July 15, 2021

Fortify Security Team
Jul 21, 2021

Title: Microsoft: Update Windows Server 2012 Before Extended Support Ends
Date Published: July 15, 2021


Excerpt: “The company says Windows Server and SQL Server 2012 Extended Security Updates will be made available for purchase later when getting closer to the end of extended support. Additional information is available on the Extended Security Updates frequently asked questions page. “With cyberattacks becoming more sophisticated and frequent, running apps and data on unsupported versions can create significant security and compliance risks.”

Title: Phishing Continues to Be One of the Easiest Paths for Ransomware: Report
Date Published: July 15, 2021


Excerpt: “Nearly 25% of all survey respondents said their ransomware attacks started through phishing and of those victims, 65% had conducted anti-phishing training sessions. For enterprises with fewer than 500 employees, 41% said their attacks started with phishing. About one third of all victims said their public cloud was the entry point ransomware groups used to attack them. “This reflects the increasing sophistication of phishing schemes, with attackers now mimicking emails from trusted associates such as high-level executives (known as ‘whaling’ attacks). These emails will sometimes include personal details, usually gleaned from social media, making it more likely that even a wary individual will fall prey,” the report explained.”

Title: Software Maker Removes “Backdoor” Giving Root Access to Radio Devices
Date Published: July 15, 2021


Excerpt: “Yesterday, Mark Jessop, an RF engineer, and radio operator came across an interesting forum post in which the author of the KiwiSDR project admitted to having remote access to all radio receiver devices running the software. Another user, M. dug out a 2017 forum thread where KiwiSDR’s developer admitted that a backdoor indeed provided them with remote access to all KiwiSDR devices. Furthermore, as of today, over 600 KiwiSDR devices are online with the backdoor still present in them, as highlighted by Hacker Fantastic.”

Title: Bazarbackdoor Sneaks in Through Nested Rar and Zip Archives
Date Published: July 14, 2021


Excerpt: “The multi-compression or nested archive method is not new but gained in popularity recently as it can trick email security gateways into mislabeling malicious attachments as clean. It consists of placing an archive within another. Researchers at Cofense say that this method can bypass some secure email gateways (SEGs), which can have a limit to how deep they check a compressed file. The new BazarBackdoor campaign deployed earlier this month and lured enterprise recipients with an “Environmental Day” theme, officially celebrated on June 5.”

Title: Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild
Date Published: July 15, 2021


Excerpt: “The malicious websites took charge of fingerprinting the devices, including collecting system information about the clients, before delivering a second-stage payload. When Google rolled out a patch for CVE-2021-30551, Shane Huntley, Director of Google’s Threat Analysis Group (TAG), revealed that the vulnerability was leveraged by the same actor that abused CVE-2021-33742, an actively exploited remote code execution flaw in Windows MSHTML platform that was addressed by Microsoft as part of its Patch Tuesday update on June 8.”

Title: Sonicwall Releases Urgent Notice About Imminent Ransomware Attacks Targeting Its 8.X Firmware
Date Published: July 15, 2021


Excerpt: “SonicWall a Network device maker has issued an urgent security notice to its customers, warning of imminent ransomware attacks targeting the Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware. “The exploitation targets a known vulnerability that has been patched in newer versions of the firmware.” It continues by saying, “Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack”.”

Title: Google to Bring HTTPS-First Mode to Chrome Browser
Date Published: July 14, 2021


Excerpt: “The idea is to protect people from having their information leaked to eavesdroppers who can’t intercept data shared over HTTPS. The HTTPS-First Mode will attempt to upgrade all page loads to HTTPS and display a warning before loading sites that don’t support it. Based on feedback, Google may decide to make HTTPS-First the default mode for all Chrome users.”

Title: Windows Hello Bypass Fools Biometrics Safeguards in PCs
Date Published: July 14, 2021


Excerpt: “From there, they can go on “to manipulate the authentication process by capturing or recreating a photo of the target’s face and subsequently plugging in a custom-made USB device to inject the spoofed images to the authenticating host,” Omer Tsarfati, cybersecurity researcher at CyberArk Labs, wrote in a report about the vulnerability published Tuesday. Further, exploitation of the bypass can extend beyond Windows Hello systems to “any authentication system that allows a pluggable third-party USB camera to act as a biometric sensor,” Tsarfati noted.”

Title: Professor Says Being Impersonated by Iranian Hackers Was Stressful But Good For Networking
Date Published: July 13, 2021


Excerpt: “On the upside I had conversations with a lot of interesting people that I would probably not have had interaction with otherwise. I’m taking it as a live case study,” he said in an email. “I think it was smart of them to pick me. The UK does not recognize identity theft as a crime in itself,” Kendel added. “Working in the field of diplomacy and at a renowned institution, yet not senior enough to be implausible for first contact. A mixture of slightly clumsy but also highly sophisticated.”

Title: FCC Finalizes Plan to Rip and Replace Chinese Telecom Gear
Date Published: July 14, 2021


Excerpt: “In June 2020, the FCC designated Huawei and ZTE as threats to U.S. national security, noting that if the companies’ gear is used on U.S. telecom networks, the firms could spy on communications on behalf of the Chinese government. As a result, smaller U.S. telecom companies and wireless carriers could no longer tap into the FCC’s $8.3 billion Universal Service Fund to buy equipment from Huawei and ZTE. The commission also ordered smaller carriers to remove this gear from their networks, with the government picking up some of the costs.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...