OSN May 12, 2021

Fortify Security Team
May 12, 2021

Title: All WI-Fi Devices Impacted by New Fragattacks Vulnerabilities
Date Published: May 11, 2021


Excerpt: “Three of these bugs are Wi-Fi 802.11 standard design flaws in the frame aggregation and frame fragmentation functionalities affecting most devices, while others are programming mistakes in Wi-Fi products. “The discovered vulnerabilities affect all modern security protocols of Wi-Fi, including the latest WPA3 specification. Even the original security protocol of Wi-Fi, called WEP, is affected. Attackers abusing these design and implementation flaws have to be in the Wi-Fi range of targeted devices to steal sensitive user data and execute malicious code following successful exploitation, potentially leading to full device takeover.”

Title: TeaBot Trojan Targets Banks via Hijacked Android Handsets
Date Published: May 12, 2021


Excerpt: “TeaBot also can send, intercept or hide SMS messages; enable key-logging functionalities; steal Google Authentications codes; and use Accessibility Services and real-time screen sharing to obtain full remote control of an Android device, according to researchers. We assume that TeaBot, similar to Oscorp, is trying to achieve a real-time interaction with the compromised device combined with the abuse of Android Accessibility Services bypassing the need of a ‘new device enrollment’ to perform an Account Takeover scenario.”

Title: Patch Tuesday, May 2021: Microsoft Delivers 55 Fixed, Patches Four Critical Bugs and Three Zero-Day Vulnerabilities
Date Published: May 12, 2021


Excerpt: “Microsoft’s May Patch Tuesday fixed 55 common and uncommon vulnerabilities. The fixes include Hyper-V, Internet Explorer, HTTP.sys, Microsoft’s Graphic Component, Office suite (i.e., Access, Excel, SharePoint, Word, Microsoft Projected File System FS Filter, RPD Client, SMB, Accessibility Insights for Web, and more. The full list of fixes can be found on Microsoft’s Security Update Guide website. All fixes rolled out as part of May security rollout impact Windows 10 (i.e., version 1909, Windows Server v.1909, version 1809, Windows Server 2019, Win 10 v.2004, Win Server v.2004, Win10 20H2, Win Server v.20H2, Win10 v.1607, Win Server 2016), Windows Server 2012, Win 8.1, Win Server 2012 R2, Win Server 2008 SP2, win 8.1 Windows Server 2012 R2, Win Server 2008 SP2, Win 7 SP1, Win Server 2208 R2, and Exchange Server, versions 2013 through 2019.”

Title: Shining a Light on DARKSIDE Ransomware Operations
Date Published: May 11, 2021


Excerpt: “Mandiant has identified multiple DARKSIDE victims through our incident response engagements and from reports on the DARKSIDE blog. Most of the victim organizations were based in the United States and span across multiple sectors, including financial services, legal, manufacturing, professional services, retail, and technology. The number of publicly named victims on the DARKSIDE blog has increased overall since August 2020, with the exception of a significant dip in the number of victims named during January 2021.”

Title: Latest Microsoft Windows Updates Patch Dozens of Security Flaws
Date Published: May 12, 2021


Excerpt: “The most critical of the flaws addressed is CVE-2021-31166, a wormable remote code execution vulnerability in the HTTP protocol stack. The issue, which could allow an unauthenticated attacker to send a specially crafted packet to a targeted server, is rated 9.8 out of a maximum of 10 on the CVSS scale.  Another vulnerability of note is a remote code execution flaw in Hyper-V (CVE-2021-28476), which also scores the highest severity among all flaws patched this month with a CVSS rating of 9.9.”

Title: FBI, CISA Publish Alert on Darkside Ransomware
Date Published: May 12, 2021


Excerpt: “The alert, published on Tuesday, provides details on DarkSide, malware operators that run a Ransomware-as-a-Service (RaaS) network. DarkSide is responsible for the recent cyberattack on Colonial Pipeline. Last Friday, the fuel giant said a cyberattack had forced the company to halt pipeline operations and temporarily pull IT systems offline to contain the incident, found to be an infection caused by DarkSide affiliates. ”

Title: 328 Weaknesses Found by WA Auditor-General in 50 Local Government Systems
Date Published: May 12, 2021


Excerpt: “Among the findings were entities having a poor awareness of cyber threats, with one case study revealing a user’s account details were stolen because of a phishing attack that was not detected or prevented by the entity’s security controls. “The attack resulted in a fraudulent credit card transaction on the user’s corporate credit card, which was immediately cancelled.” “Further investigation by the entity revealed the attacker downloaded 10GB of entity information in the form of sensitive emails”.”

Title: Researchers Found Three Flaws in Act E-Voting System That Could Affect Election Outcomes
Date Published: May 12, 2021


Excerpt: “The Australian Capital Territory Standing Committee on Justice and Community Safety has been looking into the 2020 ACT Election and the Electoral Act, covering among other things, systems for electronic voting. The COVID-19 Emergency Response Legislation Amendment Act 2020 introduced temporary amendments to the Electoral Act for the October 2020 election. These included the deployment of an overseas electronic voting solution for eligible ACT electors who were abroad. The amendments expired in April.”

Title: Microsoft Outlook Bug Prevents Viewing or Creating Email Worldwide
Date Published: May 11, 2021


Excerpt: “Current status: We’ve identified the underlying cause of impact and are applying a fix. This fix will reach all affected users incrementally over the course of the next four-to-five hours. Once users receive the fix, they will need to restart their email client to apply the fix. In some circumstances, users may need to restart their client a second time for the changes to take effect. We expect to complete this process and restore service for all affected users by May 12, 2021, at 3:00 AM UTC.”

Title: Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader
Date Published: May 11, 2021


Excerpt: “The zero-day vulnerability, which is tracked as CVE-2021-28550, “has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.” Windows users of Adobe Reader may be the only ones currently targeted. However, the bug affects eight versions of the software, including those running on Windows and macOS systems. Versions include. Adobe did not release technical specifics regarding the zero-day vulnerability. Typically, those details become available after users have had an opportunity to apply the fix. “Users can update their product installations manually by choosing Help > Check for Updates,” Adobe wrote in its May security bulletin, posted Tuesday.”

Recent Posts

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...

April 26, 2022

Title: CISA Adds 7 Vulnerabilities to List of Bugs Exploited in Attacks Date Published: April 25, 2022 https://www.bleepingcomputer.com/news/security/cisa-adds-7-vulnerabilities-to-list-of-bugs-exploited-in-attacks/ Excerpt: “The U.S. Cybersecurity and Infrastructure...

April 26, 2022

Title: CISA Adds 7 Vulnerabilities to List of Bugs Exploited in Attacks Date Published: April 25, 2022 https://www.bleepingcomputer.com/news/security/cisa-adds-7-vulnerabilities-to-list-of-bugs-exploited-in-attacks/ Excerpt: “The U.S. Cybersecurity and Infrastructure...

April 25, 2022

Title: New Powerful Prynt Stealer Malware Sells for just $100 per Month Date Published: April 25, 2022 https://www.bleepingcomputer.com/news/security/new-powerful-prynt-stealer-malware-sells-for-just-100-per-month/ Excerpt: “Threat analysts have spotted yet another...

April 22, 2022

Title: Docker Servers Hacked in Ongoing Cryptomining Malware Campaign Date Published: April 21, 2022 https://www.bleepingcomputer.com/news/security/docker-servers-hacked-in-ongoing-cryptomining-malware-campaign/ Excerpt: “Docker APIs on Linux servers are being...