OSN May 4, 2021

Fortify Security Team
May 4, 2021

Title: Pulse Secure Patches Critical Zero-Day Flaw
Date Published: May 4, 2021


Excerpt: “Pulse Secure has patched a critical zero-day vulnerability that was being exploited by multiple APT groups to target US defense companies, among other entities. The security update fixes CVE-2021-22893, a critical authentication bypass vulnerability in the Pulse Connect Secure VPN product which has a CVSS score of 10.0. It was being exploited in combination with bugs from 2019 and 2020, patched by the vendor but not applied by some organizations, to bypass multi-factor authentication on the product. This allowed attackers to deploy webshells for persistence and perform surveillance activities.”

Title: Expert Released POC Exploit for Microsoft Exchange Flaw
Date Published: May 3, 2021


Excerpt: “April 2021 Microsoft Patch Tuesday security updates addressed four critical and high severity vulnerabilities in Exchange Server (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483), some of these flaws were reported by the U.S. National Security Agency (NSA). All the vulnerabilities are remote code execution that could allow attacks to compromise vulnerable installs, for this reason, the IT giant urges its customers to install the latest updates.”

Title: A Critical Component of Cybersecurity: Phishing Security
Date Published: May 4, 2021


Excerpt: “Verizon’s 2020 Data Breach Investigations Report 1 22% of breaches in 2019 involved phishing emails. According to IBM 2020 Cost of Data Breach Study,2 total cost of a data breach averaged $3.86, a 2020 Kaspersky study revealed that enterprises with an internal Security Operation Center (SOC) estimate their financial damage from a cyberattack at $675k. The UK government’s Cyber Security Breaches Survey 2017 found that the average cost of a cybersecurity breach for a large business is £19,600 and for a small to medium-sized business is £1,570.4.”

Title: Don’t Make Headlines Over an Insider Incident: Lessons From the Frontlines
Date Published: May 4, 2021


Excerpt: “These incidents can be rather costly. In a 2020 survey, the Ponemon Institute estimated organizations spend on average $644,852 to recover from an insider threat incident, independent of its motivation. This includes the cost of monitoring and investigating suspected insider events, incident response, containment, eradication and remediation of an insider-provoked incident.”

Title: Social Engineering: Watch Out for These Threats Against Cybersecurity Experts
Date Published: May 3, 2021


Excerpt: “Key to any successful social engineering attack is the need to exploit emotions. One recent social engineering example, identified by Google’s Threat Analysis Group, demonstrates that malicious actors are going to great lengths to pull off their latest con. This novel threat, announced in January 2021 after several months of work, targeted security researchers with tactics we’ll discuss below.”

Title: CyberSecurity and the Growing Use of Medical IoT Devices
Date Published: May 3, 2021


Excerpt: “Another study is the evidence that IoT can either create or destroy the future of the healthcare sector as it is affected by a group of 19 critical vulnerabilities defined by Ripple20, detected in a maximum of 52,000 medical device models along with remote code implementation possibilities.
Major Hackable Devices in the IoT World are: Smart Pens. Infusion and Insulin Pumps. Wireless Vital Monitors. Thermometers and Temperature Sensors. Implantable Cardiac Devices. Security Cameras.”

Title: Why is Virtual Patching Important?
Date Published: May 4, 2021


Excerpt: “Virtual patching is valuable and critical in such scenarios. It shields the vulnerabilities externally and protects the application/ website from attacks, giving organizations and developers time to fix the vulnerability. Organizations do not have to face downtimes and can have their mission-critical components online while they develop a fix or a permanent patch. It is scalable as it does not have to be installed on all hosts and can be implemented from a few locations.”

Title: The New Normal Is Actually Very Normal: Punctuated Equilibrium, Security Cycle Theory, and the “New Normal”
Date Published: May 3, 2021


Excerpt: “The concept of threat adaptation is directly linked to the defense cycle theory which, in the context of security, is called the security cycle theory.  A threat actor launches an attack.  In response, companies improve their security to address the new threats.  As defenses improve, threat actors change their tactics and techniques to adapt to the changing controls.  As the threat actor improves their capabilities the defensive actors necessarily must change their own protections.”

Title: Hack-to-Patch by Law Enforcement Is a Dangerous Practice
Date Published: April 30, 2021


Excerpt: “Perhaps the most compelling reason law enforcement should not be performing hack-to-patch activities is the high potential for unintended collateral damage. Whenever live testing is performed on production systems, practitioners know that most of the work involves providing absolute assurance that no outages, degradations, performance issues, or leaks can occur. Such assurance can never be 100 percent effective, but testers are obliged to establish this as their goal. But this collaboration between the benevolent hacker and the system owners is of course missing in a secret hack like the FBI’s web shell effort.”

Title: Smiledirectclub Reveals Cybersecurity Incident That Could Cost Millions
Date Published: May 3, 2021


Excerpt: “While no data breach has been detected in the SmileDirectClub attack, the company is actively working with forensic IT firms to “understand and quantify” the incident’s impact on the company. The company does carry insurance for expenses and potential liabilities associated with the incident, for which the company expects to pursue coverage.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...