OSN August 18, 2021

Fortify Security Team
Aug 18, 2021

Title: Critical Bug Could Allow Remote Snooping Via Millions of Devices
Date Published: August 18, 2021


Excerpt: “It affects devices using the “Kalay” platform from Taiwanese firm ThroughTek, which makes software for OEMs to use in IP cameras, baby and pet monitoring cameras, digital video recorders (DVRs) and more. That said, exploitation is far from easy. “An attacker would require comprehensive knowledge of the Kalay protocol and the ability to generate and send messages. The attacker would also need to obtain Kalay UIDs through social engineering or other vulnerabilities in APIs or services that return Kalay UIDs.”

Title: Phishing Costs Surge to $15m Annually for US Organizations
Date Published: August 17, 2021


Excerpt: “t revealed that the average large US organization loses $14.8m per year to phishing-related cybercrime, up from $3.8m in 2015 and calculated at $1500 per employee. Phishing for credentials is a common starting point for ransomware and Business Email Compromise (BEC). The study claimed that ransomware costs large organizations $5.7m annually, while BEC accounts for $6m. According to Proofpoint, the cost of resolving malware infections has doubled since 2015, from $338,098 to $807,506.”

Title: NK Hackers Deploy Browser Exploits on South Korean Sites to Spread Malware
Date Published: August 18, 2021


Excerpt: “A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise (SWC) targeting a South Korean online newspaper. Cybersecurity firm Volexity attributed the attacks to a threat actor it tracks as InkySquid, and more widely known by the monikers ScarCruft and APT37. Daily NK, the publication in question, is said to have hosted the malicious code from at least late March 2021 until early June 2021.”

Title: Critical Vulnerability in Seopress WordPress Plugin Allows Hacking 100,000 WordPress Websites
Date Published: August 18, 2021


Excerpt: “Cybersecurity specialists report the detection of a cross-site scripting (XSS) vulnerability in SEOPress, a popular plugin for search engine optimization (SEO), allowing webmasters to manage SEO metadata, social media cards, Google Ads settings and other useful features. Currently this plugin has more than 100 thousand active installations, so this report should be taken seriously. Tracked as CVE-2021–34641, the vulnerability allows any authenticated user (including subscribers) to call the REST path with a valid nonce and update the SEO title and description for any post: “Any authenticated user can generate a valid REST-API nonce using the WordPress core rest-nonce AJAX action.”

Title: Blackberry’s Popular Operating System for Medical Devices Affected by Critical Vulnerabilities, Drawing Fed Warnings
Date Published: August 17, 2021


Excerpt: “These vulnerabilities may introduce risks for certain medical devices, as well as pharmaceutical or medical device manufacturing equipment,” the Food and Drug Administration said in an advisory Tuesday, adding that it was working with other federal agencies and the private sector to mitigate the risk. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency also urged BlackBerry users to update their software because a compromise of certain infrastructure running the code “could result in a malicious actor gaining control of highly sensitive systems”.”

Title: Half of U.S. Hospitals Shut Down Networks Due to Ransomware
Date Published: August 16, 2021


Excerpt: “Nearly half (48%) of US hospitals have disconnected their networks in the past six months due to ransomware, according to a new study from Philips and CyberMDX. The Perspectives in Healthcare Security Report is based on interviews with 130 IT and cybersecurity hospital executives and biomedical engineers and technicians. The findings revealed the outsized impact ransomware continues to have on healthcare organizations (HCOs) after they battled a surge in attacks during the early months of the pandemic. Respondents who admitted to shutting down networks due to ransomware were a mix of those who did so proactively to avoid a damaging breach and those forced to do so because of severe malware infection.”

Title: Microsoft’s Printnightmare Continues, Shrugs off Patch Tuesday Fixes
Date Published: August 12, 2021


Excerpt: “At the beginning of July, Microsoft issued a set of out-of-band patches to fix this Windows Print Spooler RCE vulnerability. Soon enough, several researchers figured out that local privilege escalation (LPE) still worked. This means that threat actors and already active malware can still exploit the vulnerability to gain SYSTEM privileges. In a demo, Benjamin Delpy showed that the update failed to fix vulnerable systems that use certain settings for a feature called Point and Print, which makes it easier for network users to obtain the printer drivers they need.”

Title: Microsoft Touts Role in Meeting Biden’s Order to Fend off Major Hacks on the U.S.
Date Published: August 18, 2021


Excerpt: “Microsoft has previously identified five scenarios where zero trust can help agencies meet Biden’s order, including endpoint detection and response, multi-factor authentication, and continuous monitoring. Download this report and get to know the risks associated with mobile threats, real world examples and learn how to protect your network through the top six mobile security best practices. Azure Active Directory is central to Microsoft’s plans for most of the five scenarios, which includes SaaS applications, legacy applications, protecting remote server administration tools, and cloud segmentation.”

Title: Chase Bank Accidentally Leaked Customer Info to Other Customers
Date Published: August 17, 2021


Excerpt: “The issue is believed to have lasted between May 24th and July 14th this year, and impacted both online banking and Chase Mobile app customers who shared similar information. In a copy of the data incident notice seen by BleepingComputer, shown below, Chase blamed a “technical issue” for this mishap. “We learned of a technical issue here that may have mistakenly allowed another customer with similar personal information to see your account information on chase.com or in the Chase Mobile app, or receive your account statements,” states the notice.”

Title: Analysts “strongly believe” the Russian state colludes with ransomware gangs
Date Published: August 17, 2021


Excerpt: “We have the smoke, the smell of gunpowder and a bullet casing. But we do not have the gun to link the activity to the Kremlin.” This is what Jon DiMaggio, Chief Security Strategist for Analyst1, said in an interview with CBS News following the release of its latest whitepaper, entitled “Nation State Ransomware“. The whitepaper is Analyst1’s attempt to identify the depth of human relationships between the Russian government and the ransomware threat groups based in Russia. “We wanted to have that, but we believe after conducting extensive research we came as close as possible to proving it based on the information/evidence available today.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...