OSN May 12, 2021

Fortify Security Team
May 12, 2021

Title: All WI-Fi Devices Impacted by New Fragattacks Vulnerabilities
Date Published: May 11, 2021


Excerpt: “Three of these bugs are Wi-Fi 802.11 standard design flaws in the frame aggregation and frame fragmentation functionalities affecting most devices, while others are programming mistakes in Wi-Fi products. “The discovered vulnerabilities affect all modern security protocols of Wi-Fi, including the latest WPA3 specification. Even the original security protocol of Wi-Fi, called WEP, is affected. Attackers abusing these design and implementation flaws have to be in the Wi-Fi range of targeted devices to steal sensitive user data and execute malicious code following successful exploitation, potentially leading to full device takeover.”

Title: TeaBot Trojan Targets Banks via Hijacked Android Handsets
Date Published: May 12, 2021


Excerpt: “TeaBot also can send, intercept or hide SMS messages; enable key-logging functionalities; steal Google Authentications codes; and use Accessibility Services and real-time screen sharing to obtain full remote control of an Android device, according to researchers. We assume that TeaBot, similar to Oscorp, is trying to achieve a real-time interaction with the compromised device combined with the abuse of Android Accessibility Services bypassing the need of a ‘new device enrollment’ to perform an Account Takeover scenario.”

Title: Patch Tuesday, May 2021: Microsoft Delivers 55 Fixed, Patches Four Critical Bugs and Three Zero-Day Vulnerabilities
Date Published: May 12, 2021


Excerpt: “Microsoft’s May Patch Tuesday fixed 55 common and uncommon vulnerabilities. The fixes include Hyper-V, Internet Explorer, HTTP.sys, Microsoft’s Graphic Component, Office suite (i.e., Access, Excel, SharePoint, Word, Microsoft Projected File System FS Filter, RPD Client, SMB, Accessibility Insights for Web, and more. The full list of fixes can be found on Microsoft’s Security Update Guide website. All fixes rolled out as part of May security rollout impact Windows 10 (i.e., version 1909, Windows Server v.1909, version 1809, Windows Server 2019, Win 10 v.2004, Win Server v.2004, Win10 20H2, Win Server v.20H2, Win10 v.1607, Win Server 2016), Windows Server 2012, Win 8.1, Win Server 2012 R2, Win Server 2008 SP2, win 8.1 Windows Server 2012 R2, Win Server 2008 SP2, Win 7 SP1, Win Server 2208 R2, and Exchange Server, versions 2013 through 2019.”

Title: Shining a Light on DARKSIDE Ransomware Operations
Date Published: May 11, 2021


Excerpt: “Mandiant has identified multiple DARKSIDE victims through our incident response engagements and from reports on the DARKSIDE blog. Most of the victim organizations were based in the United States and span across multiple sectors, including financial services, legal, manufacturing, professional services, retail, and technology. The number of publicly named victims on the DARKSIDE blog has increased overall since August 2020, with the exception of a significant dip in the number of victims named during January 2021.”

Title: Latest Microsoft Windows Updates Patch Dozens of Security Flaws
Date Published: May 12, 2021


Excerpt: “The most critical of the flaws addressed is CVE-2021-31166, a wormable remote code execution vulnerability in the HTTP protocol stack. The issue, which could allow an unauthenticated attacker to send a specially crafted packet to a targeted server, is rated 9.8 out of a maximum of 10 on the CVSS scale.  Another vulnerability of note is a remote code execution flaw in Hyper-V (CVE-2021-28476), which also scores the highest severity among all flaws patched this month with a CVSS rating of 9.9.”

Title: FBI, CISA Publish Alert on Darkside Ransomware
Date Published: May 12, 2021


Excerpt: “The alert, published on Tuesday, provides details on DarkSide, malware operators that run a Ransomware-as-a-Service (RaaS) network. DarkSide is responsible for the recent cyberattack on Colonial Pipeline. Last Friday, the fuel giant said a cyberattack had forced the company to halt pipeline operations and temporarily pull IT systems offline to contain the incident, found to be an infection caused by DarkSide affiliates. ”

Title: 328 Weaknesses Found by WA Auditor-General in 50 Local Government Systems
Date Published: May 12, 2021


Excerpt: “Among the findings were entities having a poor awareness of cyber threats, with one case study revealing a user’s account details were stolen because of a phishing attack that was not detected or prevented by the entity’s security controls. “The attack resulted in a fraudulent credit card transaction on the user’s corporate credit card, which was immediately cancelled.” “Further investigation by the entity revealed the attacker downloaded 10GB of entity information in the form of sensitive emails”.”

Title: Researchers Found Three Flaws in Act E-Voting System That Could Affect Election Outcomes
Date Published: May 12, 2021


Excerpt: “The Australian Capital Territory Standing Committee on Justice and Community Safety has been looking into the 2020 ACT Election and the Electoral Act, covering among other things, systems for electronic voting. The COVID-19 Emergency Response Legislation Amendment Act 2020 introduced temporary amendments to the Electoral Act for the October 2020 election. These included the deployment of an overseas electronic voting solution for eligible ACT electors who were abroad. The amendments expired in April.”

Title: Microsoft Outlook Bug Prevents Viewing or Creating Email Worldwide
Date Published: May 11, 2021


Excerpt: “Current status: We’ve identified the underlying cause of impact and are applying a fix. This fix will reach all affected users incrementally over the course of the next four-to-five hours. Once users receive the fix, they will need to restart their email client to apply the fix. In some circumstances, users may need to restart their client a second time for the changes to take effect. We expect to complete this process and restore service for all affected users by May 12, 2021, at 3:00 AM UTC.”

Title: Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader
Date Published: May 11, 2021


Excerpt: “The zero-day vulnerability, which is tracked as CVE-2021-28550, “has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.” Windows users of Adobe Reader may be the only ones currently targeted. However, the bug affects eight versions of the software, including those running on Windows and macOS systems. Versions include. Adobe did not release technical specifics regarding the zero-day vulnerability. Typically, those details become available after users have had an opportunity to apply the fix. “Users can update their product installations manually by choosing Help > Check for Updates,” Adobe wrote in its May security bulletin, posted Tuesday.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...