OSN August 5, 2021

Fortify Security Team
Aug 8, 2021

Title: Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms
Date Published: August 4, 2021


Excerpt: “He connected his laptop to the vulnerable AP using the credentials in order to set up a man-in-the-middle architecture to inspect traffic flowing from the router. The iPod touch connected to the rogue Android AP, while the Android AP was also connected to a Wi-Fi card in Supa’s laptop. Meanwhile, a second Wi-Fi card in the laptop was connected to the Nasnos AP, and thanks to IP forwarding, the researcher was able to observe that packets were being sent to the Nasnos router on TCP port 8000 with no authentication or encryption necessary. “After that, I just developed a program that sends the same packets [from the laptop to the router] depending on the action needed,” he said. “This means we are now able to control the bedroom from a laptop. But can we control all bedrooms”?”

Title: Google Expects Delays in Enforcing 2FA for Chrome Extension Devs
Date Published: August 5, 2021


Excerpt: “The end goal of enforcing 2FA on Chrome Web Store devs’ accounts is to prevent threat actors from hijacking them and releasing malicious extension updates.  This is also part of a broader move to secure the Chrome Web Store by ensuring that developers don’t use deceptive installation tactics and spammy or repetitive content, which would lower the overall quality of extensions. Google also wants all users to enable multi-factor authentication by default to block attackers from taking control of their accounts by guessing their passwords or using compromised credentials. “Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured,” Google said in May.”

Title: Telegram for Mac Bug Lets You Save Self-Destructing Messages Forever
Date Published: August 5, 2021


Excerpt: “Researchers have discovered a way for users on Telegram for Mac to keep specific self-destructing messages forever or view them without the sender ever knowing. Telegram offers an optional ‘Secret Chat’ mode that increases the privacy of chats by enabling a variety of additional features. When you start a Secret Chat with another Telegram user, the connection will become end-to-end encrypted, and all messages, attachments, and media will be set to automatically self-destruct and be removed from all devices after a certain period.”

Title: Facebook Stops NYU  Researchers From Examining Misinformation, Is Criticized for ‘Silencing’ Transparency Efforts
Date Published: August 5, 2021


Excerpt: “The researchers argue that the social media giant shut down their access because their research, which has focused on misleading political advertisements and vaccine misinformation, has drawn negative attention to the company. The shutdown builds on years of tension between researchers and the platform. Researchers argue that they deserve special exemptions from Facebook’s policies banning the automatic collection of data from the platform because it holds valuable insights into how the company influences democracy and social issues in the U.S.”

Title: Multiple Vulnerabilities in Cisco Products
Date Published: August 4, 2021


Excerpt: “The vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to execute arbitrary code, cause a denial of service (DoS) condition and execute arbitrary commands [2]. Moreover, a vulnerability in Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device [3].”

Title: Newly Discovered Cobalt Strike Bugs Could Allow the Takedown of Attackers’ Servers
Date Published: August 5, 2021


Excerpt: “As you might already know Cobalt Strike is a legitimate penetration testing tool that can be used as an attack framework by red teams. Red Teams are groups of security professionals that try to attack their own organization’s infrastructure in order to discover security gaps and vulnerabilities. Cobalt Strike is used also by threat actors for post-exploitation purposes after the deployment of so-called beacons that are able to provide them with persistent remote access to compromised devices. The beacons are very important as they allow the attackers to later access the breached servers and easily harvest data or deploy second-stage malware payloads.”

Title: There’s Been a Rise in Stalkerware. And the Tech Abuse Problem Goes Beyond Smartphones
Date Published: August 5, 2021


Excerpt: “The Coalition Against Stalkerware defines stalkerware as software, made available directly to individuals, that enables a remote user to monitor the activities on another user’s device without consent and without “explicit, persistent notification to that user in a manner that may facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence.” Mobile applications and PC monitoring software come straight to mind. Unlike spyware, which may be employed to monitor indiscriminately or by government agencies and law enforcement investigations, stalkerware is generally used by individuals.”

Title: A Wide Range of Cyber Attacks Leveraging Prometheus TDS Malware Service
Date Published: August 5, 2021


Excerpt: “Dubbed “Prometheus TDS” (short for Traffic Direction System) and available for sale on underground platforms for $250 a month since August 2020, the service is designed to distribute malware-laced Word and Excel documents and divert users to phishing and malicious sites, according to a Group-IB report shared with The Hacker News. More than 3,000 email addresses are said to have been singled out via malicious campaigns in which Prometheus TDS was used to send malicious emails, with banking and finance, retail, energy and mining, cybersecurity, healthcare, IT, and insurance emerging the prominent verticals targeted by the attacks.”

Title: Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks
Date Published: August 5, 2021


Excerpt: “Multiple unpatched security vulnerabilities have been disclosed in Mitsubishi safety programmable logic controllers (PLCs) that could be exploited by an adversary to acquire legitimate user names registered in the module via a brute-force attack, unauthorized login to the CPU module, and even cause a denial-of-service (DoS) condition. The security weaknesses, disclosed by Nozomi Networks, concern the implementation of an authentication mechanism in the MELSEC communication protocol that’s used to exchange data with the target devices that is used for communication with target devices by reading and writing data to the CPU module.”

Title: Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
Date Published: August 3, 2021


Excerpt: “Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...