OSN May 4, 2021

Fortify Security Team
May 4, 2021

Title: Pulse Secure Patches Critical Zero-Day Flaw
Date Published: May 4, 2021


Excerpt: “Pulse Secure has patched a critical zero-day vulnerability that was being exploited by multiple APT groups to target US defense companies, among other entities. The security update fixes CVE-2021-22893, a critical authentication bypass vulnerability in the Pulse Connect Secure VPN product which has a CVSS score of 10.0. It was being exploited in combination with bugs from 2019 and 2020, patched by the vendor but not applied by some organizations, to bypass multi-factor authentication on the product. This allowed attackers to deploy webshells for persistence and perform surveillance activities.”

Title: Expert Released POC Exploit for Microsoft Exchange Flaw
Date Published: May 3, 2021


Excerpt: “April 2021 Microsoft Patch Tuesday security updates addressed four critical and high severity vulnerabilities in Exchange Server (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483), some of these flaws were reported by the U.S. National Security Agency (NSA). All the vulnerabilities are remote code execution that could allow attacks to compromise vulnerable installs, for this reason, the IT giant urges its customers to install the latest updates.”

Title: A Critical Component of Cybersecurity: Phishing Security
Date Published: May 4, 2021


Excerpt: “Verizon’s 2020 Data Breach Investigations Report 1 22% of breaches in 2019 involved phishing emails. According to IBM 2020 Cost of Data Breach Study,2 total cost of a data breach averaged $3.86, a 2020 Kaspersky study revealed that enterprises with an internal Security Operation Center (SOC) estimate their financial damage from a cyberattack at $675k. The UK government’s Cyber Security Breaches Survey 2017 found that the average cost of a cybersecurity breach for a large business is £19,600 and for a small to medium-sized business is £1,570.4.”

Title: Don’t Make Headlines Over an Insider Incident: Lessons From the Frontlines
Date Published: May 4, 2021


Excerpt: “These incidents can be rather costly. In a 2020 survey, the Ponemon Institute estimated organizations spend on average $644,852 to recover from an insider threat incident, independent of its motivation. This includes the cost of monitoring and investigating suspected insider events, incident response, containment, eradication and remediation of an insider-provoked incident.”

Title: Social Engineering: Watch Out for These Threats Against Cybersecurity Experts
Date Published: May 3, 2021


Excerpt: “Key to any successful social engineering attack is the need to exploit emotions. One recent social engineering example, identified by Google’s Threat Analysis Group, demonstrates that malicious actors are going to great lengths to pull off their latest con. This novel threat, announced in January 2021 after several months of work, targeted security researchers with tactics we’ll discuss below.”

Title: CyberSecurity and the Growing Use of Medical IoT Devices
Date Published: May 3, 2021


Excerpt: “Another study is the evidence that IoT can either create or destroy the future of the healthcare sector as it is affected by a group of 19 critical vulnerabilities defined by Ripple20, detected in a maximum of 52,000 medical device models along with remote code implementation possibilities.
Major Hackable Devices in the IoT World are: Smart Pens. Infusion and Insulin Pumps. Wireless Vital Monitors. Thermometers and Temperature Sensors. Implantable Cardiac Devices. Security Cameras.”

Title: Why is Virtual Patching Important?
Date Published: May 4, 2021


Excerpt: “Virtual patching is valuable and critical in such scenarios. It shields the vulnerabilities externally and protects the application/ website from attacks, giving organizations and developers time to fix the vulnerability. Organizations do not have to face downtimes and can have their mission-critical components online while they develop a fix or a permanent patch. It is scalable as it does not have to be installed on all hosts and can be implemented from a few locations.”

Title: The New Normal Is Actually Very Normal: Punctuated Equilibrium, Security Cycle Theory, and the “New Normal”
Date Published: May 3, 2021


Excerpt: “The concept of threat adaptation is directly linked to the defense cycle theory which, in the context of security, is called the security cycle theory.  A threat actor launches an attack.  In response, companies improve their security to address the new threats.  As defenses improve, threat actors change their tactics and techniques to adapt to the changing controls.  As the threat actor improves their capabilities the defensive actors necessarily must change their own protections.”

Title: Hack-to-Patch by Law Enforcement Is a Dangerous Practice
Date Published: April 30, 2021


Excerpt: “Perhaps the most compelling reason law enforcement should not be performing hack-to-patch activities is the high potential for unintended collateral damage. Whenever live testing is performed on production systems, practitioners know that most of the work involves providing absolute assurance that no outages, degradations, performance issues, or leaks can occur. Such assurance can never be 100 percent effective, but testers are obliged to establish this as their goal. But this collaboration between the benevolent hacker and the system owners is of course missing in a secret hack like the FBI’s web shell effort.”

Title: Smiledirectclub Reveals Cybersecurity Incident That Could Cost Millions
Date Published: May 3, 2021


Excerpt: “While no data breach has been detected in the SmileDirectClub attack, the company is actively working with forensic IT firms to “understand and quantify” the incident’s impact on the company. The company does carry insurance for expenses and potential liabilities associated with the incident, for which the company expects to pursue coverage.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...