OSN July 13, 2021

Fortify Security Team
Jul 13, 2021

Title: SolarWinds Issues Hotfix for Zero-Day Flaw Under Active Attack
Date Published: July 13, 2021

https://threatpost.com/solarwinds-hotfix-zero-day-active-attack/167704/

Excerpt: “Though the current threat appears to be from a sole actor and “involves a limited, targeted set of customers,” SolarWinds wanted to remedy the situation before it could escalate, the company said. “Our joint teams have mobilized to address it quickly,” according to the advisory. SolarWinds does not currently know many customers may be directly affected by the flaw, nor has it identified the ones who were targeted. The company is recommending that all customers using the affected products update now, which can be done by accessing the company’s customer portal.”

Title: Modipwn: Code Execution Vulnerability Discovered in Schneider Electric Modicon PLCs
Date Published: July 13, 2021

https://www.zdnet.com/article/modipwn-critical-vulnerability-discovered-in-schneider-electric-modicon-plcs/

Excerpt: “Without authorization, it is possible for attackers to abuse undocumented commands and obtain full control over one of these chips, overwriting memory, leaking a hash required to take over secure connections, and executing code — which, in turn, can impact the security of workstations that manage the PLCs.  SE Modicon PLCs are used to control Industrial Internet of Things (IIoT) devices in the construction, energy, machinery, and utility sectors, among others.  Armis says that to trigger an attack, only network access is required to the target PLC.”

Title: American Retailer Guess Discloses Data Breach After Ransomware Attack
Date Published: July 12, 2021

https://www.bleepingcomputer.com/news/security/fashion-retailer-guess-discloses-data-breach-after-ransomware-attack/

Excerpt: “February ransomware attack that led to data theft. “A cybersecurity forensic firm was engaged to assist with the investigation and identified unauthorized access to Guess’ systems between February 2, 2021 and February 23, 2021,” the company said in breach notification letters mailed to impacted customers. “On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor”.”

Title: Trickbot Activity Increases; New VNC Module on the Radar
Date Published: July 12, 2021

https://www.bitdefender.com/blog/labs/trickbot-activity-increases-new-vnc-module-on-the-radar

Excerpt: “Despite the takedown attempt, Trickbot is more active than ever. In May 2021, our systems started to pick up an updated version of the vncDll module that Trickbot uses against select high-profile targets. This module, known as tvncDll, is used for monitoring and intelligence gathering. It seems to be still under development, since the group has a frequent update schedule, regularly adding new functionalities and bug fixes. In addition to upgraded modules, Bitdefender has noted a significant increase in command-and-control centers deployed around the world.”

Title: Critical RCE Flaw in ForgeRock Access Manager Under Active Attack
Date Published: July 12, 2021

https://thehackernews.com/2021/07/critical-rce-flaw-in-forgerock-access.html

Excerpt: “TTracked as CVE-2021-35464, the issue concerns a pre-authentication remote code execution (RCE) vulnerability in ForgeRock Access Manager identity and access management tool, and stems from an unsafe Java deserialization in the Jato framework used by the software. “An attacker exploiting the vulnerability will execute commands in the context of the current user, not as the root user (unless ForgeRock AM is running as the root user, which is not recommended),” the San Francisco-headquartered software firm noted in an advisory.”

Title: Immediate Action Required to Avoid Ransomware Pandemic – Interpol
Date Published: July 12, 2021

https://www.bleepingcomputer.com/news/security/interpol-urges-police-to-unite-against-potential-ransomware-pandemic/

Excerpt: “LYON, France – INTERPOL Secretary General Jürgen Stock has called for police agencies worldwide to form a global coalition with industry partners to prevent a potential ransomware pandemic. Speaking at the INTERPOL High-Level Forum on Ransomware (12 July), Secretary General Stock said that while some solutions existed nationally or bi-laterally, effectively preventing and disrupting ransomware meant adopting the same international collaboration used to fight terrorism, human trafficking or mafia groups such as the ‘Ndrangheta.”

Title: WordPress File Management Plugin Riddled with Critical Bugs
Date Published: July 12, 2021

https://threatpost.com/frontend-file-manager-wordpress-bugs/167687/

Excerpt: “A critical cross-site scripting (XSS) bug impacts WordPress sites running the Frontend File Manager plugin and allows remote unauthenticated users to inject JavaScript code into vulnerable websites to create admin user accounts. The bug is one of six critical flaws impacting the WordPress plugin Front File Manager versions 17.1 and 18.2, active on more than 2,000 websites. Each of the flaws, publicly disclosed Monday, have available patches.”

Title: Microsoft to Acquire RiskIQ
Date Published: July 12, 2021

https://www.bankinfosecurity.com/microsoft-to-acquire-riskiq-a-17028

Excerpt: “Michelle Abraham, research director in IDC’s Security and Trust Group, notes that while the deal has a threat intelligence element, she believes it also brings something new to Microsoft. “My thoughts on the deal are actually in a different direction with the addition of RiskIQ adding attack surface management to Microsoft. The ability to provide an external view of IT assets, especially of previously unknown cloud assets, will be helpful for Microsoft Azure customers, so they know what they have to secure,” she says.”

Title: Microsoft’s Windows Cloud PC Service Almost Here – What We Know So Far
Date Published: July 11, 2021

https://www.bleepingcomputer.com/news/microsoft/microsofts-windows-cloud-pc-service-almost-here-what-we-know-so-far/

Excerpt: “According to earlier reports, Cloud PC will help users access their work apps and programs online from any device. This means it will be supported by all remote desktop apps and mobile apps, but you’ll need a Microsoft 365 account to access and subscribe to the service. The Cloud PC management console will also allow admins to manage PCs to perform tasks, such as upgrading devices and performing restarts, resets, renames, and diagnostics of the Cloud PC. A screenshot found in the scripts used by the service is for Windows 10 desktop, indicating that Cloud PC will likely launch with Windows 10 and then add Windows 11 when it becomes available.”

Title: Iranian Hackers Posing as Scholars Target Professors and Writers in Middle-East
Date Published: July 13, 2021

https://thehackernews.com/2021/07/iranian-hackers-posing-as-scholars.html

Excerpt: “A sophisticated social engineering attack undertaken by an Iranian-state aligned actor targeted think tanks, journalists, and professors with an aim to solicit sensitive information by masquerading as scholars with the University of London’s School of Oriental and African Studies (SOAS). Enterprise security firm Proofpoint attributed the campaign — called “Operation SpoofedScholars” — to the advanced persistent threat tracked as TA453, which is also known by the aliases APT35 (FireEye), Charming Kitten (ClearSky), and Phosphorous (Microsoft). The government cyber warfare group is suspected to carry out intelligence efforts on behalf of the Islamic Revolutionary Guard Corps (IRGC).”

Recent Posts

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...

OSN August 26, 2021

Title: Microsoft Breaks Silence on Barrage of ProxyShell Attacks Date Published: August 26, 2021 https://threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Excerpt: “The company released an advisory late Wednesday letting customers know that threat actors may...

OSN August 26, 2021

Title: Microsoft Breaks Silence on Barrage of ProxyShell Attacks Date Published: August 26, 2021 https://threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Excerpt: “The company released an advisory late Wednesday letting customers know that threat actors may...

OSN August 25, 2021

Title: Fake Opensea Support Staff Are Stealing Cryptowallets and NFTS Date Published: August 24, 2021 https://www.bleepingcomputer.com/news/security/fake-opensea-support-staff-are-stealing-cryptowallets-and-nfts/ Excerpt: “When an OpenSea user needs support, they can...

OSN August 24, 2021

Title: A Phishing Attack Exposes Medical Information for 12,000 Patients at Revere Health Date Published: August 23, 2021 https://www.thespectrum.com/story/news/2021/08/23/phishing-attack-exposes-information-12-000-patients-st-george/8214230002/ Excerpt: “A healthcare...