OSN May 5, 2021

Fortify Security Team
May 5, 2021

Title: CISA Used New Subpoena Power to Contact Us Companies Vulnerable To Hacking
Date Published: May 5, 2021


Excerpt: “Congress granted CISA the subpoena power in a bill that became law in January, allowing the agency to obtain a list of an internet service provider’s vulnerable customers and notify them directly rather than relying on third party communication. CISA issued two such subpoenas last week, acting agency director Brandon Wales said. A CISA spokesperson declined to say which U.S. company or companies had been subpoenaed, or whether the vulnerabilities pertained to an ongoing hacking campaign.”

Title: How Attackers Use Compromised Accounts to Create and Distribute Malicious OAuth Apps
Date Published: May 5, 2021


Excerpt: “An attacker would first create their malicious code and host it on a web server, accessible via a URL (malicious app URL). After compromising the target cloud account, the attacker then creates an application in the “app registrations” section in Azure portal, marking the application as “multi-tenant application” with the “web” settings, adding the malicious URL of their code to the application. As the malicious code requires access permissions to resources, the attacker adds the relevant permissions on the applications page, under the “API Permissions” tab.”

Title: Misconfigs and Unpatched Bugs Top Cloud Native Security Incidents
Date Published: May 5, 2021


Excerpt: “The open source security firm’s first ever State of Cloud Native Application Security Report revealed that adoption of cloud native techniques is soaring, with over 78% of production workloads now deployed as containers or serverless applications. However, this comes with its own risks: 60% of developers have had increased security concerns since going cloud native, the report claimed.”

Title: 5 IT Security Strategies That You Should Think About as Employees Return to the Office
Date Published: May 5, 2021


Excerpt: “Security awareness is the most important thing to teach your employees when moving towards a secure organizational culture. Security awareness training can help everyone get on the same page and understand the depth of the threats to reduce risks and incidents. Awareness is also critical because it can help employees prepare for unforeseen situations and equip them with security knowledge to know what measures to take in case of a problem.”

Title: Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys
Date Published: May 3, 2021


Excerpt: “Misconfigured AWS instances accessible from the internet have been the cause of many data breaches recently. In October 2019, cybersecurity firm Imperva disclosed that information from an unspecified subset of users of its Cloud Firewall product was accessible online after a botched cloud migration of its customer database that began in 2017.”

Title: Flaws in the Bind Software Expose DNS Servers To Attacks
Date Published: May 1, 2021


Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory about this vulnerability warning that a remote attacker could exploit this flaw to take control of an affected system. Versions affected are BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch. The CVE-2021-25216 flaw was reported to ISC by an anonymous researcher through Trend Micro’s Zero Day Initiative.”

Title: U.S. Agency for Global Media Data Breach Caused by a Phishing Attack
Date Published: May 4, 2021


Excerpt: “USAGM is a US government agency whose mission is to “inform, engage, and connect people around the world in support of freedom and democracy.” USAGM operates broadcast networks, such as Voice of America, Radio Free Europe, Office of Cuba Broadcasting, Radio Free Asia, and Middle East Broadcasting Networks, to deliver news and information to people worldwide.”

Title: Most Of Exim Email Servers Could Be Hacked by Exploiting 21nails Flaws
Date Published: May 4, 2021


Excerpt: “This is not the first time that experts disclose vulnerabilities in EXIM software, in May 2020 the U.S. The National Security Agency (NSA) warned that Russia-linked APT group tracked Sandworm Team were exploiting a critical vulnerability (CVE-2019-10149) in the Exim mail transfer agent (MTA) software since at least August 2019. In September 2019, Exim maintainers released an urgent security update, Exim version 4.92.3, to address a critical security vulnerability that could allow a remote attacker to crash or potentially execute malicious code on targeted email servers.”

Title: Feds Shut Down Fake COVID-19 Vaccine Phishing Website
Date Published: May 5, 2021


Excerpt: “It’s a scary thought but what HSI wants the public to understand is, all a bad guy needs to defraud thousands of Americans in search of COVD-19 information is the ability to create a website combined with malicious intent,” said James Mancuso, special agent in charge for the HSI Baltimore Field Office. “We must make an example of these perpetrators in order to deter others from committing these crimes against an unsuspecting and vulnerable internet user.”

Title: Apple Issues Patches for Webkit Security Flaws
Date Published: May 4, 2021


Excerpt: “Some of the new patches resolve WebKit flaws that can be exploited through “maliciously crafted web content” that could lead to arbitrary code execution, Apple officials write in an alert, noting attackers may already be using these in the wild. “Apple is aware of a report that this issue may have been actively exploited,” the company says in its advisory for WebKit vulnerabilities CVE-2021-30665 and CVE-2021-30663”.”

Recent Posts

January 20, 2022

Title: New MoonBounce UEFI Malware Used by APT41 in Targeted Attacks Date Published: January 20, 2022 https://www.bleepingcomputer.com/news/security/new-moonbounce-uefi-malware-used-by-apt41-in-targeted-attacks/ Excerpt: "Security analysts have discovered and linked...

January 19, 2022

Title: Office 365 Phishing Attack Impersonates the US Department of Labor Date Published: January 19, 2022 https://www.bleepingcomputer.com/news/security/office-365-phishing-attack-impersonates-the-us-department-of-labor/ Excerpt: "A new phishing campaign...

January 18, 2022

Title: Europol Shuts Down VPN Service Used by Ransomware Groups Date Published: January 18, 2022 https://www.bleepingcomputer.com/news/security/europol-shuts-down-vpn-service-used-by-ransomware-groups/ Excerpt: "Law enforcement authorities from 10 countries took down...

January 14, 2022

Title: Android users can now disable 2G to block Stingray attacks Date Published: January 13, 2022 https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/ Excerpt: "Google has finally rolled out an option on Android...

November 23, 2021

Title: Over 4000 UK Retailers Compromised by Magecart Attacks Date Published: November 23, 2021 https://www.infosecurity-magazine.com/news/4000-uk-retailers-compromised/ Excerpt: “UK government security experts have been forced to notify over 4000 domestic online...

November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...