OSN July 27, 2021

Fortify Security Team
Jul 27, 2021

Title: Microsoft Releases Guidance for Mitigating PetitPotam NTLM Relay Attacks

Date Published: July 27, 2021


Excerpt: “If your environment is vulnerable to this attack, we recommend one of the following mitigations:  Preferred mitigation: we recommend you disable NTLM authentication on your Windows domain controller as the simplest mitigation.  This can be accomplished by following the documentation in Network security: Restrict NTLM: NTLM authentication in this domain. Other Mitigations: If you are unable to disable NTLM on your domain for compatibility reasons, you can do one of the following. They are listed in order of more secure to less secure.”

Title: Apple Patches Zero-Day Flaw That Hackers May Have Exploited

Date Published: July 27, 2021


Excerpt: “The patch comes mere days after another update that tackled 40 vulnerabilities. The latest software update comes in the wake of reports that the Israeli spyware firm NSO Group had developed a hacking tool that helps its customers remotely compromise iOS systems. Whether the patch address those technical issues was not immediately clear. Apple did not immediately respond to a request for comment.”

Title: Several Bugs Found in 3 Open-Source Software Used by Several Businesses

Date Published: July 26, 2021


Excerpt: “Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks. All the security flaws in question, which impact EspoCRM v6.1.6, Pimcore Customer Data Framework v3.0.0, Pimcore AdminBundle v6.8.0, and Akaunting v2.1.12, were fixed within a day of responsible disclosure, researchers Wiktor Sedkowski of Nokia and Trevor Christiansen of Rapid7 noted. Six of the nine flaws were uncovered in the Akaunting project.”

Title: DIVD Discloses Three New Unpatched Kaseya Unitrends Zero-Days

Date Published: July 27, 2021


Excerpt: “According to the DIVD public advisory, the zero-day vulnerabilities impact Kaseya Unitrends versions prior to 10.5.2. The advisory recommends customers use the flawed solution to avoid exposing the service online running on default ports. “A DIVD researcher has identified several vulnerabilities in the Kaseya Unitrends backup product version < 10.5.2.” reads the advisory. “Do not expose this service or the clients (running default on ports 80, 443, 1743, 1745) directly to the internet until Kaseya has patched these vulnerabilities,” reads DIVD’s advisory.”

Title: Hackers Turning to ‘Exotic’ Programming Languages for Malware Development

Date Published: July 27, 2021


Excerpt: “Noting that binaries written in these languages can appear more complex, convoluted, and tedious when disassembled, the researchers said the pivot adds additional layers of obfuscation, simply by virtue of them being relatively new, leading to a scenario where older malware developed using traditional languages like C++ and C# are being actively retooled with droppers and loaders written in uncommon alternatives to evade detection by endpoint security systems.”

Title: Microsoft Teams Now Automatically Blocks Phishing Attempts

Date Published: July 27, 2021


Excerpt: “Safe Links in Defender for Office 365 scans URLs at the time of click to ensure that users are protected with the latest intelligence from Microsoft Defender.” The new Safe Links protection is now generally available to all Teams users, and it works for links in conversations, group chats, and Teams channels. Since there is no Safe Links policy enabled by default, you will have to create one or more policies to get the protection of Safe Links in Microsoft Teams.”

Title: SSD Belonging to Euro-Cloud Scaleway Was Stolen From Back of a Truck, Then Turned up on Youtube

Date Published: July 27, 2021


Excerpt: “The CEO says recovering the disk has helped authorities to advance their investigations into the heist, and meant the company felt able to disclose the theft. The cloudy company has since revisited its data transfer policies, and now ships disks in sealed cases equipped with GPS trackers. Obviously it has no desire to have to explain such an improbable security story – for any incident of any origin – ever again.”

Title: Accused CIA Leaker Joshua Schulte Allowed to Represent Himself at Next Vault 7 Trial

Date Published: July 26, 2021


Excerpt: “Schulte is scheduled to stand trial again in October 2021, marking the second time he will face espionage-related charges for allegedly stealing details about U.S. hacking tools from the CIA, then transmitting that data to WikiLeaks. The result, prosecutors say, was the 2017 publication of the so-called Vault 7 files, a cache of data revealing the agency’s ability to compromise consumer technology like smart TVs and web browsers for espionage purposes.”

Title: Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn

Date Published: July 26, 2021


Excerpt: “The Babuk ransomware gang’s new rebrand isn’t going so well. It seems the cybercriminal group has been a victim of a ransomware attack of its own. Babuk’s latest endeavor, a Dark Web ransomware forum called RAMP, was crippled by a spammer over the weekend who overloaded the site with same-sex pornographic GIFs, according to Recorded Future. The attacker told Babuk they wanted $5,000. Babuk told them to pound sand, refused to pay and deleted the original post. But even after wiping the forum several times, Recorded Future said the attacker was still able to bombard the forum with pornographic GIFs.”

Title: Report: Online Retail Fraud in the Criminal Underground

Date Published: July 27, 2021


Excerpt: “Online retail fraud is a persistent, multifaceted threat to businesses of all sizes and their customers and is likely to persist for the foreseeable future as consumers engage more with online retailers and shop more online versus at traditional “brick and mortar” stores. Also called e-commerce fraud, online retail fraud is the act of committing some form of fraud, such as a fraudulent transaction, on a web-based retail platform. Generally, cybercriminals will use stolen payment or account information to conduct these transactions. Some elements of online retail fraud also involve social engineering schemes that look to defraud a retail platform directly, as in the case with refunding scams against one’s customer service branch, or a third party, such as interception fraud or scams that target shipping companies.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...