OSN August 26, 2021

Fortify Security Team
Aug 26, 2021

Title: Microsoft Breaks Silence on Barrage of ProxyShell Attacks

Date Published: August 26, 2021

https://threatpost.com/microsoft-barrage-proxyshell-attacks/168943/

Excerpt: “The company released an advisory late Wednesday letting customers know that threat actors may use unpatched Exchange servers “to deploy ransomware or conduct other post-exploitation activities” and urging them to update immediately. “Our recommendation, as always, is to install the latest CU and SU on all your Exchange servers to ensure that you are protected against the latest threats,” the company said. “Please update now!” Infosec Insiders NewsletterCustomers that have installed the May 2021 security updates or the July 2021 security updates on their Exchange servers are protected from these vulnerabilities, as are Exchange Online customers so long as they ensure that all hybrid Exchange servers are updated, the company wrote.”

Title: Nearly 73,500 Patients’ Data Affected in Ransomware Attack on EYE Clinic in S’pore

Date Published: August 26, 2021

https://www.straitstimes.com/tech/tech-news/nearly-73500-patients-data-affected-in-ransomware-attack-on-eye-clinic-in-spore

Excerpt: “The clinic said in a statement that it uses “reputable and established external IT service providers to advise on and maintain its IT systems, and subscribes to appropriate anti-virus and other protective software, which is regularly updated”. ERS added that its IT system has been restored securely, and its IT providers have completed a thorough check of the clinic’s system, reformatted servers and run anti-virus scans on all computer terminals.”

Title: F5 Releases Critical Security Patches for BIG-IP and BIG-IQ Devices

Date Published: August 26, 2021

https://thehackernews.com/2021/08/f5-releases-critical-security-patches.html

Excerpt: “”When this vulnerability is exploited, an authenticated attacker with access to the Configuration utility can execute arbitrary system commands, create or delete files, and/or disable services. This vulnerability may result in complete system compromise,” F5 said in its advisory. It’s worth noting that for customers running the device in Appliance Mode, which applies additional technical restrictions in sensitive sectors, the same vulnerability comes with a critical rating of 9.9 out of 10. “As this attack is conducted by legitimate, authenticated users, there is no viable mitigation that also allows users access to the Configuration utility. The only mitigation is to remove access for users who are not completely trusted,” the company said.”

Title: Cybersecurity Warning: Realtek Flaw Exposes Dozens of Brands to Supply Chain Attacks

Date Published: August 26, 2021

https://www.zdnet.com/article/realtek-hardware-bugs-expose-dozens-of-brands-to-supply-chain-cyber-attack/

Excerpt: “While Mirai poses some threat to information stored on devices such as routers, the greater damage is caused by high-powered distributed denial of service (DDoS) attacks on websites using compromised devices. In 2016, Mirai was used to launch the world’s biggest DDoS attack on Dyn — a domain name service (DNS) provider that matches website names with numerical internet addresses. Oracle acquired the firm shortly after the Mirai attack. Researchers at IoT Inspector found a bug within the Realtek RTL819xD module that allows hackers to gain “complete access to the device, installed operating systems and other network devices”. The firm identified multiple vulnerabilities within the SDK.”

Title: “Sophisticated” Cyber-Attack Compromises Patient Data at Private Health Clinic

Date Published: August 26, 2021

https://www.infosecurity-magazine.com/news/cyber-attack-compromises-patient/

Excerpt: “In a press release, Eye & Retina Surgeons revealed the attack took place on 6 August, compromising sensitive data including patients’ names, addresses, ID card numbers, contact details and clinical information. However, no credit card or bank account details were accessed or compromised in the incident. “Patients are now being progressively informed of this cyber-incident,” the release stated. The clinic confirmed that the attack impacted servers and several computer terminals at its branch in Camden medical, although none of its other branches were unaffected. Thankfully, none of the eye specialist’s clinical operations were affected, and its IT systems are now securely restored.”

Title: Unpatched Microsoft Exchange Servers Hit With Proxyshell Attack

Date Published: August 26, 2021

https://www.hackread.com/unpatched-microsoft-exchange-servers-proxyshell-attack/

Excerpt: “Cybersecurity firm Huntress reportedly has discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers. Researchers noticed that the ProxyShell vulnerabilities are being exploited by different attackers, aiming to compromise MS Exchange servers across the globe. The researchers further noted that the ProxyShell vulnerabilities were exploited actively throughout August while threat actors tried to install backdoor access after exploiting the ProxyShell code. The surge in these attacks was noticed from Friday night onwards.”

Title: VMware Issues Patches to Fix New Flaws Affecting Multiple Products

Date Published: August 26, 2021

https://thehackernews.com/2021/08/vmware-issues-patches-to-fix-new-flaws.html

Excerpt: “Separately, VMware has also issued patches to remediate a cross-site scripting (XSS) vulnerability impacting VMware vRealize Log Insight and VMware Cloud Foundation that stems from a case of improper user input validation, enabling an adversary with user privileges to inject malicious payloads via the Log Insight UI that’s executed when a victim accesses the shared dashboard link. The flaw, which has been assigned the identifier CVE-2021-22021, has been rated 6.5 for severity on the CVSS scoring system. Marcin Kot of Prevenity and Tran Viet Quang of Vantage Point Security have been credited for independently discovering and reporting the vulnerability.”

Title: U.S. Gives Huawei License Approval to Buy Automotive Chips: Report

Date Published: August 26, 2021

https://www.zdnet.com/article/us-gives-huawei-licence-approval-to-buy-automotive-chips-report/

Excerpt: “Despite Huawei repeatedly denying the allegations, Australia, Sweden, the UK, among other countries have banned the networking equipment giant from their 5G networks. All of Canada’s major telcos have also gone elsewhere for their 5G rollouts and, although not officially banned, Huawei has not made any inroads in New Zealand after GCSB prevented Spark from using Huawei kit in November 2018. In the face of these restrictions, Huawei reported a steep decline in its first-half revenue for 2021, with its business to the end of June reporting 320 billion yuan in sales, compared to 454 billion yuan at this time last year.”

Title: Vulnerability Allowed Hackers to Tamper Medication in Infusion Pump

Date Published: August 26, 2021

https://www.hackread.com/vulnerability-hackers-infusion-pump-tamper-medication/

Excerpt: “McAfee researchers revealed in their report that an attacker could exploit the flaw to change the way a pump is configured in standby mode, which can easily administer altered doses of medication to patients. It happens because the pump’s operating system doesn’t check from where and whom it is receiving the command. Hence, hackers could remotely exploit the device by gaining access to its internal system that regulates how a patient receives medication.”

Title: U.S. Federal Jury Unanimously Finds Vade Secure Willfully Misappropriated Proofpoint Trade Secrets and Infringed Proofpoint Copyrights

Date Published: August 24, 2021

https://www.proofpoint.com/us/newsroom/press-releases/us-federal-jury-unanimously-finds-vade-secure-willfully-misappropriated

Excerpt: “The verdict is the culmination of one week of jury deliberations following a three-week trial during which Proofpoint presented evidence of Vade’s theft and use of Proofpoint’s confidential and proprietary information and source code. Proofpoint successfully demonstrated to the eight jurors that Vade unlawfully took, copied, and used Proofpoint’s trade secrets and copyrighted source code as part of several Vade products, including Vade for Microsoft 365, Email Content Filter, Vade Cloud, and Vade MTA Builder. Vade’s Chief Technology Officer, Olivier Lemarié, was also found individually liable for trade secret misappropriation, copyright infringement, and breach of his employment agreement with Cloudmark, where he worked before joining Vade in 2017.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...