OSN July 15, 2021

by | Jul 21, 2021 | Company News

Title: Microsoft: Update Windows Server 2012 Before Extended Support Ends
Date Published: July 15, 2021

https://www.bleepingcomputer.com/news/microsoft/microsoft-update-windows-server-2012-before-extended-support-ends/

Excerpt: “The company says Windows Server and SQL Server 2012 Extended Security Updates will be made available for purchase later when getting closer to the end of extended support. Additional information is available on the Extended Security Updates frequently asked questions page. “With cyberattacks becoming more sophisticated and frequent, running apps and data on unsupported versions can create significant security and compliance risks.”

Title: Phishing Continues to Be One of the Easiest Paths for Ransomware: Report
Date Published: July 15, 2021

https://www.hackread.com/revil-ransomware-group-offline-us-pressure/

Excerpt: “Nearly 25% of all survey respondents said their ransomware attacks started through phishing and of those victims, 65% had conducted anti-phishing training sessions. For enterprises with fewer than 500 employees, 41% said their attacks started with phishing. About one third of all victims said their public cloud was the entry point ransomware groups used to attack them. “This reflects the increasing sophistication of phishing schemes, with attackers now mimicking emails from trusted associates such as high-level executives (known as ‘whaling’ attacks). These emails will sometimes include personal details, usually gleaned from social media, making it more likely that even a wary individual will fall prey,” the report explained.”

Title: Software Maker Removes “Backdoor” Giving Root Access to Radio Devices
Date Published: July 15, 2021

https://www.bleepingcomputer.com/news/security/software-maker-removes-backdoor-giving-root-access-to-radio-devices/

Excerpt: “Yesterday, Mark Jessop, an RF engineer, and radio operator came across an interesting forum post in which the author of the KiwiSDR project admitted to having remote access to all radio receiver devices running the software. Another user, M. dug out a 2017 forum thread where KiwiSDR’s developer admitted that a backdoor indeed provided them with remote access to all KiwiSDR devices. Furthermore, as of today, over 600 KiwiSDR devices are online with the backdoor still present in them, as highlighted by Hacker Fantastic.”

Title: Bazarbackdoor Sneaks in Through Nested Rar and Zip Archives
Date Published: July 14, 2021

https://www.bleepingcomputer.com/news/security/bazarbackdoor-sneaks-in-through-nested-rar-and-zip-archives/

Excerpt: “The multi-compression or nested archive method is not new but gained in popularity recently as it can trick email security gateways into mislabeling malicious attachments as clean. It consists of placing an archive within another. Researchers at Cofense say that this method can bypass some secure email gateways (SEGs), which can have a limit to how deep they check a compressed file. The new BazarBackdoor campaign deployed earlier this month and lured enterprise recipients with an “Environmental Day” theme, officially celebrated on June 5.”

Title: Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild
Date Published: July 15, 2021

https://thehackernews.com/2021/07/google-details-ios-chrome-ie-zero-day.html

Excerpt: “The malicious websites took charge of fingerprinting the devices, including collecting system information about the clients, before delivering a second-stage payload. When Google rolled out a patch for CVE-2021-30551, Shane Huntley, Director of Google’s Threat Analysis Group (TAG), revealed that the vulnerability was leveraged by the same actor that abused CVE-2021-33742, an actively exploited remote code execution flaw in Windows MSHTML platform that was addressed by Microsoft as part of its Patch Tuesday update on June 8.”

Title: Sonicwall Releases Urgent Notice About Imminent Ransomware Attacks Targeting Its 8.X Firmware
Date Published: July 15, 2021

https://www.pvt365.net/sonicwall-releases-urgent-notice-about-imminent-ransomware-attacks-targeting-its-8-x-firmware/

Excerpt: “SonicWall a Network device maker has issued an urgent security notice to its customers, warning of imminent ransomware attacks targeting the Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware. “The exploitation targets a known vulnerability that has been patched in newer versions of the firmware.” It continues by saying, “Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack”.”

Title: Google to Bring HTTPS-First Mode to Chrome Browser
Date Published: July 14, 2021

https://beta.darkreading.com/endpoint/google-to-bring-https-first-mode-to-chrome-browser

Excerpt: “The idea is to protect people from having their information leaked to eavesdroppers who can’t intercept data shared over HTTPS. The HTTPS-First Mode will attempt to upgrade all page loads to HTTPS and display a warning before loading sites that don’t support it. Based on feedback, Google may decide to make HTTPS-First the default mode for all Chrome users.”

Title: Windows Hello Bypass Fools Biometrics Safeguards in PCs
Date Published: July 14, 2021

https://threatpost.com/windows-hello-bypass-biometrics-pcs/167771/

Excerpt: “From there, they can go on “to manipulate the authentication process by capturing or recreating a photo of the target’s face and subsequently plugging in a custom-made USB device to inject the spoofed images to the authenticating host,” Omer Tsarfati, cybersecurity researcher at CyberArk Labs, wrote in a report about the vulnerability published Tuesday. Further, exploitation of the bypass can extend beyond Windows Hello systems to “any authentication system that allows a pluggable third-party USB camera to act as a biometric sensor,” Tsarfati noted.”

Title: Professor Says Being Impersonated by Iranian Hackers Was Stressful But Good For Networking
Date Published: July 13, 2021

https://www.vice.com/en/article/dyvwvw/professor-says-being-impersonated-by-iranian-hackers-was-stressful-but-good-for-networking

Excerpt: “On the upside I had conversations with a lot of interesting people that I would probably not have had interaction with otherwise. I’m taking it as a live case study,” he said in an email. “I think it was smart of them to pick me. The UK does not recognize identity theft as a crime in itself,” Kendel added. “Working in the field of diplomacy and at a renowned institution, yet not senior enough to be implausible for first contact. A mixture of slightly clumsy but also highly sophisticated.”

Title: FCC Finalizes Plan to Rip and Replace Chinese Telecom Gear
Date Published: July 14, 2021

https://www.bankinfosecurity.com/fcc-finalizes-plan-to-rip-replace-chinese-telecom-gear-a-17075

Excerpt: “In June 2020, the FCC designated Huawei and ZTE as threats to U.S. national security, noting that if the companies’ gear is used on U.S. telecom networks, the firms could spy on communications on behalf of the Chinese government. As a result, smaller U.S. telecom companies and wireless carriers could no longer tap into the FCC’s $8.3 billion Universal Service Fund to buy equipment from Huawei and ZTE. The commission also ordered smaller carriers to remove this gear from their networks, with the government picking up some of the costs.”