OSN July 22, 2021

Fortify Security Team
Jul 22, 2021

Title: Microsoft Issues Windows 10 Workaround Fix for ‘SeriousSAM’ Bug
Date Published: July 22, 2021


Excerpt: “For this reason, Microsoft is recommending sysadmin delete the backup copies of the VSS files. The OS maker does not offer a patch for the bug, rather a simple workaround. Microsoft explains the two step process as: “Delete any System Restore points and Shadow volumes that existed prior to restricting access to %windir%\system32\config” and “create a new System Restore point (if desired).” It also cautions that deleting VSS shadow copies “could impact restore operations, including the ability to restore data with third-party backup applications”.”

Title: CISA Analyzed Stealthy Malware Found on Compromised Pulse Secure Devices
Date Published: July 22, 2021


Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a security alert related to the discovery of 13 malware samples on compromised Pulse Secure devices, many of which were undetected by antivirus products. Experts pointed out that only one of the malware samples analyzed by CISA was uploaded on VirusTotal with a low detection rate. The agency published a malware analysis report (MARs) for each malicious code, the report also includes threat actor techniques, tactics, and procedures (TTPs) and indicators of compromise (IOCs) for the threat.”

Title: Pegasus Spyware Has Been Here for Years. We Must Stop Ignoring It
Date Published: July 22, 2021


Excerpt: “The spyware, called Pegasus and developed by the Israeli company NSO Group, is reportedly instrumental to several governments’ oppressive surveillance campaigns against their own citizens and residents, and, while NSO Group has repeatedly denied allegations that it complicitly sells Pegasus to human right abusers, it is difficult to reconcile exactly how the zero-click spyware program—which non-consensually and invisibly steals emails, text messages, photos, videos, locations, passwords, and social media activity—is at the same time a tool that can, in its very use, respect the rights of those around the world to speak freely, associate safely, and live privately.”

Title: 1,000 Gb of Local Government Data Exposed by Massachusetts Software Company
Date Published: July 22, 2021


Excerpt: “Ata Hakçil and his team discovered more than 80 misconfigured Amazon S3 buckets holding data related to these municipalities. The data ranged from residential records like deeds and tax information to business licenses and job applications for government positions. Due to the sensitive nature of the documents, many of the forms included people’s email address, physical address, phone number, driver’s license number, real estate tax information, license photographs and photos of property.”

Title: Top Organizations on GitHub Vulnerable to Dependency Confusion Attacks
Date Published: July 21, 2021


Excerpt: “Out of the top 1000 organizations we scanned, 212 had at least one dependency confusion-related misconfiguration in their codebase. This is quite a serious concern because a major part of the open-source ecosystem depends on these giants and these repositories have a good number of users. Hence, if any of their projects get affected, there’s a high probability that millions of users will be at risk. To give you an idea of the impact, the projects that we found issues in, had a total of over 1,24,937 stars on GitHub in total. GitHub stars represent ‘endorsement’ from users and while it may not be a unit of measuring downloads of a particular project, it still says a lot about their influence.”

Title: Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws
Date Published: July 22, 2021


Excerpt: “Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that’s remotely exploitable without authentication. It’s worth noting that the weakness was originally addressed as part of an out-of-band security update in June 2019.”

Title: Atlassian Asks Customers to Patch Critical Jira Vulnerability
Date Published: July 22, 2021


Excerpt: “The vulnerability stems from a missing authentication check or in other words unrestricted access to Ehcache RMI ports. Ehcache is a widely used open-source cache used by Java applications for enhancing performance and scalability. RMI refers to remote method invocation, a concept in Java similar to remote procedure calls (RPC) in OOP languages. RMI lets programmers invoke methods present in remote objects—such as those present within an application running on a shared network, right from their application as they would run a local method or procedure.”

Title: Thousands of Humana Customers Have Their Medical Data Leaked Online by Threat Actors
Date Published: July 22, 2021


Excerpt: “The leak comes more than four months after Humana, the third-largest health insurance company in the US, notified 65,000 of its health plan members about a security breach where “a subcontractor’s employee disclosed medical records to unauthorized individuals” between October 12, 2020, and December 16, 2020. In May, one of the patients affected by the breach filed a lawsuit against the company. On July 18, we reached out to Humana to verify that the data belonged to them, but they have not responded yet. One of the forum members who downloaded the database claims that the archive contains information from 2020, and not 2019, as suggested by the leaker. If the forum member’s claims are true, the leaked database might potentially be part of the 2020 breach.”

Title: 740 Ransomware Victims Named on Data Leak Sites in Q2 2021: Report
Date Published: July 22, 2021


Excerpt: “More than 350 US organizations were hit by ransomware in Q2 compared to 46 from France, 39 from the UK and 35 from Italy. The researchers behind the report questioned whether Q3 would see more attacks resembling the Kaseya ransomware attack, where REvil operators used a zero-day vulnerability to compromise more than 40 Managed Service Providers.”Ransomware operations will likely continue to operate brazenly into the third quarter of 2021, giving limited thought to who they are targeting and more to how much money they might make,” the researchers wrote.”

Title: HTA Files Distributed as Fake Chrome Patches for CVE-2021-30554
Date Published: July 22, 2021


Excerpt: “The email was received by one of our PDC customers with well-conditioned users who quickly report. It warns the user about a recently reported vulnerability in Google Chrome and a corresponding update for the employee to apply. A web browser like Chrome is a vital everyday tool for employees across several industries, so threat actors urge recipients to apply the update within 48 hours or functionality may cease (Figure 1). However, any seasoned Chrome user knows these updates are available directly within Chrome, and enterprise users know their IT department manages pushing out software updates.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...