OSN July 1, 2021

Fortify Security Team
Jul 1, 2021

Title: Printnightmare 0-Day Can Be Used to Take Over Windows Domain Controllers
Date Published: July 1, 2021


Excerpt: “In June, Microsoft patched a vulnerability in the Windows Print Spooler that was listed as CVE-2021-1675. At first it was classified as an elevation of privilege (EoP) vulnerability. Which means that someone with limited access to a system could raise their privilege level, giving them more power over the affected system. This type of vulnerability is serious, especially when it is found in a widely used service like the Windows Print Spooler. A few weeks after the patch Microsoft raised the level of seriousness to a remote code execution (RCE) vulnerability. RCE vulnerabilities allow a malicious actor to execute their code on a different machine on the same network.”

Title: Mirai_ptea Botnet is Exploiting Undisclosed KGUARD DVR Vulnerability
Date Published: July 1, 2021


Excerpt: “On 2021-06-22 we detected a sample of a mirai variant that we named mirai_ptea propagating through a new vulnerability targeting KGUARD DVR. Coincidently, a day later, on June 23, we received an inquiry from the security community asking if we had seen a new DDoS botnet, cross-referencing some data, it was exactly this botnet that we had just discovered.”

Title: Babuk Ransomware Builder Mysteriously Appears in VirusTotal
Date Published: June 30, 2021


Excerpt: “There are some doubts on how the Babuk operators planned to proceed after they contradicted their own announcement by also announcing they planned to switch to the Ransomware-as-a-Service (RaaS) model and so-called “double extortion”. Double extortion entails both encrypting a victim’s data and threatening to leak it. A threat actor operating the RaaS model provides the infrastructure, including the ransomware, for other threat actors to use. This business model makes it hard to fathom why RaaS customers would be interested in working with Babuk operators, if they abandoned the encryption part of the model. Extortion by threatening to release stolen data does not require the same specialized knowledge or infrastructure as encrypting data.”

Title: Adobe Zero-Day Exploit: Further Details on the Zero-Day Bug Patched in May by Adobe
Date Published: July 1, 2021


Excerpt: “The above-mentioned Crowdsource members of” detectify “ firstly discovered the Adobe Zero-Day Exploit in December 2020 by using AEM in a project that involved Sony Interactive Entertainment’s PlayStation division. They continued the investigation and discovered other subdomains from Mastercard containing this vulnerability three months later. After validating the issue, on the 27th March they notified Adobe and the company patched the vulnerability on the 6th of May. It is said that Adobe Zero-Day Exploit affected Linkedin customers too.”

Title: Lorenz Ransomware Attack Victims Can Now Recover Files With This Free Decryption Tool
Date Published: July 1, 2021


Excerpt: “Cybersecurity researchers have released a decryption tool which allows victims of Lorenz ransomware to decrypt their files for free – and crucially, without the need to pay a ransom demand to cyber criminals.  This is particularly important for Lorenz, as bug in the ransomware’s code means that even if victims paid for the decryption key, some of the encrypted files can’t be recovered. But following analysis of the malware, researchers at Dutch cybersecurity company Tesorion found that were able to engineer a decryption tool for Lorenz ransomware – and now it’s available for free via No More Ransom.”

Title: Google Chrome Will Get an Https-Only Mode for Secure Browsing
Date Published: July 1, 2021


Excerpt: “If you want to test this experimental feature right now, you will have to first enable the “HTTPS-Only Mode Setting” flag by going to chrome://flags/#https-only-mode-setting. This adds the “Always use secure connections” option to the browser’s security settings which, once enabled, will set up Chrome to automatically upgrade all navigation to HTTPS and display alerts before loading websites that don’t support it. The HTTPS upgrades will be automatic with no warnings to allow you to browse the Internet without interruptions over a secure connection wherever possible.”

Title: Microsoft Reveals Authentication Failures, System Hijack Vulnerabilities in Netgear Routers
Date Published: July 1, 2021


Excerpt: “Microsoft’s security team discovered the vulnerabilities after noting strange behavior in the router’s management port. While communication was protected with TLS encryption, it was still flagged as an anomaly when machine learning models were applied. Upon further investigation of the router firmware, the security researchers found three HTTPd authentication flaws.”

Title: Linkedin’s 1.2b Data-Scrape Victims Already Being Targeted by Attackers
Date Published: July 1, 2021


Excerpt: “Yesterday, a database filled with the personal information of 88,000 U.S. business owners gleaned from the latest LinkedIn data scrape was shared in RaidForum, which the poster said specifically isolated U.S. business owners who have changed jobs over the past 90 days, CyberNews reported. The notably targeted database includes full names, email addresses, work details and any other information publicly listed on LinkedIn. It’s not hard to see how this particular group of people, fresh on a new job, flooded with onboarding paperwork and dealing with new co-workers might be easily tricked into clicking on a malicious link.”

Title: US CISA Releases a Ransomware Readiness Assessment (Rra) Tool
Date Published: July 1, 2021


Excerpt: “The Ransomware Readiness Assessment (RRA) will help you understand your cybersecurity posture with respect to the ever-evolving threat of ransomware.” CISA says. “The RRA also provides a clear path for improvement and contains an evolving progression of questions tiered by the categories of basic, intermediate, and advanced. This is intended to help an organization improve by focusing on the basics first, and then progressing by implementing practices through the intermediate and advanced categories.”

Title: Dropbox Used to Mask Malware Movement in Cyber Espionage Campaign
Date Published: July 1, 2021


Excerpt: “Chinese-speaking cyber espionage actors have targeted the Afghan government, using Dropbox for command-and-control (C2) communications and going so far as to impersonate the Office of the President to infiltrate the Afghan National Security Council (NSC), researchers have found. The suspected advanced persistent threat (APT) group has been dubbed IndigoZebra. Kapsersky researchers, for their part, included the APT among the list of Chinese-speaking actors listed in its APT Trends report for the second quarter of 2017.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...