OSN May 5, 2021

Fortify Security Team
May 5, 2021

Title: CISA Used New Subpoena Power to Contact Us Companies Vulnerable To Hacking
Date Published: May 5, 2021


Excerpt: “Congress granted CISA the subpoena power in a bill that became law in January, allowing the agency to obtain a list of an internet service provider’s vulnerable customers and notify them directly rather than relying on third party communication. CISA issued two such subpoenas last week, acting agency director Brandon Wales said. A CISA spokesperson declined to say which U.S. company or companies had been subpoenaed, or whether the vulnerabilities pertained to an ongoing hacking campaign.”

Title: How Attackers Use Compromised Accounts to Create and Distribute Malicious OAuth Apps
Date Published: May 5, 2021


Excerpt: “An attacker would first create their malicious code and host it on a web server, accessible via a URL (malicious app URL). After compromising the target cloud account, the attacker then creates an application in the “app registrations” section in Azure portal, marking the application as “multi-tenant application” with the “web” settings, adding the malicious URL of their code to the application. As the malicious code requires access permissions to resources, the attacker adds the relevant permissions on the applications page, under the “API Permissions” tab.”

Title: Misconfigs and Unpatched Bugs Top Cloud Native Security Incidents
Date Published: May 5, 2021


Excerpt: “The open source security firm’s first ever State of Cloud Native Application Security Report revealed that adoption of cloud native techniques is soaring, with over 78% of production workloads now deployed as containers or serverless applications. However, this comes with its own risks: 60% of developers have had increased security concerns since going cloud native, the report claimed.”

Title: 5 IT Security Strategies That You Should Think About as Employees Return to the Office
Date Published: May 5, 2021


Excerpt: “Security awareness is the most important thing to teach your employees when moving towards a secure organizational culture. Security awareness training can help everyone get on the same page and understand the depth of the threats to reduce risks and incidents. Awareness is also critical because it can help employees prepare for unforeseen situations and equip them with security knowledge to know what measures to take in case of a problem.”

Title: Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys
Date Published: May 3, 2021


Excerpt: “Misconfigured AWS instances accessible from the internet have been the cause of many data breaches recently. In October 2019, cybersecurity firm Imperva disclosed that information from an unspecified subset of users of its Cloud Firewall product was accessible online after a botched cloud migration of its customer database that began in 2017.”

Title: Flaws in the Bind Software Expose DNS Servers To Attacks
Date Published: May 1, 2021


Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory about this vulnerability warning that a remote attacker could exploit this flaw to take control of an affected system. Versions affected are BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch. The CVE-2021-25216 flaw was reported to ISC by an anonymous researcher through Trend Micro’s Zero Day Initiative.”

Title: U.S. Agency for Global Media Data Breach Caused by a Phishing Attack
Date Published: May 4, 2021


Excerpt: “USAGM is a US government agency whose mission is to “inform, engage, and connect people around the world in support of freedom and democracy.” USAGM operates broadcast networks, such as Voice of America, Radio Free Europe, Office of Cuba Broadcasting, Radio Free Asia, and Middle East Broadcasting Networks, to deliver news and information to people worldwide.”

Title: Most Of Exim Email Servers Could Be Hacked by Exploiting 21nails Flaws
Date Published: May 4, 2021


Excerpt: “This is not the first time that experts disclose vulnerabilities in EXIM software, in May 2020 the U.S. The National Security Agency (NSA) warned that Russia-linked APT group tracked Sandworm Team were exploiting a critical vulnerability (CVE-2019-10149) in the Exim mail transfer agent (MTA) software since at least August 2019. In September 2019, Exim maintainers released an urgent security update, Exim version 4.92.3, to address a critical security vulnerability that could allow a remote attacker to crash or potentially execute malicious code on targeted email servers.”

Title: Feds Shut Down Fake COVID-19 Vaccine Phishing Website
Date Published: May 5, 2021


Excerpt: “It’s a scary thought but what HSI wants the public to understand is, all a bad guy needs to defraud thousands of Americans in search of COVD-19 information is the ability to create a website combined with malicious intent,” said James Mancuso, special agent in charge for the HSI Baltimore Field Office. “We must make an example of these perpetrators in order to deter others from committing these crimes against an unsuspecting and vulnerable internet user.”

Title: Apple Issues Patches for Webkit Security Flaws
Date Published: May 4, 2021


Excerpt: “Some of the new patches resolve WebKit flaws that can be exploited through “maliciously crafted web content” that could lead to arbitrary code execution, Apple officials write in an alert, noting attackers may already be using these in the wild. “Apple is aware of a report that this issue may have been actively exploited,” the company says in its advisory for WebKit vulnerabilities CVE-2021-30665 and CVE-2021-30663”.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...