OSN August 26, 2021

Fortify Security Team
Aug 26, 2021

Title: Microsoft Breaks Silence on Barrage of ProxyShell Attacks

Date Published: August 26, 2021


Excerpt: “The company released an advisory late Wednesday letting customers know that threat actors may use unpatched Exchange servers “to deploy ransomware or conduct other post-exploitation activities” and urging them to update immediately. “Our recommendation, as always, is to install the latest CU and SU on all your Exchange servers to ensure that you are protected against the latest threats,” the company said. “Please update now!” Infosec Insiders NewsletterCustomers that have installed the May 2021 security updates or the July 2021 security updates on their Exchange servers are protected from these vulnerabilities, as are Exchange Online customers so long as they ensure that all hybrid Exchange servers are updated, the company wrote.”

Title: Nearly 73,500 Patients’ Data Affected in Ransomware Attack on EYE Clinic in S’pore

Date Published: August 26, 2021


Excerpt: “The clinic said in a statement that it uses “reputable and established external IT service providers to advise on and maintain its IT systems, and subscribes to appropriate anti-virus and other protective software, which is regularly updated”. ERS added that its IT system has been restored securely, and its IT providers have completed a thorough check of the clinic’s system, reformatted servers and run anti-virus scans on all computer terminals.”

Title: F5 Releases Critical Security Patches for BIG-IP and BIG-IQ Devices

Date Published: August 26, 2021


Excerpt: “”When this vulnerability is exploited, an authenticated attacker with access to the Configuration utility can execute arbitrary system commands, create or delete files, and/or disable services. This vulnerability may result in complete system compromise,” F5 said in its advisory. It’s worth noting that for customers running the device in Appliance Mode, which applies additional technical restrictions in sensitive sectors, the same vulnerability comes with a critical rating of 9.9 out of 10. “As this attack is conducted by legitimate, authenticated users, there is no viable mitigation that also allows users access to the Configuration utility. The only mitigation is to remove access for users who are not completely trusted,” the company said.”

Title: Cybersecurity Warning: Realtek Flaw Exposes Dozens of Brands to Supply Chain Attacks

Date Published: August 26, 2021


Excerpt: “While Mirai poses some threat to information stored on devices such as routers, the greater damage is caused by high-powered distributed denial of service (DDoS) attacks on websites using compromised devices. In 2016, Mirai was used to launch the world’s biggest DDoS attack on Dyn — a domain name service (DNS) provider that matches website names with numerical internet addresses. Oracle acquired the firm shortly after the Mirai attack. Researchers at IoT Inspector found a bug within the Realtek RTL819xD module that allows hackers to gain “complete access to the device, installed operating systems and other network devices”. The firm identified multiple vulnerabilities within the SDK.”

Title: “Sophisticated” Cyber-Attack Compromises Patient Data at Private Health Clinic

Date Published: August 26, 2021


Excerpt: “In a press release, Eye & Retina Surgeons revealed the attack took place on 6 August, compromising sensitive data including patients’ names, addresses, ID card numbers, contact details and clinical information. However, no credit card or bank account details were accessed or compromised in the incident. “Patients are now being progressively informed of this cyber-incident,” the release stated. The clinic confirmed that the attack impacted servers and several computer terminals at its branch in Camden medical, although none of its other branches were unaffected. Thankfully, none of the eye specialist’s clinical operations were affected, and its IT systems are now securely restored.”

Title: Unpatched Microsoft Exchange Servers Hit With Proxyshell Attack

Date Published: August 26, 2021


Excerpt: “Cybersecurity firm Huntress reportedly has discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers. Researchers noticed that the ProxyShell vulnerabilities are being exploited by different attackers, aiming to compromise MS Exchange servers across the globe. The researchers further noted that the ProxyShell vulnerabilities were exploited actively throughout August while threat actors tried to install backdoor access after exploiting the ProxyShell code. The surge in these attacks was noticed from Friday night onwards.”

Title: VMware Issues Patches to Fix New Flaws Affecting Multiple Products

Date Published: August 26, 2021


Excerpt: “Separately, VMware has also issued patches to remediate a cross-site scripting (XSS) vulnerability impacting VMware vRealize Log Insight and VMware Cloud Foundation that stems from a case of improper user input validation, enabling an adversary with user privileges to inject malicious payloads via the Log Insight UI that’s executed when a victim accesses the shared dashboard link. The flaw, which has been assigned the identifier CVE-2021-22021, has been rated 6.5 for severity on the CVSS scoring system. Marcin Kot of Prevenity and Tran Viet Quang of Vantage Point Security have been credited for independently discovering and reporting the vulnerability.”

Title: U.S. Gives Huawei License Approval to Buy Automotive Chips: Report

Date Published: August 26, 2021


Excerpt: “Despite Huawei repeatedly denying the allegations, Australia, Sweden, the UK, among other countries have banned the networking equipment giant from their 5G networks. All of Canada’s major telcos have also gone elsewhere for their 5G rollouts and, although not officially banned, Huawei has not made any inroads in New Zealand after GCSB prevented Spark from using Huawei kit in November 2018. In the face of these restrictions, Huawei reported a steep decline in its first-half revenue for 2021, with its business to the end of June reporting 320 billion yuan in sales, compared to 454 billion yuan at this time last year.”

Title: Vulnerability Allowed Hackers to Tamper Medication in Infusion Pump

Date Published: August 26, 2021


Excerpt: “McAfee researchers revealed in their report that an attacker could exploit the flaw to change the way a pump is configured in standby mode, which can easily administer altered doses of medication to patients. It happens because the pump’s operating system doesn’t check from where and whom it is receiving the command. Hence, hackers could remotely exploit the device by gaining access to its internal system that regulates how a patient receives medication.”

Title: U.S. Federal Jury Unanimously Finds Vade Secure Willfully Misappropriated Proofpoint Trade Secrets and Infringed Proofpoint Copyrights

Date Published: August 24, 2021


Excerpt: “The verdict is the culmination of one week of jury deliberations following a three-week trial during which Proofpoint presented evidence of Vade’s theft and use of Proofpoint’s confidential and proprietary information and source code. Proofpoint successfully demonstrated to the eight jurors that Vade unlawfully took, copied, and used Proofpoint’s trade secrets and copyrighted source code as part of several Vade products, including Vade for Microsoft 365, Email Content Filter, Vade Cloud, and Vade MTA Builder. Vade’s Chief Technology Officer, Olivier Lemarié, was also found individually liable for trade secret misappropriation, copyright infringement, and breach of his employment agreement with Cloudmark, where he worked before joining Vade in 2017.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...