OSN May 7, 2021

Fortify Security Team
May 7, 2021

Title: VMware Addresses Critical RCE in vRealize Business for Cloud
Date Published: May 7, 2021


Excerpt: ““VMware vRealize Business for Cloud contains a remote code execution vulnerability due to an unauthorized end point.” reads the advisory published by the virtualization giant. “A malicious actor with network access may exploit this issue causing unauthorized remote code execution on vRealize Business for Cloud Virtual Appliance.” The vulnerability has been rated as critical and received a CVSSv3 base score of 9.8, it could be easily exploited by attackers without any privileges”.”

Title: New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers
Date Published: May 7, 2021


Excerpt: “TsuNAME occurs when domain names are misconfigured with cyclic dependent DNS records, and when vulnerable resolvers access these misconfigurations, they begin looping and send DNS queries rapidly to authoritative servers and other resolvers. To mitigate the impact of TsuNAME in the wild, an open-source tool called CycleHunter that allows for authoritative DNS server operators to detect cyclic dependencies.”

Title: Popular Routers Found Vulnerable to Hacker Attacks
Date Published: May 7, 2021


Excerpt: “A router that has an easy-to-guess and/or default password could grant malicious actors a way into your home network and the devices connected to it. You should always replace your router’s default username and password with a strong and unique password or passphrase. Meanwhile, routers that have out-of-date firmware often contain easily exploitable vulnerabilities. If your router doesn’t receive firmware updates to plug such security flaws, you are best off arranging an upgrade of your device with your ISP or buy an aftermarket device.”

Title: Connecting the Bots – Hancitor Fuels Cuba Ransomware Operations
Date Published: May 7, 2021


Excerpt: “From execution perspective, just like many other ransomware operators, they used jump psexec and jump psexec_psh, and relied heavily on SMB Beacons, commonly using generic pipe names. In some cases, they also used less common techniques, such as WMI and WinRM to execute the Beacon stagers on remote hosts. As Cobalt Strike has credential dumping capabilities, the threat actors leverage mimikatz’s sekurlsa::logonpasswords. At the same time, in some cases they use a separate binary to run mimikatz on some hosts. This tool is also used for enabling lateral movement capability with obtained hashes and mimikatz’s sekurlsa::pth.”

Title: Possible Attacks on the TCP/IP Protocol Stack and Countermeasures
Date Published: May 7, 2021


Excerpt: “Network communication on the Internet follows a layered approach, where each layer adds to the activity of the previous layer according to the TCP/IP implementation paradigm. The TCP/IP protocol stack has only 4 layers compared to the standard ISO/OSI protocol (Application, Presentation, Session, Transport, Network, Data link, Physical), namely the Application, TCP, IP and Network Access layers.”

Title: Connected Places: New NCSC Security Principles for ‘Smart Cities’
Date Published: May 3, 2021


Excerpt: “It wasn’t a teenager accidentally taking control of nuclear command and control, or a magic box that can decrypt anything stolen and used by shady Bond villains intent on taking over the world. It was an attack against a city’s centralized traffic management system in the 1969 film ‘The Italian Job’. As part of an elaborate heist, a dodgy computer professor (played by Benny Hill) switches magnetic storage tapes for the Turin traffic control to create a gridlock.”

Title: Peloton’s Leaky API Spilled Riders’ Private Data
Date Published: May 5, 2021


Excerpt: “Pen Test Partners security researcher Jan Masters had discovered that a bug allowed anyone to scrape users’ private account data right off Peloton’s servers, regardless of their profiles being set to private. As Masters said in a post about the glitch, the leaky API was allowing any user, along with any random internet passersby, to make an unauthenticated request for account data to the API without the API making sure that they had any right to the data. The API enables the bikes to upload data to Peloton’s servers.”

Title: What is Ghimob Malware?
Date Published: May 7, 2021


Excerpt: “Once embedded in a phone, Ghimob uses the data it collects to keep an eye out for 153 mobile apps belonging to banks, fintechs and cryptocurrency exchanges based in Brazil, Germany, Portugal, Peru, Paraguay, Angola and Mozambique. When it finds one of those apps running on an infected device, it begins to spy on the app.”

Title: New Spectre Flaws in Intel and AMD CPUs Affect Billions of Computers
Date Published: May 6, 2021


Excerpt: “A Spectre attack tricks the processor into executing instructions along the wrong path,” the researchers said. “Even though the processor recovers and correctly completes its task, hackers can access confidential data while the processor is heading the wrong way. The new attack method exploits what’s called a micro-operations (aka micro-ops or μops) cache, an on-chip component that decomposes machine instructions into simpler commands and speeds up computing, as a side-channel to divulge secret information. Micro-op caches have been built into Intel-based machines manufactured since 2011.”

Title: New Techniques Emerge for Abusing Windows Services to Gain System Control
Date Published: May 6, 2021


Excerpt: “For organizations, the biggest problem dealing with these attacks is that they abuse services that hold impersonation privileges and exist by design in Windows operating systems. The services are enabled, available by default, and play an essential part in the implementation of Web servers, database servers, mail servers, and other services. Juicy Potato is an exploit that allows an attacker with low-level service privileges on a Windows system to gain system level access on it. The exploit takes advantage of an impersonation privilege setting in Windows called “SeImpersonatePrivilege.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...