OSN June 24, 2021

Fortify Security Team
Jun 24, 2021
Title: Zyxel Warns Customers of Attacks on Its Enterprise Firewall and Vpn Devices

Date Published: June 24, 2021

https://securityaffairs.co/wordpress/119351/hacking/zyxel-firewall-vpn-attacks.html

Excerpt: “The vendor reported that attackers are attempting to access network devices through WAN. Upon accessing the devices, attackers then bypass authentication and establish SSL VPN tunnels with unknown user accounts (i.e. ”zyxel_slIvpn”, “zyxel_ts”, or “zyxel_vpn_test”) to manipulate the device’s configuration. The company did not reveal if the hackers are exploiting a known vulnerability or a zero-day flaw. At the time of this writing, it is not clear if the hackers breached one of the customers of the vendor.”

Title: John McAfee, Creator of McAfee Antivirus Software, Dead at 75
Date Published: June 24, 2021

https://beta.darkreading.com/endpoint/john-mcafee-creator-of-mcafee-anti-virus-software-dead-at-75

Excerpt: “McAfee, 75, had been jailed in Barcelona on charges of failing to report some $4 million in income from cryptocurrency consulting, speaking engagements, and for the sale of rights to a documentary of his life story during fiscal years 2016 to 2018. He was facing a maximum 30-year prison sentence, and a Spanish judge on Monday had ruled he could be extradited to the US to face the charges. McAfee, who was born in England and grew up in Roanoke, Virginia, was found dead in his jail cell on Wednesday, reportedly due to suicide.”

Title: Phishing Attack’s Unusual File Attachment Is a Double-Edged Sword
Date Published: June 24, 2021

https://www.bleepingcomputer.com/news/security/phishing-attacks-unusual-file-attachment-is-a-double-edged-sword/

Excerpt: “Encapsulating malware in an unusual archive file format is one of the common ways to bypass gateways and scanners. However, this strategy also poses a hurdle – the target system must recognize the file type or at least have a tool which can unpack and process the file. In contrast to the more popular .IMG and .ISO disk image files, WIM files are not supported by Windows built-in ability to mount disk image files. Moreover, the other popular archive utilities WinRAR and WinZip do not recognize the WIM disk image. WIM files can be processed with the widely used 7Zip.”

Title: Ransom Leak Sites Reveal 422% Annual Increase in Victims
Date Published: June 24, 2021

https://www.infosecurity-magazine.com/news/ransom-leak-sites-increase-victims/

Excerpt: “Mandiant claimed to have detected a 422% increase in victim organizations announced by ransomware groups on their leak sites between Q1 2020 and the first quarter of 2021. That amounted to over 600 European organizations, with those in manufacturing, legal and professional services and retail most affected. The new figures come as research from Talion revealed that 78% of UK consumers and 79% of security professionals believe payments to these groups should be banned by law.”

Title: Biosconnect Code Execution Bugs Impact Millions of Dell Devices
Date Published: June 24, 2021

https://www.zdnet.com/article/biosconnect-code-execution-bugs-impact-millions-of-dell-devices/

Excerpt: “Altogether, the security flaws could be exploited to impersonate Dell[.]com and attack the BIOS/UEFI level in a total of 128 Dell laptops, tablets, and desktop models, including those with Secure Boot enabled and Secured-core PCs, owned by millions of consumers and business users. According to Eclypsium, “such an attack would enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls”.”

Title: MITRE Introduces D3fend Framework
Date Published: June 23, 2021

https://blog.malwarebytes.com/security-world/2021/06/mitre-introduces-d3fend-framework/

Excerpt: “So, now MITRE has started to build a similar framework for network defense, with NSA funding. The goal is to help security architects quickly understand the specific capabilities of a wide variety of defensive technologies. This framework will be shared publicly so everyone can use it, and benefit from it in the same way they use the ATT&CK framework. The main entry to the knowledge base can be found at d3fend.mitre.org.”

Title: Ermetic Reports Nearly 100% of Companies Experienced a Cloud Data Breach in Past 18 Months
Date Published: June 23, 2021

https://finance.yahoo.com/finance/news/ermetic-reports-nearly-100-companies-131100180.html

Excerpt: “According to the 200 CISOs and other security decision makers who participated in the survey, nearly 60% consider lack of visibility as well as inadequate identity and access management a major threat to their cloud infrastructure. They cited access risk and infrastructure security among their top cloud security priorities for the next 18 months. Meanwhile, 85% of organizations said they plan to increase their security spending this year, with a significant portion being allocated to cloud infrastructure security.”

Title: Conti Ransomware in Taiwan
Date Published: June 23, 2021

https://cycrafttechnology.medium.com/conti-ransomware-in-taiwan-45b44f1ab0d8

Excerpt: “Conti ransomware was busy in 2020. In May 2021, the FBI identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks as well as the Irish health service. Unfortunately, an increase in Conti ransomware attacks was also observed here in Taiwan. Fortunately, we were able to acquire samples of Conti ransomware and perform analyses.”

Title: Dangers Posed by Evidentiary Software—and What to Do About It
Date Published: June 23, 2021

https://www.lawfareblog.com/dangers-posed-evidentiary-softwareand-what-do-about-it

Excerpt: “The actions in both nations are worth examining. The miscarriage of justice in the UK situation is striking in and of itself. The POL may be the nation’s largest retailer, and yet it prosecuted its employees while its own software was at fault. The U.S. situation is of interest, too; U.S. courts are becoming aware of the issue of software fallibility in part because of some work my colleagues and I have done. Together, the examples in the UK and U.S. context underscore the dangers posed by relying on software—DNA testing, computer forensic analysis and more—as a witness; and the ways in which courts can accommodate for the problem.”

Title: Australian Law Enforcement Found to Have Issues With Data Destruction
Date Published: June 23, 2021

https://www.zdnet.com/article/australian-law-enforcement-found-to-have-issues-with-data-destruction/

Excerpt: “The report also found issues with records kept to detail actions taken under warrant or tracking device authorizations to show agencies are acting lawfully. “The computer access warrant action sheets we inspected did not provide sufficient information for us to understand what actions were taken under the warrant, or to confirm that the correct devices were accessed,” the report said. “As a result, we could not verify that the computers the ACIC targeted were those it was authorized to access under the warrant”.”

Recent Posts

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...

OSN August 26, 2021

Title: Microsoft Breaks Silence on Barrage of ProxyShell Attacks Date Published: August 26, 2021 https://threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Excerpt: “The company released an advisory late Wednesday letting customers know that threat actors may...

OSN August 26, 2021

Title: Microsoft Breaks Silence on Barrage of ProxyShell Attacks Date Published: August 26, 2021 https://threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Excerpt: “The company released an advisory late Wednesday letting customers know that threat actors may...

OSN August 25, 2021

Title: Fake Opensea Support Staff Are Stealing Cryptowallets and NFTS Date Published: August 24, 2021 https://www.bleepingcomputer.com/news/security/fake-opensea-support-staff-are-stealing-cryptowallets-and-nfts/ Excerpt: “When an OpenSea user needs support, they can...

OSN August 24, 2021

Title: A Phishing Attack Exposes Medical Information for 12,000 Patients at Revere Health Date Published: August 23, 2021 https://www.thespectrum.com/story/news/2021/08/23/phishing-attack-exposes-information-12-000-patients-st-george/8214230002/ Excerpt: “A healthcare...