OSN May 5, 2021

Fortify Security Team
May 5, 2021

Title: CISA Used New Subpoena Power to Contact Us Companies Vulnerable To Hacking
Date Published: May 5, 2021


Excerpt: “Congress granted CISA the subpoena power in a bill that became law in January, allowing the agency to obtain a list of an internet service provider’s vulnerable customers and notify them directly rather than relying on third party communication. CISA issued two such subpoenas last week, acting agency director Brandon Wales said. A CISA spokesperson declined to say which U.S. company or companies had been subpoenaed, or whether the vulnerabilities pertained to an ongoing hacking campaign.”

Title: How Attackers Use Compromised Accounts to Create and Distribute Malicious OAuth Apps
Date Published: May 5, 2021


Excerpt: “An attacker would first create their malicious code and host it on a web server, accessible via a URL (malicious app URL). After compromising the target cloud account, the attacker then creates an application in the “app registrations” section in Azure portal, marking the application as “multi-tenant application” with the “web” settings, adding the malicious URL of their code to the application. As the malicious code requires access permissions to resources, the attacker adds the relevant permissions on the applications page, under the “API Permissions” tab.”

Title: Misconfigs and Unpatched Bugs Top Cloud Native Security Incidents
Date Published: May 5, 2021


Excerpt: “The open source security firm’s first ever State of Cloud Native Application Security Report revealed that adoption of cloud native techniques is soaring, with over 78% of production workloads now deployed as containers or serverless applications. However, this comes with its own risks: 60% of developers have had increased security concerns since going cloud native, the report claimed.”

Title: 5 IT Security Strategies That You Should Think About as Employees Return to the Office
Date Published: May 5, 2021


Excerpt: “Security awareness is the most important thing to teach your employees when moving towards a secure organizational culture. Security awareness training can help everyone get on the same page and understand the depth of the threats to reduce risks and incidents. Awareness is also critical because it can help employees prepare for unforeseen situations and equip them with security knowledge to know what measures to take in case of a problem.”

Title: Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys
Date Published: May 3, 2021


Excerpt: “Misconfigured AWS instances accessible from the internet have been the cause of many data breaches recently. In October 2019, cybersecurity firm Imperva disclosed that information from an unspecified subset of users of its Cloud Firewall product was accessible online after a botched cloud migration of its customer database that began in 2017.”

Title: Flaws in the Bind Software Expose DNS Servers To Attacks
Date Published: May 1, 2021


Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory about this vulnerability warning that a remote attacker could exploit this flaw to take control of an affected system. Versions affected are BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch. The CVE-2021-25216 flaw was reported to ISC by an anonymous researcher through Trend Micro’s Zero Day Initiative.”

Title: U.S. Agency for Global Media Data Breach Caused by a Phishing Attack
Date Published: May 4, 2021


Excerpt: “USAGM is a US government agency whose mission is to “inform, engage, and connect people around the world in support of freedom and democracy.” USAGM operates broadcast networks, such as Voice of America, Radio Free Europe, Office of Cuba Broadcasting, Radio Free Asia, and Middle East Broadcasting Networks, to deliver news and information to people worldwide.”

Title: Most Of Exim Email Servers Could Be Hacked by Exploiting 21nails Flaws
Date Published: May 4, 2021


Excerpt: “This is not the first time that experts disclose vulnerabilities in EXIM software, in May 2020 the U.S. The National Security Agency (NSA) warned that Russia-linked APT group tracked Sandworm Team were exploiting a critical vulnerability (CVE-2019-10149) in the Exim mail transfer agent (MTA) software since at least August 2019. In September 2019, Exim maintainers released an urgent security update, Exim version 4.92.3, to address a critical security vulnerability that could allow a remote attacker to crash or potentially execute malicious code on targeted email servers.”

Title: Feds Shut Down Fake COVID-19 Vaccine Phishing Website
Date Published: May 5, 2021


Excerpt: “It’s a scary thought but what HSI wants the public to understand is, all a bad guy needs to defraud thousands of Americans in search of COVD-19 information is the ability to create a website combined with malicious intent,” said James Mancuso, special agent in charge for the HSI Baltimore Field Office. “We must make an example of these perpetrators in order to deter others from committing these crimes against an unsuspecting and vulnerable internet user.”

Title: Apple Issues Patches for Webkit Security Flaws
Date Published: May 4, 2021


Excerpt: “Some of the new patches resolve WebKit flaws that can be exploited through “maliciously crafted web content” that could lead to arbitrary code execution, Apple officials write in an alert, noting attackers may already be using these in the wild. “Apple is aware of a report that this issue may have been actively exploited,” the company says in its advisory for WebKit vulnerabilities CVE-2021-30665 and CVE-2021-30663”.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...