OSN May 25, 2021

Fortify Security Team
May 25, 2021

Title: New Bluetooth Flaws Let Attackers Impersonate Legitimate Devices

Date Published: May 24, 2021


Excerpt: “Our attacks work even when the victims are using Bluetooth’s strongest security modes, e.g., SSP and Secure Connections. Our attacks target the standardized Bluetooth authentication procedure, and are therefore effective against any standard compliant Bluetooth device,” the researchers said.The Android Open Source Project (AOSP), Cisco, Cradlepoint, Intel, Microchip Technology, and Red Hat are among the identified vendors with products impacted by these security flaws. AOSP, Cisco, and Microchip Technology said they are currently working to mitigate the issues.”

Title: Apple Fixes MacOS Vulnerability Exploited by XCSSET Malware

Date Published: May 25, 2021


Excerpt: “This threat primarily spreads via Xcode projects and maliciously modified applications created from the malware. It is not yet clear how the threat initially enters these systems. Presumably, these systems would be primarily used by developers. These Xcode projects have been modified such that upon building, these projects would run a malicious code. This eventually leads to the main XCSSET malware being dropped and run on the affected system. Infected users are also vulnerable to having their credentials, accounts, and other vital data stolen.”

Title: Iranian Hacking Group Agrius Pretends to Encrypt Files for a Ransom, Destroys Them Instead

Date Published: May 25, 2021


Excerpt: “The group uses a combination of its own custom toolsets and readily available offensive security software to deploy either a destructive wiper or a custom wiper-turned-ransomware variant.   However, unlike ransomware groups such as Maze and Conti, it doesn’t appear that Agrius is purely motivated by money — instead, the use of ransomware is a new addition and a bolt-on to attacks focused on cyberespionage and destruction.”

Title: New High-Severity Vulnerability Reported in Pulse Connect Secure VPN

Date Published: May 25, 2021


Excerpt: “The flaw, identified as CVE-2021-22908, has a CVSS score of 8.5 out of a maximum of 10 and impacts Pulse Connect Secure versions 9.0Rx and 9.1Rx. In a report detailing the vulnerability, the CERT Coordination Center said the issue stems from the gateway’s ability to connect to Windows file shares through a number of CGI endpoints that could be leveraged to carry out the attack.”

Title: USB Drop Attack

Date Published: May 25, 2021


Excerpt: “This attack is so successful because it takes advantage of humans’ inherent curiosity and/or ability to support others. When there is a device lying around with possibly “juicy” details on it, humans can’t help but grab it to see what’s inside. A successful intruder takes advantage of a victim’s natural interest to convince them to take a USB gadget. When a gadget is taken, the contents are almost always going to be checked by the perpetrator. Attackers will have tempting files or file names within the device to capitalize on the human traits that drew them to the device in the first place.”

Title: The New Group Policies Coming to Windows 10 21h2

Date Published: May 24, 2021


Excerpt: “As Microsoft continues to develop the Windows 10 21H2 feature update, we can use the preview builds to get a glimpse of the upcoming features, changes, and new group policies coming to the operating system this fall. Microsoft just released Windows 10 21H1 last week, but it was not met with much fanfare as it is not a very exciting release. Windows 10 21H2, also known as the Sun Valley update, is poised to be a much more feature-rich version, with a new UI refresh, DNS-over-HTTPS support, a modern disk management tool, new settings, and more.”

Title: Victims Lose Millions to Healthcare Related E-Crime

Date Published: May 24, 2021


Excerpt: “Tactics often include offers for fake insurance cards, health insurance marketplace assistance, stolen health information, or various other scams involving medications, supplements, weight loss products, or diversion/pill mill practices. Criminals usually target victims through spam email, online advertisements, links in forums or on social media, and fraudulent websites.”

Title: Long-Lasting Malware Bot Phorpiex Adapts and Has New Ways of Deployment

Date Published: May 24, 2021


Excerpt: “Since recently, when it has been found out that Phorpiex has the capacity to disable Microsoft Defender, Microsoft specialists looked more closely into the botnet and found out that it is “modifying registry keys to disable firewall and antivirus popups or functionality, overriding proxy and browser settings, setting the loader and executables to run at startup, and adding these executables to the authorized application lists.”

Title: Should Paying Ransoms to Attackers Be Banned?

Date Published: May 24, 2021


Excerpt: “CNA reported being victimized by a “cybersecurity attack” on March 23 that caused a network disruption and affected certain systems, including corporate email. The attack led the company to disconnect its systems, including taking down its website. CNA later confirmed it had been victimized by ransomware. But CNA has not confirmed it paid a ransom. The company did not immediately reply to a request for comment on the Bloomberg report.”

Title: Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Date Published: May 24, 2021


Excerpt: “An easy-to-exploit bug impacting the WordPress plugin ReDi Restaurant Reservation allows unauthenticated attackers to pilfer reservation data and customer personal identifiable information by simply submitting a malicious snippet of JavaScript code into the reservation comment field. The bug affects ReDi Restaurant Reservation versions prior to 21.0307, with a patched (v. 21.0426) version of the plugin available for download. The vulnerability (CVE-2021-24299) is a persistent cross-site scripting (XSS) bug. The flaw is not yet rated.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...