OSN May 4, 2021

Fortify Security Team
May 4, 2021

Title: Pulse Secure Patches Critical Zero-Day Flaw
Date Published: May 4, 2021


Excerpt: “Pulse Secure has patched a critical zero-day vulnerability that was being exploited by multiple APT groups to target US defense companies, among other entities. The security update fixes CVE-2021-22893, a critical authentication bypass vulnerability in the Pulse Connect Secure VPN product which has a CVSS score of 10.0. It was being exploited in combination with bugs from 2019 and 2020, patched by the vendor but not applied by some organizations, to bypass multi-factor authentication on the product. This allowed attackers to deploy webshells for persistence and perform surveillance activities.”

Title: Expert Released POC Exploit for Microsoft Exchange Flaw
Date Published: May 3, 2021


Excerpt: “April 2021 Microsoft Patch Tuesday security updates addressed four critical and high severity vulnerabilities in Exchange Server (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483), some of these flaws were reported by the U.S. National Security Agency (NSA). All the vulnerabilities are remote code execution that could allow attacks to compromise vulnerable installs, for this reason, the IT giant urges its customers to install the latest updates.”

Title: A Critical Component of Cybersecurity: Phishing Security
Date Published: May 4, 2021


Excerpt: “Verizon’s 2020 Data Breach Investigations Report 1 22% of breaches in 2019 involved phishing emails. According to IBM 2020 Cost of Data Breach Study,2 total cost of a data breach averaged $3.86, a 2020 Kaspersky study revealed that enterprises with an internal Security Operation Center (SOC) estimate their financial damage from a cyberattack at $675k. The UK government’s Cyber Security Breaches Survey 2017 found that the average cost of a cybersecurity breach for a large business is £19,600 and for a small to medium-sized business is £1,570.4.”

Title: Don’t Make Headlines Over an Insider Incident: Lessons From the Frontlines
Date Published: May 4, 2021


Excerpt: “These incidents can be rather costly. In a 2020 survey, the Ponemon Institute estimated organizations spend on average $644,852 to recover from an insider threat incident, independent of its motivation. This includes the cost of monitoring and investigating suspected insider events, incident response, containment, eradication and remediation of an insider-provoked incident.”

Title: Social Engineering: Watch Out for These Threats Against Cybersecurity Experts
Date Published: May 3, 2021


Excerpt: “Key to any successful social engineering attack is the need to exploit emotions. One recent social engineering example, identified by Google’s Threat Analysis Group, demonstrates that malicious actors are going to great lengths to pull off their latest con. This novel threat, announced in January 2021 after several months of work, targeted security researchers with tactics we’ll discuss below.”

Title: CyberSecurity and the Growing Use of Medical IoT Devices
Date Published: May 3, 2021


Excerpt: “Another study is the evidence that IoT can either create or destroy the future of the healthcare sector as it is affected by a group of 19 critical vulnerabilities defined by Ripple20, detected in a maximum of 52,000 medical device models along with remote code implementation possibilities.
Major Hackable Devices in the IoT World are: Smart Pens. Infusion and Insulin Pumps. Wireless Vital Monitors. Thermometers and Temperature Sensors. Implantable Cardiac Devices. Security Cameras.”

Title: Why is Virtual Patching Important?
Date Published: May 4, 2021


Excerpt: “Virtual patching is valuable and critical in such scenarios. It shields the vulnerabilities externally and protects the application/ website from attacks, giving organizations and developers time to fix the vulnerability. Organizations do not have to face downtimes and can have their mission-critical components online while they develop a fix or a permanent patch. It is scalable as it does not have to be installed on all hosts and can be implemented from a few locations.”

Title: The New Normal Is Actually Very Normal: Punctuated Equilibrium, Security Cycle Theory, and the “New Normal”
Date Published: May 3, 2021


Excerpt: “The concept of threat adaptation is directly linked to the defense cycle theory which, in the context of security, is called the security cycle theory.  A threat actor launches an attack.  In response, companies improve their security to address the new threats.  As defenses improve, threat actors change their tactics and techniques to adapt to the changing controls.  As the threat actor improves their capabilities the defensive actors necessarily must change their own protections.”

Title: Hack-to-Patch by Law Enforcement Is a Dangerous Practice
Date Published: April 30, 2021


Excerpt: “Perhaps the most compelling reason law enforcement should not be performing hack-to-patch activities is the high potential for unintended collateral damage. Whenever live testing is performed on production systems, practitioners know that most of the work involves providing absolute assurance that no outages, degradations, performance issues, or leaks can occur. Such assurance can never be 100 percent effective, but testers are obliged to establish this as their goal. But this collaboration between the benevolent hacker and the system owners is of course missing in a secret hack like the FBI’s web shell effort.”

Title: Smiledirectclub Reveals Cybersecurity Incident That Could Cost Millions
Date Published: May 3, 2021


Excerpt: “While no data breach has been detected in the SmileDirectClub attack, the company is actively working with forensic IT firms to “understand and quantify” the incident’s impact on the company. The company does carry insurance for expenses and potential liabilities associated with the incident, for which the company expects to pursue coverage.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...