OSN July 27, 2021

Fortify Security Team
Jul 27, 2021

Title: Microsoft Releases Guidance for Mitigating PetitPotam NTLM Relay Attacks

Date Published: July 27, 2021

https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429

Excerpt: “If your environment is vulnerable to this attack, we recommend one of the following mitigations:  Preferred mitigation: we recommend you disable NTLM authentication on your Windows domain controller as the simplest mitigation.  This can be accomplished by following the documentation in Network security: Restrict NTLM: NTLM authentication in this domain. Other Mitigations: If you are unable to disable NTLM on your domain for compatibility reasons, you can do one of the following. They are listed in order of more secure to less secure.”

Title: Apple Patches Zero-Day Flaw That Hackers May Have Exploited

Date Published: July 27, 2021

https://www.cyberscoop.com/apple-zero-day-nso-group-big-sur-ios/

Excerpt: “The patch comes mere days after another update that tackled 40 vulnerabilities. The latest software update comes in the wake of reports that the Israeli spyware firm NSO Group had developed a hacking tool that helps its customers remotely compromise iOS systems. Whether the patch address those technical issues was not immediately clear. Apple did not immediately respond to a request for comment.”

Title: Several Bugs Found in 3 Open-Source Software Used by Several Businesses

Date Published: July 26, 2021

https://thehackernews.com/2021/07/several-bugs-found-in-3-open-source.html

Excerpt: “Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks. All the security flaws in question, which impact EspoCRM v6.1.6, Pimcore Customer Data Framework v3.0.0, Pimcore AdminBundle v6.8.0, and Akaunting v2.1.12, were fixed within a day of responsible disclosure, researchers Wiktor Sedkowski of Nokia and Trevor Christiansen of Rapid7 noted. Six of the nine flaws were uncovered in the Akaunting project.”

Title: DIVD Discloses Three New Unpatched Kaseya Unitrends Zero-Days

Date Published: July 27, 2021

https://securityaffairs.co/wordpress/120591/security/kaseya-unitrends-zero-days.html

Excerpt: “According to the DIVD public advisory, the zero-day vulnerabilities impact Kaseya Unitrends versions prior to 10.5.2. The advisory recommends customers use the flawed solution to avoid exposing the service online running on default ports. “A DIVD researcher has identified several vulnerabilities in the Kaseya Unitrends backup product version < 10.5.2.” reads the advisory. “Do not expose this service or the clients (running default on ports 80, 443, 1743, 1745) directly to the internet until Kaseya has patched these vulnerabilities,” reads DIVD’s advisory.”

Title: Hackers Turning to ‘Exotic’ Programming Languages for Malware Development

Date Published: July 27, 2021

https://thehackernews.com/2021/07/hackers-turning-to-exotic-programming.html

Excerpt: “Noting that binaries written in these languages can appear more complex, convoluted, and tedious when disassembled, the researchers said the pivot adds additional layers of obfuscation, simply by virtue of them being relatively new, leading to a scenario where older malware developed using traditional languages like C++ and C# are being actively retooled with droppers and loaders written in uncommon alternatives to evade detection by endpoint security systems.”

Title: Microsoft Teams Now Automatically Blocks Phishing Attempts

Date Published: July 27, 2021

https://www.bleepingcomputer.com/news/security/microsoft-teams-now-automatically-blocks-phishing-attempts/

Excerpt: “Safe Links in Defender for Office 365 scans URLs at the time of click to ensure that users are protected with the latest intelligence from Microsoft Defender.” The new Safe Links protection is now generally available to all Teams users, and it works for links in conversations, group chats, and Teams channels. Since there is no Safe Links policy enabled by default, you will have to create one or more policies to get the protection of Safe Links in Microsoft Teams.”

Title: SSD Belonging to Euro-Cloud Scaleway Was Stolen From Back of a Truck, Then Turned up on Youtube

Date Published: July 27, 2021

https://www.theregister.com/2021/07/27/stolen_scaleway_ssd_recovered/

Excerpt: “The CEO says recovering the disk has helped authorities to advance their investigations into the heist, and meant the company felt able to disclose the theft. The cloudy company has since revisited its data transfer policies, and now ships disks in sealed cases equipped with GPS trackers. Obviously it has no desire to have to explain such an improbable security story – for any incident of any origin – ever again.”

Title: Accused CIA Leaker Joshua Schulte Allowed to Represent Himself at Next Vault 7 Trial

Date Published: July 26, 2021

https://www.cyberscoop.com/joshua-schulte-vault7-trial-cia/

Excerpt: “Schulte is scheduled to stand trial again in October 2021, marking the second time he will face espionage-related charges for allegedly stealing details about U.S. hacking tools from the CIA, then transmitting that data to WikiLeaks. The result, prosecutors say, was the 2017 publication of the so-called Vault 7 files, a cache of data revealing the agency’s ability to compromise consumer technology like smart TVs and web browsers for espionage purposes.”

Title: Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn

Date Published: July 26, 2021

https://threatpost.com/babuk-ransomware-gang-ransomed-forum-stuffed-porn/168169/

Excerpt: “The Babuk ransomware gang’s new rebrand isn’t going so well. It seems the cybercriminal group has been a victim of a ransomware attack of its own. Babuk’s latest endeavor, a Dark Web ransomware forum called RAMP, was crippled by a spammer over the weekend who overloaded the site with same-sex pornographic GIFs, according to Recorded Future. The attacker told Babuk they wanted $5,000. Babuk told them to pound sand, refused to pay and deleted the original post. But even after wiping the forum several times, Recorded Future said the attacker was still able to bombard the forum with pornographic GIFs.”

Title: Report: Online Retail Fraud in the Criminal Underground

Date Published: July 27, 2021

https://go.recordedfuture.com/hubfs/reports/cta-2021-0726.pdf

Excerpt: “Online retail fraud is a persistent, multifaceted threat to businesses of all sizes and their customers and is likely to persist for the foreseeable future as consumers engage more with online retailers and shop more online versus at traditional “brick and mortar” stores. Also called e-commerce fraud, online retail fraud is the act of committing some form of fraud, such as a fraudulent transaction, on a web-based retail platform. Generally, cybercriminals will use stolen payment or account information to conduct these transactions. Some elements of online retail fraud also involve social engineering schemes that look to defraud a retail platform directly, as in the case with refunding scams against one’s customer service branch, or a third party, such as interception fraud or scams that target shipping companies.”

Recent Posts

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...