OSN June 18, 2021

Fortify Security Team
Jun 18, 2021

TitleNSA Releases Guidance on Securing Unified Communications and Voice and Video over IP Systems
Date Published: June 17, 2021

https://www.bleepingcomputer.com/news/security/nsa-shares-guidance-on-securing-voice-video-communications/

Excerpt: “Improperly secured UC/VVoIP devices are exposed to the same security risks and targeted by threat actors through spyware, viruses, software vulnerabilities, and other malicious means if not adequately secured and configured. “Malicious actors could penetrate the IP networks to eavesdrop on conversations, impersonate users, commit toll fraud and perpetrate denial of service attacks,” as the US intelligence agency explained. “Compromises can lead to high-definition room audio and/or video being covertly collected and delivered to a malicious actor using the IP infrastructure as a transport mechanism”.”

Title: The Stolen Data of Audi and Volkswagen Is Being Sold on a Hacking Forum
Date Published: June 18, 2021

https://heimdalsecurity.com/blog/the-stolen-data-of-audi-and-volkswagen-is-being-sold-on-a-hacking-forum/

Excerpt: “According to Motherboard, a hacker that goes by 000 declared that the information included email addresses and Vehicle Identification Numbers (VIN). The attacker also published two samples of the data, which contained full names, email addresses, mailing addresses, and phone numbers. When contacted, seven of the people included in the samples confirmed that at least one piece of their information published by the cybercriminals was authentic.”

Title: Data Breaches Surge in Food & Beverage, Other Industries
Date Published: June 17, 2021

https://beta.darkreading.com/attacks-breaches/data-breaches-surge-in-food-beverage-other-industries

Excerpt: “The food and beverage industry saw a 1300% increase in data breaches in 2020 when compared to 2019, and as of April 2021 the volume of breaches has increased slightly. For example, a large U.S. restaurant chain experienced unauthorized access to their in-house devices and networks, requiring them to notify tens of thousands of customers. To meet increased demand due to the pandemic, many companies in the food industry operated at full production and were often strained. More importantly, many companies moved to direct-to-consumer e-commerce, which meant collecting and using consumer and credit card data.”

Title: Poltergeist: Acoustic Adversarial Machine Learning against Cameras and Computer Vision
Date Published: June 17, 2021

https://www.theregister.com/2021/06/18/poltergeist_autonomous_vehicles/

Excerpt: “To prove the concept out of the lab, a Samsung S20 smartphone was attached to a moving vehicle and an actual attack carried out. While object creation and alteration proved considerably more difficult than the simulations had suggested, at a 43.7 per cent and 43.1 per cent success rate respectively, hiding objects was easy with a worrying 98.3 per cent success rate, the researcher said. “PG [Poltergeist] attacks are robust,” the team found, “across various scenes, weathers, time periods of a day, and camera resolutions”.”

Title: Cruise Operator Carnival Discloses a Security Breach
Date Published: June 18, 2021

https://securityaffairs.co/wordpress/119102/data-breach/carnival-security-breach.html

Excerpt: “Some 80% of organizations that paid ransom demands experienced a second attack, of which 46% believed the subsequent ransomware to be caused by the same hackers. Amongst those that paid to regain access to their systems, 46% said at least some of their data was corrupted, according to a Cybereason survey released Wednesday. Conducted by Censuswide, the study polled 1,263 security professionals in seven markets worldwide, including 100 in Singapore, as well as respondents in Germany, France, the US, and UK.”

Title: Most Firms Face Second Ransomware Attack After Paying off First
Date Published: June 16, 2021

https://www.zdnet.com/article/most-firms-face-second-ransomware-attack-after-paying-off-first/

Excerpt: “The arrests also represent the second time in weeks that authorities have targeted a cybercrime gang by following the money. In early June, the US Department of Justice announced that it had recovered the majority of the ransom payment made by Colonial Pipeline to its attackers, the cybercriminal group called Darkside. By tracking the ransomware payment through the public Bitcoin ledger, the Department of Justice and the FBI managed to retrieve 63.7 bitcoins.”

Title: Programming Languages: Rust in the Linux Kernel Just Got a Big Boost From Google
Date Published: June 18, 2021

https://www.zdnet.com/article/rust-in-the-linux-kernel-just-got-a-big-boost-from-google/

Excerpt: “The Linux kernel is at the heart of the modern internet, from servers to client devices, said ISRG’s executive director, Josh Aas, pointing out it’s on the front line for processing network data and other forms of input. As such, vulnerabilities in the Linux kernel can have a wide-ranging impact, putting security and privacy for people, organizations, and devices at risk. “Since it’s written largely in the C language, which is not memory-safe, memory safety vulnerabilities such as buffer overflows and use-after-frees are a constant concern. By making it possible to write parts of the Linux kernel in Rust, which is memory-safe, we can entirely eliminate memory safety vulnerabilities from certain components, such as drivers”.”

Title: Analysis Of Hancitor – When Boring Begets Beacon
Date Published: June 17, 2021

https://www.binarydefense.com/analysis-of-hancitor-when-boring-begets-beacon/

Excerpt: “Hancitor is a well-known malware loader that has been observed delivering FickerStealer, Sendsafe, and Cobalt Strike Beacon if the victim targeting conditions are met. In recent months, more threat intelligence has been gathered as to what the attackers’ goals are when Hancitor is used to deliver Cobalt Strike Beacon and, based on the information shared, it has become apparent that the Cuba Ransomware gang has selected Hancitor as its loader of choice. This means that companies of all sizes need to be sure their cyber defense and detection strategies include the capability to detect behaviors associated with Hancitor. Many ransomware gangs up to this point have chosen Cobalt Strike as their preferred tool to move within an environment, but few malware loaders drop Beacon as quickly as Hancitor. This means that time to detection and response is critical for defenders to avoid damage to systems that they protect.”

Title: Cisco Smart Switches Riddled with Severe Security Holes
Date Published: June 17, 2021

https://threatpost.com/cisco-smart-switches-security-holes/167031/

Excerpt: “Cisco has flagged and patched several high-severity security vulnerabilities in its Cisco Small Business 220 Series Smart Switches that could allow session hijacking, arbitrary code execution, cross-site scripting and HTML injection. It also issued fixes for high-severity problems in the AnyConnect secure mobility client, the Cisco DNA Center and the Cisco Email Security Appliance, along with a slew of patches for medium-severity vulnerabilities in AnyConnect, Jabber, Meeting Server, Unified Intelligence Center and Webex.”

Title: Russia Bans VYPrVPN, Opera VPN Services for Not Complying With Blacklist Request
Date Published: June 18, 2021

https://thehackernews.com/2021/06/russia-bans-vyprvpn-opera-vpn-services.html

Excerpt: “The development comes a little over a month after RKN sent a request to enterprises and organizations that use the two VPN services to inform the Center for Monitoring and Management of the Public Telecommunications Network and seek exceptions so as to avoid disruptions to their business operations. The agency said more than 200 technological processes associated with 130 Russian companies are included in the “white lists”.”

Recent Posts

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...

OSN August 26, 2021

Title: Microsoft Breaks Silence on Barrage of ProxyShell Attacks Date Published: August 26, 2021 https://threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Excerpt: “The company released an advisory late Wednesday letting customers know that threat actors may...

OSN August 25, 2021

Title: Fake Opensea Support Staff Are Stealing Cryptowallets and NFTS Date Published: August 24, 2021 https://www.bleepingcomputer.com/news/security/fake-opensea-support-staff-are-stealing-cryptowallets-and-nfts/ Excerpt: “When an OpenSea user needs support, they can...

OSN August 24, 2021

Title: A Phishing Attack Exposes Medical Information for 12,000 Patients at Revere Health Date Published: August 23, 2021 https://www.thespectrum.com/story/news/2021/08/23/phishing-attack-exposes-information-12-000-patients-st-george/8214230002/ Excerpt: “A healthcare...

OSN August 23, 2021

Title: WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws Date Published: August 22, 2021 https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html Excerpt: “Now according to researchers from Huntress Labs, at least five distinct styles...