OSN June 30, 2021

Fortify Security Team
Jun 30, 2021

Title: Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability
Date Published: June 30,, 2021

https://thehackernews.com/2021/06/researchers-leak-poc-exploit-for.html

Excerpt: “Either the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., tricking a legitimate user into opening a malicious document),” Microsoft said in its advisory. Although the vulnerability was addressed by the Windows maker as part of its Patch Tuesday update on June 8, 2021, Microsoft on June 21 revised the flaw’s impact from an elevation of privilege to remote code execution (RCE) as well as upgraded the severity level from Important to Critical.”

Title: Doublevpn Servers, Logs, and Account Info Seized by Law Enforcement
Date Published: June 29, 2021

https://www.bleepingcomputer.com/news/security/doublevpn-servers-logs-and-account-info-seized-by-law-enforcement/

Excerpt: “The doublevpn[.]com [archive[.]org] website was seized today by law enforcement, who stated that they gained access to the servers for DoubleVPN and took personal information, logs, and statistics for the service’s customers. “On 29th of June 2021, law enforcement took down DoubleVPN. Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs and statistics kept by DoubleVPN about all of its customers. DoubleVPN’s owners failed to provide the services they promised,” says the now-seized doublevpn.com website.”

Title: Solarwinds Hackers Remained Hidden in Denmark’s Central Bank for Months
Date Published: June 30, 2021

https://securityaffairs.co/wordpress/119527/cyber-warfare-2/denmarks-central-bank-solarwinds-hackers.html

Excerpt: “Some of the world’s most sophisticated hackers have had an IT backdoor at Danmarks Nationalbank for seven months. Danmarks Nationalbank itself cannot rule out that the suspected Russian state hackers have abused the back door to further compromise Danmarks Nationalbank.” states Version2. “It shows an access to documents that Version2 has received in the case. Access to the file states that Danmarks Nationalbank, which operates Denmark’s central financial infrastructure, was hit by the worldwide Solarwinds hacker attack back in December 2020”.”

Title: Technology’s Complexity and Opacity Threaten Critical Infrastructure Security
Date Published: June 29, 2021

https://www.darkreading.com/endpoint/technologys-complexity-and-opacity-threaten-critical-infrastructure-security/a/d-id/1341368

Excerpt: “The ultimate risk owner — the end-user consumer — is rarely in control of (and often unaware of) the decisions being made in the supply chain that affect their risk posture. After all, the consumer rarely knows what’s in the technology they rely upon, so they have little hope of appropriately managing the risks of using it. The frantic scramble that occurred after the recent SolarWinds cyber incident, as companies and governments rushed to understand the extent of the incident and where the compromised software was installed, is an example of how little knowledge we have of what goes into our technology.”

Title: Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks
Date Published: June 29, 2021

https://threatpost.com/microsoft-edge-browser-uxss-attacks/167389/

Excerpt: “Microsoft patched two bugs in its Chromium-based Edge browser last week, one of which could be used by an attacker to bypass security and to remotely inject and execute arbitrary code on any website just by sending a message. That security-bypassing bug, CVE-2021-34506, is rated CVSS 5.4, or important. Its complexity is low, and an attacker could pull it off without needing any privileges, Microsoft said when it released the fixes on Thursday. An exploit would require user interaction, though.”

Title: 8-Month Suspended Sentence for Script Kiddie Who Ddos’d Labour Candidate in Runup to 2019 UK General Election
Date Published: June 30, 2021

https://www.theregister.com/2021/06/30/bradley_niblock_election_ddos/

Excerpt: “Niblock launched a DDoS assault against the website of a Labour Party candidate days before the 2019 general election, an event which press officers in central party HQ characterised as “sophisticated and large scale cyber-attacks”. Instead of its usual 100 visitors a day, the site was crapflooded with 250,000 connection requests, overwhelming it and forcing election candidate Chris Altree to engage Cloudflare’s DDoS mitigation service, the courts heard.”

Title: IT, Healthcare and Manufacturing Facing Most Phishing Attacks: Report
Date Published: June 30, 2021

https://www.zdnet.com/article/it-healthcare-and-manufacturing-facing-most-phishing-attacks-report/

Excerpt: “The company’s researchers examined more than 905 million emails for the 1H 2021 Global Phish Cyber Attack Report, finding that the IT industry specifically saw 9,000 phishing emails in a one month span out of almost 400,000 total emails. Their healthcare industry customers saw more than 6,000 phishing emails in one month out of an average of over 450,000 emails and manufacturing saw a bit less than 6,000 phishing emails out of about 330,000 total emails. Avanan researchers said these industries are ripe targets because of the massive amount of personal data they collect and because they are often stocked with outdated technology that can be easily attacked.”

Title: Splunk Named Market Share Leader in ITOM and SIEM Reports
Date Published: June 30, 2021

https://www.splunk.com/en_us/blog/leadership/splunk-named-market-share-leader-in-itom-and-siem-reports.html

Excerpt: “Customers like Dominoes are a leader in global pizza sales, thanks in large part to a data-first approach to everything from behind-the-scenes IT and security operations to daily customer interactions like ordering and delivery. To stay No. 1, the pizza powerhouse uses Splunk to inform decisions, drive innovation and satisfy customers’ cravings for speed, quality and convenience. On this journey over the past two years, we’ve completely rebuilt our product portfolio to deliver the cloud-native experience that our customers demand and deserve.”

Title: Looking At Chrome Extensions That Hijack Search — Spread Via Malvertising
Date Published: June 29, 2021

https://blog.confiant.com/looking-at-chrome-extensions-that-hijack-search-spread-via-malvertising-28ddc548463c

Excerpt: “Furthermore, we assume that the multi-day lifespan of each extension is only as “short” as it is, because that’s how long it takes to amass enough user complaints to warrant a takedown, but policing this campaign should be much easier since the malicious fxsmash domain appears in plain text in all of these extensions — though more recently they’ve started concealing the domains by reversing the string:”

Title: Windows 10 Kb5004760 Emergency Update Fixes Pdf Opening Issue
Date Published: June 30, 2021

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5004760-emergency-update-fixes-pdf-opening-issue/

Excerpt: “Microsoft has released an optional out-of-band update for all supported Windows 10 versions to address an issue preventing customers from opening PDF documents using some applications. The KB5004760 emergency update is available for devices running client editions of Windows 10 versions 2004, 20H2, and 21H1, as well as Windows Server versions 2004 and 20H2. “An out-of-band optional update is now available on the Microsoft Update Catalog to address an issue in which Internet Explorer 11 and apps using the WebBrowser control might fail to open PDFs,” the company says.”

Recent Posts

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...

OSN August 26, 2021

Title: Microsoft Breaks Silence on Barrage of ProxyShell Attacks Date Published: August 26, 2021 https://threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Excerpt: “The company released an advisory late Wednesday letting customers know that threat actors may...

OSN August 26, 2021

Title: Microsoft Breaks Silence on Barrage of ProxyShell Attacks Date Published: August 26, 2021 https://threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Excerpt: “The company released an advisory late Wednesday letting customers know that threat actors may...

OSN August 25, 2021

Title: Fake Opensea Support Staff Are Stealing Cryptowallets and NFTS Date Published: August 24, 2021 https://www.bleepingcomputer.com/news/security/fake-opensea-support-staff-are-stealing-cryptowallets-and-nfts/ Excerpt: “When an OpenSea user needs support, they can...

OSN August 24, 2021

Title: A Phishing Attack Exposes Medical Information for 12,000 Patients at Revere Health Date Published: August 23, 2021 https://www.thespectrum.com/story/news/2021/08/23/phishing-attack-exposes-information-12-000-patients-st-george/8214230002/ Excerpt: “A healthcare...