OSN July 15, 2021

Fortify Security Team
Jul 21, 2021

Title: Microsoft: Update Windows Server 2012 Before Extended Support Ends
Date Published: July 15, 2021


Excerpt: “The company says Windows Server and SQL Server 2012 Extended Security Updates will be made available for purchase later when getting closer to the end of extended support. Additional information is available on the Extended Security Updates frequently asked questions page. “With cyberattacks becoming more sophisticated and frequent, running apps and data on unsupported versions can create significant security and compliance risks.”

Title: Phishing Continues to Be One of the Easiest Paths for Ransomware: Report
Date Published: July 15, 2021


Excerpt: “Nearly 25% of all survey respondents said their ransomware attacks started through phishing and of those victims, 65% had conducted anti-phishing training sessions. For enterprises with fewer than 500 employees, 41% said their attacks started with phishing. About one third of all victims said their public cloud was the entry point ransomware groups used to attack them. “This reflects the increasing sophistication of phishing schemes, with attackers now mimicking emails from trusted associates such as high-level executives (known as ‘whaling’ attacks). These emails will sometimes include personal details, usually gleaned from social media, making it more likely that even a wary individual will fall prey,” the report explained.”

Title: Software Maker Removes “Backdoor” Giving Root Access to Radio Devices
Date Published: July 15, 2021


Excerpt: “Yesterday, Mark Jessop, an RF engineer, and radio operator came across an interesting forum post in which the author of the KiwiSDR project admitted to having remote access to all radio receiver devices running the software. Another user, M. dug out a 2017 forum thread where KiwiSDR’s developer admitted that a backdoor indeed provided them with remote access to all KiwiSDR devices. Furthermore, as of today, over 600 KiwiSDR devices are online with the backdoor still present in them, as highlighted by Hacker Fantastic.”

Title: Bazarbackdoor Sneaks in Through Nested Rar and Zip Archives
Date Published: July 14, 2021


Excerpt: “The multi-compression or nested archive method is not new but gained in popularity recently as it can trick email security gateways into mislabeling malicious attachments as clean. It consists of placing an archive within another. Researchers at Cofense say that this method can bypass some secure email gateways (SEGs), which can have a limit to how deep they check a compressed file. The new BazarBackdoor campaign deployed earlier this month and lured enterprise recipients with an “Environmental Day” theme, officially celebrated on June 5.”

Title: Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild
Date Published: July 15, 2021


Excerpt: “The malicious websites took charge of fingerprinting the devices, including collecting system information about the clients, before delivering a second-stage payload. When Google rolled out a patch for CVE-2021-30551, Shane Huntley, Director of Google’s Threat Analysis Group (TAG), revealed that the vulnerability was leveraged by the same actor that abused CVE-2021-33742, an actively exploited remote code execution flaw in Windows MSHTML platform that was addressed by Microsoft as part of its Patch Tuesday update on June 8.”

Title: Sonicwall Releases Urgent Notice About Imminent Ransomware Attacks Targeting Its 8.X Firmware
Date Published: July 15, 2021


Excerpt: “SonicWall a Network device maker has issued an urgent security notice to its customers, warning of imminent ransomware attacks targeting the Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware. “The exploitation targets a known vulnerability that has been patched in newer versions of the firmware.” It continues by saying, “Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack”.”

Title: Google to Bring HTTPS-First Mode to Chrome Browser
Date Published: July 14, 2021


Excerpt: “The idea is to protect people from having their information leaked to eavesdroppers who can’t intercept data shared over HTTPS. The HTTPS-First Mode will attempt to upgrade all page loads to HTTPS and display a warning before loading sites that don’t support it. Based on feedback, Google may decide to make HTTPS-First the default mode for all Chrome users.”

Title: Windows Hello Bypass Fools Biometrics Safeguards in PCs
Date Published: July 14, 2021


Excerpt: “From there, they can go on “to manipulate the authentication process by capturing or recreating a photo of the target’s face and subsequently plugging in a custom-made USB device to inject the spoofed images to the authenticating host,” Omer Tsarfati, cybersecurity researcher at CyberArk Labs, wrote in a report about the vulnerability published Tuesday. Further, exploitation of the bypass can extend beyond Windows Hello systems to “any authentication system that allows a pluggable third-party USB camera to act as a biometric sensor,” Tsarfati noted.”

Title: Professor Says Being Impersonated by Iranian Hackers Was Stressful But Good For Networking
Date Published: July 13, 2021


Excerpt: “On the upside I had conversations with a lot of interesting people that I would probably not have had interaction with otherwise. I’m taking it as a live case study,” he said in an email. “I think it was smart of them to pick me. The UK does not recognize identity theft as a crime in itself,” Kendel added. “Working in the field of diplomacy and at a renowned institution, yet not senior enough to be implausible for first contact. A mixture of slightly clumsy but also highly sophisticated.”

Title: FCC Finalizes Plan to Rip and Replace Chinese Telecom Gear
Date Published: July 14, 2021


Excerpt: “In June 2020, the FCC designated Huawei and ZTE as threats to U.S. national security, noting that if the companies’ gear is used on U.S. telecom networks, the firms could spy on communications on behalf of the Chinese government. As a result, smaller U.S. telecom companies and wireless carriers could no longer tap into the FCC’s $8.3 billion Universal Service Fund to buy equipment from Huawei and ZTE. The commission also ordered smaller carriers to remove this gear from their networks, with the government picking up some of the costs.”

Recent Posts

Beers & Bytes Recognized as a Top Industry Podcast

Beers & Bytes Recognized as a Top Industry Podcast

Beers & Bytes was recently named the Gold Winner for Best Cybersecurity Podcast among North American-based companies with between 10 and 49 employees. The honor was conveyed by the highly-coveted Cybersecurity Excellence Awards program. The recognition comes as...

Fortify 24×7 Named To MSSP Top 250 MSSPs List For 2020

Fourth-Annual List Honors Leading MSSP, MDR, and SOCaaS Cybersecurity Companies Worldwide September 28, 2020, Point Roberts, WA: MSSP Alert, published by After Nines Inc., has named Fortify 24x7 to the Top 250 MSSPs list for 2020 (https://www.msspalert.com/top250)....

Fortify 24×7 Named To ChannelE2E Top 100 Vertical Market MSPs

May 5, 2020, Point Roberts, WA: Fortify 24x7 has been named to After Nines Inc.’s ChannelE2E Top 100 Vertical Market MSPs list and research (https://www.channelE2E.com/top100) for 2020. The annual list and research identify and honor the top 100 managed services...

Fortify 24×7 Named To 2019 MSSP Alert Top 200 MSSP List

On September 19, 2019, MSSP Alert, published by After Nines Inc., has named Fortify 24x7 to the Top 200 MSSPs list for 2019 (https://www.msspalert.com/top200). The list and research identify and honor the top 200 managed security services providers (MSSPs) that...