OSN June 24, 2021

Fortify Security Team
Jun 24, 2021
Title: Zyxel Warns Customers of Attacks on Its Enterprise Firewall and Vpn Devices

Date Published: June 24, 2021


Excerpt: “The vendor reported that attackers are attempting to access network devices through WAN. Upon accessing the devices, attackers then bypass authentication and establish SSL VPN tunnels with unknown user accounts (i.e. ”zyxel_slIvpn”, “zyxel_ts”, or “zyxel_vpn_test”) to manipulate the device’s configuration. The company did not reveal if the hackers are exploiting a known vulnerability or a zero-day flaw. At the time of this writing, it is not clear if the hackers breached one of the customers of the vendor.”

Title: John McAfee, Creator of McAfee Antivirus Software, Dead at 75
Date Published: June 24, 2021


Excerpt: “McAfee, 75, had been jailed in Barcelona on charges of failing to report some $4 million in income from cryptocurrency consulting, speaking engagements, and for the sale of rights to a documentary of his life story during fiscal years 2016 to 2018. He was facing a maximum 30-year prison sentence, and a Spanish judge on Monday had ruled he could be extradited to the US to face the charges. McAfee, who was born in England and grew up in Roanoke, Virginia, was found dead in his jail cell on Wednesday, reportedly due to suicide.”

Title: Phishing Attack’s Unusual File Attachment Is a Double-Edged Sword
Date Published: June 24, 2021


Excerpt: “Encapsulating malware in an unusual archive file format is one of the common ways to bypass gateways and scanners. However, this strategy also poses a hurdle – the target system must recognize the file type or at least have a tool which can unpack and process the file. In contrast to the more popular .IMG and .ISO disk image files, WIM files are not supported by Windows built-in ability to mount disk image files. Moreover, the other popular archive utilities WinRAR and WinZip do not recognize the WIM disk image. WIM files can be processed with the widely used 7Zip.”

Title: Ransom Leak Sites Reveal 422% Annual Increase in Victims
Date Published: June 24, 2021


Excerpt: “Mandiant claimed to have detected a 422% increase in victim organizations announced by ransomware groups on their leak sites between Q1 2020 and the first quarter of 2021. That amounted to over 600 European organizations, with those in manufacturing, legal and professional services and retail most affected. The new figures come as research from Talion revealed that 78% of UK consumers and 79% of security professionals believe payments to these groups should be banned by law.”

Title: Biosconnect Code Execution Bugs Impact Millions of Dell Devices
Date Published: June 24, 2021


Excerpt: “Altogether, the security flaws could be exploited to impersonate Dell[.]com and attack the BIOS/UEFI level in a total of 128 Dell laptops, tablets, and desktop models, including those with Secure Boot enabled and Secured-core PCs, owned by millions of consumers and business users. According to Eclypsium, “such an attack would enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls”.”

Title: MITRE Introduces D3fend Framework
Date Published: June 23, 2021


Excerpt: “So, now MITRE has started to build a similar framework for network defense, with NSA funding. The goal is to help security architects quickly understand the specific capabilities of a wide variety of defensive technologies. This framework will be shared publicly so everyone can use it, and benefit from it in the same way they use the ATT&CK framework. The main entry to the knowledge base can be found at d3fend.mitre.org.”

Title: Ermetic Reports Nearly 100% of Companies Experienced a Cloud Data Breach in Past 18 Months
Date Published: June 23, 2021


Excerpt: “According to the 200 CISOs and other security decision makers who participated in the survey, nearly 60% consider lack of visibility as well as inadequate identity and access management a major threat to their cloud infrastructure. They cited access risk and infrastructure security among their top cloud security priorities for the next 18 months. Meanwhile, 85% of organizations said they plan to increase their security spending this year, with a significant portion being allocated to cloud infrastructure security.”

Title: Conti Ransomware in Taiwan
Date Published: June 23, 2021


Excerpt: “Conti ransomware was busy in 2020. In May 2021, the FBI identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks as well as the Irish health service. Unfortunately, an increase in Conti ransomware attacks was also observed here in Taiwan. Fortunately, we were able to acquire samples of Conti ransomware and perform analyses.”

Title: Dangers Posed by Evidentiary Software—and What to Do About It
Date Published: June 23, 2021


Excerpt: “The actions in both nations are worth examining. The miscarriage of justice in the UK situation is striking in and of itself. The POL may be the nation’s largest retailer, and yet it prosecuted its employees while its own software was at fault. The U.S. situation is of interest, too; U.S. courts are becoming aware of the issue of software fallibility in part because of some work my colleagues and I have done. Together, the examples in the UK and U.S. context underscore the dangers posed by relying on software—DNA testing, computer forensic analysis and more—as a witness; and the ways in which courts can accommodate for the problem.”

Title: Australian Law Enforcement Found to Have Issues With Data Destruction
Date Published: June 23, 2021


Excerpt: “The report also found issues with records kept to detail actions taken under warrant or tracking device authorizations to show agencies are acting lawfully. “The computer access warrant action sheets we inspected did not provide sufficient information for us to understand what actions were taken under the warrant, or to confirm that the correct devices were accessed,” the report said. “As a result, we could not verify that the computers the ACIC targeted were those it was authorized to access under the warrant”.”

Recent Posts

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...