OSN August 19, 2021

Fortify Security Team
Aug 19, 2021

Title: The PrintNightmare Continues: Another Zero-Day in Print Spooler Awaits Patch (CVE-2021-36958)
Date Published: August 19, 2021


Excerpt: “The situation began in June with CVE-2021-1675 and quickly spiraled out to encompass more than half a dozen vulnerabilities with rumors of more to come. There was confusion when researchers published a proof-of-concept (PoC) called “PrintNightmare,” stating it was for CVE-2021-1675 when it was actually a distinct vulnerability. That vulnerability, the real PrintNightmare, later received the CVE identifier CVE-2021-34527 and an out-of-band patch. Both vulnerabilities are remote code execution flaws (RCE) and have since been exploited in the wild by ransomware groups like Magniber and Vice Society.”

Title: Top 7 AWS Security Vulnerabilities Based on Real-World Tests
Date Published: August 19, 2021


Excerpt: “As my last research shows, public buckets are still a problem. During our assessments, we often find publicly readable buckets, sometimes even writable. It means that an anonymous user can read stored data and in the worst-case scenario — overwrite it (which is equivalent to deleting it, if Versioning is disabled) or host malicious content using our bucket. If the bucket is hosting static content, then having write privilege gives an option to change anything inside and for example inject XSS.”

Title: Ransomware: This Amateur Attack Shows How Clueless Criminals Are Trying to Get in on the Action
Date Published: August 19, 2021


Excerpt: “DemonWare ransomware – also known as Black Kingdom and DEMON – is one of the least sophisticated forms of ransomware around, but that hasn’t stopped cyber criminals trying to use it. In this instance, the attacker uses LinkedIn and other publicly available information to identify targets and reaches out to them by email, asking if they want to install DemonWare ransomware on the network in exchange for a million dollars – a 40% cut of a $2.5 million ransom.”

Title: Threat Actors Hacked U.S. Census Bureau in 2020 by Exploiting a Citrix Flaw
Date Published: August 19, 2021


Excerpt: “During the attack on the remote-access servers, the Bureau’s firewalls blocked13 the attacker’s attempts to communicate from the remote-access servers to its command and control infrastructure as early as January 13, 2020. However, the Bureau was not aware that the servers had been compromised until January 28, 2020, more than 2 weeks later. We found that this delay occurred because, at the time of the incident, the Bureau was not using a security information and event management tool (SIEM)14 to proactively alert incident responders of suspicious network traffic.”

Title: Cisco Won’t Fix Zero-Day Rce Vulnerability in End-Of-Life VPN Routers
Date Published: August 19, 2021


Excerpt: “According to an announcement on Cisco’s website, the last day these RV Series routers were available for order was December 2, 2019. The company asks customers who are still using these router models to migrate to newer Cisco Small Business RV132W, RV160, or RV160W Routers that still receive security updates. Additionally, Cisco says that its Product Security Incident Response Team (PSIRT) is not aware of any public proof-of-concept exploits for this zero-day or any threat actors exploiting the bug in the wild.”

Title: Citizen Lab Finds Apple’s China Censorship Process Bleeds Into Hong Kong and Taiwan
Date Published: August 19, 2021


Excerpt: “Although the National Security Law took effect in Hong Kong last year, which can potentially be used to mandate entities and individuals to remove political content, freedom of expression is legally protected in the region under the city’s Basic Law and the Bill of Rights. Create a free account and access 40+ always-free products with no time limit. Plus, get a $200 account credit to use on any product in the IBM Cloud catalog. Beyond Apple double-dipping China’s filtering practices in Hong Kong and Taiwan, the iPhone maker at times also made arbitrary blocks. In one case, Citizen Lab said Apple censored ten Chinese names surname Zhang with generally unclear significance, although it said the names were also on a list used to censor products from a Chinese company.”

Title: Data Breach From Contact Tracing Survey ‘Low Risk’ to Hoosier Privacy, 750,000 Affected
Date Published: August 17, 2021


Excerpt: “he Indiana Department of Health announced Tuesday it is notifying nearly 750,000 Hoosiers that data from the state’s COVID-19 online contact tracing survey was improperly accessed back in July. The data included name, address, email, gender, ethnicity and race, and date of birth. “We believe the risk to Hoosiers whose information was accessed is low. We do not collect Social Security information as a part of our contact tracing program, and no medical information was obtained,” said State Health Commissioner Kris Box, M.D., FACOG. “We will provide appropriate protections for anyone impacted”.”

Title: U.S. Hospitals Divert Care After Cyber-Attack
Date Published: August 18, 2021


Excerpt: “We have reached a negotiated solution and are beginning the process that will restore operations as quickly and as safely as possible,” said Memorial Health System president and CEO Scott Cantley.  “We are following a deliberate, systematic approach to bring systems back online securely and in a manner that prioritizes our ability to provide patient care.” Cantley did not state whether the negotiations involved the health system’s agreeing to pay a ransom to the attackers but added that IT systems could be back online as early as Sunday.”

Title: Microsoft Begins Final Phase of Internet Explorer’s Demise
Date Published: August 18, 2021


Excerpt: “Yesterday, Microsoft began its next phase of Internet Explorer’s demise by no longer supporting Microsoft 365. “Support is now unavailable for Microsoft 365 apps and services on IE11. Additionally, you should expect no new features when accessing Microsoft 365 apps and services on IE11 and that the daily usage experience for users could get progressively worse over time until the apps and services are disconnected,” explained Microsoft in an updated blog post. “Banners will be used to communicate and alert users to upcoming changes in experience, such as app or service disconnection and/or redirection”.”

Title: Supply Chain Attacks Are Closing in on MSPS
Date Published: August 18, 2021


Excerpt: “Essentially, compromising a software vendor allows damage to cascade down the supply chain to another supplier– a consequence sometimes known as the “waterfall effect” – to increase collateral damage against multiple targets. “We all rely on the software supply chain,” he said. “We’re building tools and systems based on it. We’re trusting it. We’re hoping that people in the supply chain…are doing things to help everyone else in the supply chain. Because, if they don’t, everything we do is potentially vulnerable”.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...