OSN August 23, 2021

Fortify Security Team
Aug 23, 2021

Title: WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws
Date Published: August 22, 2021

https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html

Excerpt: “Now according to researchers from Huntress Labs, at least five distinct styles of web shells have been observed as deployed to vulnerable Microsoft Exchange servers, with over over 100 incidents reported related to the exploit between August 17 and 18. Web shells grant the attackers remote access to the compromised servers, but it isn’t clear exactly what the goals are or the extent to which all the flaws were used. More than 140 web shells have been detected across no fewer than 1,900 unpatched Exchanger servers to date, Huntress Labs CEO Kyle Hanslovan tweeted, adding “impacted [organizations] thus far include building manufacturing, seafood processors, industrial machinery, auto repair shops, a small residential airport and more”.”

Title: U.S. State Department Was Recently Hit by a Cyber Attack
Date Published: August 21, 2021

https://securityaffairs.co/wordpress/121354/hacking/us-state-department-hit-cyber-attack.html

Excerpt: “The U.S. The State Department was recently hit by a cyber attack, the Department of Defense Cyber Command is notifying impacted individuals, White House Correspondent and fill-in anchor at Fox News Jacqui Heinrich revealed. The reporter also said that the State Department’s ongoing mission to evacuate Americans and allied refugees from Afghanistan has not been affected. The incident was also confirmed by a Reuters’ source, but it added that the attack did not impact the operations of the State Department.”

Title: Google Publishes Zero-Day Vulnerability in Windows Firewall and Appcontainer Affecting Every Version. Patch Not Available
Date Published: August 20, 2021

https://iics.medium.com/google-publishes-zero-day-vulnerability-in-windows-firewall-and-appcontainer-affecting-every-94c85fe4ffdb

Excerpt: “Almost simultaneously with the Project Zero report, Microsoft announced that it would continue to work to address the vulnerability. At the moment it is unknown why the company changed its mind, although more details are expected to be revealed as soon as the flaw is addressed and the security patch is available. While it seems somewhat strange, it’s common practice for Google Project Zero to publicly reveal reports about flaws that Microsoft and other tech companies can’t or choose not to update. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.”

Title: The Mozi IoT Botnet Evolved to Gain Persistence on Netgear, Huawei, and ZTE Gateways
Date Published: August 21, 2021

https://iics.medium.com/the-mozi-iot-botnet-evolved-to-gain-persistence-on-netgear-huawei-and-zte-gateways-ffb28fb3ccd5

Excerpt: “Cybersecurity specialists the detection of a new version of the Mozi that is now capable of manipulating the web traffic of the affected implementations using DNS spoofing techniques and HTTP session hijacking. This criminal operation was detected by security teams, who claim that hackers began targeting Netgear, Huawei and ZTE devices. Mozi was first detected in 2019 by Netlab researchers, reaching around 15,000 infected devices in just a couple months.”

Title: 637 Flaws in Industrial Control System (Ics) Products Were Published in H1 2021
Date Published: August 20, 2021

https://securityaffairs.co/wordpress/121287/ics-scada/ics-flaws-report-h1-2021.html

Excerpt: “The analysis of vulnerabilities disclosed for each vendor revealed that Siemens was the vendor with the most reported vulnerabilities, 146, many of which were disclosed as part of internal research conducted by the Siemens CERT. the other vendors with the highest number of flaws are Schneider Electric (65) and Rockwell Automation (35). A majority of the flaws impact products on the operations management level (historians, OPC servers), followed by the basic control (PLC, RTU), and supervisory control (HMI, SCADA) levels.”

Title: CISA Shares Guidance on How to Prevent Ransomware Data Breaches
Date Published: August 19, 2021

https://www.bleepingcomputer.com/news/security/cisa-shares-guidance-on-how-to-prevent-ransomware-data-breaches/

Excerpt: “The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes. CISA’s fact sheet includes best practices for preventing ransomware attacks and protecting sensitive information from exfiltration attempts. The federal agency issued these recommendations in response to most ransomware gangs using data stolen from their victims’ networks as leverage in ransom negotiations under the threat of publishing the stolen info on dedicated leak sites.”

Title: Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems
Date Published: August 23, 2021

https://thehackernews.com/2021/08/top-15-vulnerabilities-attackers.html

Excerpt: “Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans. That’s according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top threats and vulnerabilities affecting the operating system in the first half of 2021, based on data amassed from honeypots, sensors, and anonymized telemetry. The company, which detected nearly 15 million malware events aimed at Linux-based cloud environments, found coin miners and ransomware to make up 54% of all malware, with web shells accounting for a 29% share.”

Title: New Evidence Shows Strong Connection Between Diavol Ransomware and TrickBot Gang
Date Published: August 23, 2021

https://heimdalsecurity.com/blog/new-evidence-shows-strong-connection-between-diavol-ransomware-and-trickbot-gang/

Excerpt: “Back in July, cybersecurity specialists at Fortinet announced the emergence of a new ransomware group allegedly developed by the creators of the advanced Trojan TrickBot. The new ransomware family is called Diavol and it is believed to have connections to the Wizard Spider threat actor as the researchers discovered a few similarities in the operation mode employed by the malware. Wizard Spider is a Russia-based cybercrime group that uses Trickbot, Ryuk, and Conti ransomware as their primary tools. According to the Fortinet researchers, both Diavol and Conti ransomware gangs used the same command-line parameters for different functions such as logging, encryption, and network scanning.”

Title: Razer Bug Lets You Become a Windows 10 Admin by Plugging in a Mouse
Date Published: August 22, 2021

https://www.bleepingcomputer.com/news/security/razer-bug-lets-you-become-a-windows-10-admin-by-plugging-in-a-mouse/

Excerpt: “Razer claims that their Razer Synapse software is used by over 100 million users worldwide. Security researcher Jonhat discovered a zero-day vulnerability in the plug-and-play Razer Synapse installation that allows users to gain SYSTEM privileges on a Windows device quickly. SYSTEM privileges are the highest user rights available in Windows and allow someone to perform any command on the operating system. Essentially, if a user gains SYSTEM privileges in Windows, they attain complete control over the system and can install whatever they want, including malware. After not receiving a response from Razer, jonhat disclosed the zero-day vulnerability on Twitter yesterday and explained how the bug works with a short video.”

Title: T-Mobile’s Current Data Breach Tally: 54 Million Victims
Date Published: August 20, 2021

https://www.bankinfosecurity.com/blogs/t-mobiles-revised-breach-tally-54-million-victims-p-3089

Excerpt: “T-Mobile’s revising of the number of breach victims upward is not unusual. Often, as investigators continue to probe a breach, they find it’s worse than they initially believed. Sometimes, however, investigators will find that a breach isn’t as bad as it first appeared. Regardless, the responsibility facing an organization that has been breached is to issue timely information that enables victims to best protect themselves – without overwhelming them with micro-updates and triggering “breach fatigue.” But that’s the best-case scenario. Regulations can sometimes require organizations to alert authorities or the public more quickly, perhaps before they’ve had time to assess what really happened.”

Recent Posts

June 30, 2022

Title: Google Blocked Dozens of Domains Used by Hack-For-Hire Groups Date Published: June 30, 2022 https://www.bleepingcomputer.com/news/security/google-blocked-dozens-of-domains-used-by-hack-for-hire-groups/ Excerpt: “Google's Threat Analysis Group (TAG) has blocked...

June 28, 2022

Title: Over 900,000 Kubernetes Instances Found Exposed Online Date Published: June 28, 2022 https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/ Excerpt: “Over 900,000 misconfigured Kubernetes clusters were found...

June 27, 2022

Title: CafePress Fined $500,000 for Breach Affecting 23 Million Users Date Published: June 24, 2022 https://www.bleepingcomputer.com/news/security/cafepress-fined-500-000-for-breach-affecting-23-million-users/ Excerpt: “The U.S. Federal Trade Commission (FTC) has...

June 24, 2022

Title: Scalper Bots out of Control in Israel, Selling State Appointments Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/scalper-bots-out-of-control-in-israel-selling-state-appointments/ Excerpt: “Out-of-control scalper bots have created...

June 23, 2022

Title: New MetaMask Phishing Campaign uses KYC Lures to Steal Passphrases Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/new-metamask-phishing-campaign-uses-kyc-lures-to-steal-passphrases/ Excerpt: “A new phishing campaign is targeting...

June 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage Date Published: June 22, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/ Excerpt: “Microsoft has revealed that this week's...

June 21, 2022

Title: Microsoft 365 Outage Affects Microsoft Teams and Exchange Online Date Published: June 21, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-affects-microsoft-teams-and-exchange-online/ Excerpt: “An ongoing outage affects multiple...