OSN May 5, 2021

Fortify Security Team
May 5, 2021

Title: CISA Used New Subpoena Power to Contact Us Companies Vulnerable To Hacking
Date Published: May 5, 2021

https://www.cyberscoop.com/dhs-cyber-alert-subpoena-us/

Excerpt: “Congress granted CISA the subpoena power in a bill that became law in January, allowing the agency to obtain a list of an internet service provider’s vulnerable customers and notify them directly rather than relying on third party communication. CISA issued two such subpoenas last week, acting agency director Brandon Wales said. A CISA spokesperson declined to say which U.S. company or companies had been subpoenaed, or whether the vulnerabilities pertained to an ongoing hacking campaign.”

Title: How Attackers Use Compromised Accounts to Create and Distribute Malicious OAuth Apps
Date Published: May 5, 2021

https://www.proofpoint.com/us/blog/email-and-cloud-threats/how-attackers-use-compromised-accounts-create-and-distribute-malicious

Excerpt: “An attacker would first create their malicious code and host it on a web server, accessible via a URL (malicious app URL). After compromising the target cloud account, the attacker then creates an application in the “app registrations” section in Azure portal, marking the application as “multi-tenant application” with the “web” settings, adding the malicious URL of their code to the application. As the malicious code requires access permissions to resources, the attacker adds the relevant permissions on the applications page, under the “API Permissions” tab.”

Title: Misconfigs and Unpatched Bugs Top Cloud Native Security Incidents
Date Published: May 5, 2021

https://www.infosecurity-magazine.com/news/misconfigs-unpatched-bugs-cloud/

Excerpt: “The open source security firm’s first ever State of Cloud Native Application Security Report revealed that adoption of cloud native techniques is soaring, with over 78% of production workloads now deployed as containers or serverless applications. However, this comes with its own risks: 60% of developers have had increased security concerns since going cloud native, the report claimed.”

Title: 5 IT Security Strategies That You Should Think About as Employees Return to the Office
Date Published: May 5, 2021

https://cybersecurity.att.com/blogs/security-essentials/5-it-security-strategies-that-you-should-think-about-as-employees-return-to-the-office

Excerpt: “Security awareness is the most important thing to teach your employees when moving towards a secure organizational culture. Security awareness training can help everyone get on the same page and understand the depth of the threats to reduce risks and incidents. Awareness is also critical because it can help employees prepare for unforeseen situations and equip them with security knowledge to know what measures to take in case of a problem.”

Title: Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys
Date Published: May 3, 2021

https://thehackernews.com/2021/05/over-40-apps-with-more-than-100-million.html

Excerpt: “Misconfigured AWS instances accessible from the internet have been the cause of many data breaches recently. In October 2019, cybersecurity firm Imperva disclosed that information from an unspecified subset of users of its Cloud Firewall product was accessible online after a botched cloud migration of its customer database that began in 2017.”

Title: Flaws in the Bind Software Expose DNS Servers To Attacks
Date Published: May 1, 2021

https://securityaffairs.co/wordpress/117414/security/bind-dns-servers-flaws.html

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory about this vulnerability warning that a remote attacker could exploit this flaw to take control of an affected system. Versions affected are BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch. The CVE-2021-25216 flaw was reported to ISC by an anonymous researcher through Trend Micro’s Zero Day Initiative.”

Title: U.S. Agency for Global Media Data Breach Caused by a Phishing Attack
Date Published: May 4, 2021

https://www.bleepingcomputer.com/news/security/us-agency-for-global-media-data-breach-caused-by-a-phishing-attack/

Excerpt: “USAGM is a US government agency whose mission is to “inform, engage, and connect people around the world in support of freedom and democracy.” USAGM operates broadcast networks, such as Voice of America, Radio Free Europe, Office of Cuba Broadcasting, Radio Free Asia, and Middle East Broadcasting Networks, to deliver news and information to people worldwide.”

Title: Most Of Exim Email Servers Could Be Hacked by Exploiting 21nails Flaws
Date Published: May 4, 2021

https://securityaffairs.co/wordpress/117522/security/exim-email-servers-21nails-flaws.html

Excerpt: “This is not the first time that experts disclose vulnerabilities in EXIM software, in May 2020 the U.S. The National Security Agency (NSA) warned that Russia-linked APT group tracked Sandworm Team were exploiting a critical vulnerability (CVE-2019-10149) in the Exim mail transfer agent (MTA) software since at least August 2019. In September 2019, Exim maintainers released an urgent security update, Exim version 4.92.3, to address a critical security vulnerability that could allow a remote attacker to crash or potentially execute malicious code on targeted email servers.”

Title: Feds Shut Down Fake COVID-19 Vaccine Phishing Website
Date Published: May 5, 2021

https://threatpost.com/feds-fake-covid-19-vaccine-phishing-website/165872/

Excerpt: “It’s a scary thought but what HSI wants the public to understand is, all a bad guy needs to defraud thousands of Americans in search of COVD-19 information is the ability to create a website combined with malicious intent,” said James Mancuso, special agent in charge for the HSI Baltimore Field Office. “We must make an example of these perpetrators in order to deter others from committing these crimes against an unsuspecting and vulnerable internet user.”

Title: Apple Issues Patches for Webkit Security Flaws
Date Published: May 4, 2021

https://www.darkreading.com/vulnerabilities—threats/apple-issues-patches-for-webkit-security-flaws/d/d-id/1340920

Excerpt: “Some of the new patches resolve WebKit flaws that can be exploited through “maliciously crafted web content” that could lead to arbitrary code execution, Apple officials write in an alert, noting attackers may already be using these in the wild. “Apple is aware of a report that this issue may have been actively exploited,” the company says in its advisory for WebKit vulnerabilities CVE-2021-30665 and CVE-2021-30663”.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...