offline to contain the incident, found to be an infection caused by DarkSide affiliates. ”

Title: 328 Weaknesses Found by WA Auditor-General in 50 Local Government Systems
Date Published: May 12, 2021


Excerpt: “Among the findings were entities having a poor awareness of cyber threats, with one case study revealing a user’s account details were stolen because of a phishing attack that was not detected or prevented by the entity’s security controls. “The attack resulted in a fraudulent credit card transaction on the user’s corporate credit card, which was immediately cancelled.” “Further investigation by the entity revealed the attacker downloaded 10GB of entity information in the form of sensitive emails”.”

Title: Researchers Found Three Flaws in Act E-Voting System That Could Affect Election Outcomes
Date Published: May 12, 2021


Excerpt: “The Australian Capital Territory Standing Committee on Justice and Community Safety has been looking into the 2020 ACT Election and the Electoral Act, covering among other things, systems for electronic voting. The COVID-19 Emergency Response Legislation Amendment Act 2020 introduced temporary amendments to the Electoral Act for the October 2020 election. These included the deployment of an overseas electronic voting solution for eligible ACT electors who were abroad. The amendments expired in April.”

Title: Microsoft Outlook Bug Prevents Viewing or Creating Email Worldwide
Date Published: May 11, 2021


Excerpt: “Current status: We’ve identified the underlying cause of impact and are applying a fix. This fix will reach all affected users incrementally over the course of the next four-to-five hours. Once users receive the fix, they will need to restart their email client to apply the fix. In some circumstances, users may need to restart their client a second time for the changes to take effect. We expect to complete this process and restore service for all affected users by May 12, 2021, at 3:00 AM UTC.”

Title: Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader
Date Published: May 11, 2021


Excerpt: “The zero-day vulnerability, which is tracked as CVE-2021-28550, “has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.” Windows users of Adobe Reader may be the only ones currently targeted. However, the bug affects eight versions of the software, including those running on Windows and macOS systems. Versions include. Adobe did not release technical specifics regarding the zero-day vulnerability. Typically, those details become available after users have had an opportunity to apply the fix. “Users can update their product installations manually by choosing Help > Check for Updates,” Adobe wrote in its May security bulletin, posted Tuesday.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...