OSN August 19, 2021

Fortify Security Team
Aug 19, 2021

Title: The PrintNightmare Continues: Another Zero-Day in Print Spooler Awaits Patch (CVE-2021-36958)
Date Published: August 19, 2021


Excerpt: “The situation began in June with CVE-2021-1675 and quickly spiraled out to encompass more than half a dozen vulnerabilities with rumors of more to come. There was confusion when researchers published a proof-of-concept (PoC) called “PrintNightmare,” stating it was for CVE-2021-1675 when it was actually a distinct vulnerability. That vulnerability, the real PrintNightmare, later received the CVE identifier CVE-2021-34527 and an out-of-band patch. Both vulnerabilities are remote code execution flaws (RCE) and have since been exploited in the wild by ransomware groups like Magniber and Vice Society.”

Title: Top 7 AWS Security Vulnerabilities Based on Real-World Tests
Date Published: August 19, 2021


Excerpt: “As my last research shows, public buckets are still a problem. During our assessments, we often find publicly readable buckets, sometimes even writable. It means that an anonymous user can read stored data and in the worst-case scenario — overwrite it (which is equivalent to deleting it, if Versioning is disabled) or host malicious content using our bucket. If the bucket is hosting static content, then having write privilege gives an option to change anything inside and for example inject XSS.”

Title: Ransomware: This Amateur Attack Shows How Clueless Criminals Are Trying to Get in on the Action
Date Published: August 19, 2021


Excerpt: “DemonWare ransomware – also known as Black Kingdom and DEMON – is one of the least sophisticated forms of ransomware around, but that hasn’t stopped cyber criminals trying to use it. In this instance, the attacker uses LinkedIn and other publicly available information to identify targets and reaches out to them by email, asking if they want to install DemonWare ransomware on the network in exchange for a million dollars – a 40% cut of a $2.5 million ransom.”

Title: Threat Actors Hacked U.S. Census Bureau in 2020 by Exploiting a Citrix Flaw
Date Published: August 19, 2021


Excerpt: “During the attack on the remote-access servers, the Bureau’s firewalls blocked13 the attacker’s attempts to communicate from the remote-access servers to its command and control infrastructure as early as January 13, 2020. However, the Bureau was not aware that the servers had been compromised until January 28, 2020, more than 2 weeks later. We found that this delay occurred because, at the time of the incident, the Bureau was not using a security information and event management tool (SIEM)14 to proactively alert incident responders of suspicious network traffic.”

Title: Cisco Won’t Fix Zero-Day Rce Vulnerability in End-Of-Life VPN Routers
Date Published: August 19, 2021


Excerpt: “According to an announcement on Cisco’s website, the last day these RV Series routers were available for order was December 2, 2019. The company asks customers who are still using these router models to migrate to newer Cisco Small Business RV132W, RV160, or RV160W Routers that still receive security updates. Additionally, Cisco says that its Product Security Incident Response Team (PSIRT) is not aware of any public proof-of-concept exploits for this zero-day or any threat actors exploiting the bug in the wild.”

Title: Citizen Lab Finds Apple’s China Censorship Process Bleeds Into Hong Kong and Taiwan
Date Published: August 19, 2021


Excerpt: “Although the National Security Law took effect in Hong Kong last year, which can potentially be used to mandate entities and individuals to remove political content, freedom of expression is legally protected in the region under the city’s Basic Law and the Bill of Rights. Create a free account and access 40+ always-free products with no time limit. Plus, get a $200 account credit to use on any product in the IBM Cloud catalog. Beyond Apple double-dipping China’s filtering practices in Hong Kong and Taiwan, the iPhone maker at times also made arbitrary blocks. In one case, Citizen Lab said Apple censored ten Chinese names surname Zhang with generally unclear significance, although it said the names were also on a list used to censor products from a Chinese company.”

Title: Data Breach From Contact Tracing Survey ‘Low Risk’ to Hoosier Privacy, 750,000 Affected
Date Published: August 17, 2021


Excerpt: “he Indiana Department of Health announced Tuesday it is notifying nearly 750,000 Hoosiers that data from the state’s COVID-19 online contact tracing survey was improperly accessed back in July. The data included name, address, email, gender, ethnicity and race, and date of birth. “We believe the risk to Hoosiers whose information was accessed is low. We do not collect Social Security information as a part of our contact tracing program, and no medical information was obtained,” said State Health Commissioner Kris Box, M.D., FACOG. “We will provide appropriate protections for anyone impacted”.”

Title: U.S. Hospitals Divert Care After Cyber-Attack
Date Published: August 18, 2021


Excerpt: “We have reached a negotiated solution and are beginning the process that will restore operations as quickly and as safely as possible,” said Memorial Health System president and CEO Scott Cantley.  “We are following a deliberate, systematic approach to bring systems back online securely and in a manner that prioritizes our ability to provide patient care.” Cantley did not state whether the negotiations involved the health system’s agreeing to pay a ransom to the attackers but added that IT systems could be back online as early as Sunday.”

Title: Microsoft Begins Final Phase of Internet Explorer’s Demise
Date Published: August 18, 2021


Excerpt: “Yesterday, Microsoft began its next phase of Internet Explorer’s demise by no longer supporting Microsoft 365. “Support is now unavailable for Microsoft 365 apps and services on IE11. Additionally, you should expect no new features when accessing Microsoft 365 apps and services on IE11 and that the daily usage experience for users could get progressively worse over time until the apps and services are disconnected,” explained Microsoft in an updated blog post. “Banners will be used to communicate and alert users to upcoming changes in experience, such as app or service disconnection and/or redirection”.”

Title: Supply Chain Attacks Are Closing in on MSPS
Date Published: August 18, 2021


Excerpt: “Essentially, compromising a software vendor allows damage to cascade down the supply chain to another supplier– a consequence sometimes known as the “waterfall effect” – to increase collateral damage against multiple targets. “We all rely on the software supply chain,” he said. “We’re building tools and systems based on it. We’re trusting it. We’re hoping that people in the supply chain…are doing things to help everyone else in the supply chain. Because, if they don’t, everything we do is potentially vulnerable”.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...