OSN September 10, 2021

Fortify Security Team
Sep 10, 2021

Title: IT Leaders Facing Backlash From Remote Workers Over Cybersecurity Measures: HP Study
Date Published: September 10, 2021

https://www.zdnet.com/article/it-leaders-facing-backlash-from-remote-workers-over-cybersecurity-measures-hp-study/

Excerpt: “The study found that IT workers often feel like they have no choice but to compromise cybersecurity in order to appease workers who complain about how certain measures slow down business processes. Some remote workers — particularly those aged 24 and younger — outright reject cybersecurity measures they believe “get in the way” of their deadlines. More than 75% of IT teams said cybersecurity took a “backseat to business continuity during the pandemic” and 91% reported feeling pressured into compromising security for business practices.”

Title: Experts Link Sidewalk Malware Attacks to Grayfly Chinese Hacker Group
Date Published: September 10, 2021

https://thehackernews.com/2021/09/experts-link-sidewalk-malware-attacks.html

Excerpt: “But latest research published by researchers from Broadcom’s Symantec has pinned the SideWalk backdoor on the China-linked espionage group, pointing out the malware’s overlaps with the older Crosswalk malware, with the latest Grayfly hacking activities singling out a number of organizations in Mexico, Taiwan, the U.S., and Vietnam. “A feature of this recent campaign was that a large number of targets were in the telecoms sector. The group also attacked organizations in the IT, media, and finance sectors,” Symantec’s Threat Hunter Team said in a write-up published on Thursday.”

Title: Hackers Steal Data from United Nations
Date Published: September 9, 2021

https://www.infosecurity-magazine.com/news/hackers-steal-data-from-united/

Excerpt: “Hackers have broken into the computer network of the United Nations and made off with data, according to researchers at cybersecurity firm Resecurity. Bloomberg reports that the unidentified cyber-criminals behind the theft appear to have gained access simply by using login credentials stolen from a UN employee.

Entry was gained by logging in to the employee’s Umoja account. Umoja, which means “unity” in Kiswahili, is the enterprise resource planning system implemented by the UN in 2015. It has been theorized that the username and password used in the cyber-attack were purchased from a website on the dark web. Gene Yoo, chief executive officer at Resecurity, said: “Organizations like the UN are a high-value target for cyber-espionage activity.”

Title: Millions of Microsoft Web Servers Powered by Vulnerable Legacy Software
Date Published: September 9, 2021

https://securityaffairs.co/wordpress/122044/security/millions-microsoft-servers-exposed-online.html

Excerpt: “During our investigation, we identified 7,335,868 potentially vulnerable web servers across the world running legacy versions of IIS. While 72% of these servers were honeypots used as bait by researchers and security teams, more than 2 million of the instances we discovered were actually running on vulnerable software that is no longer supported by Microsoft. According to CyberNews security researcher Mantas Sasnauskas, since web servers that host public websites must be publicly accessible to function, they are also broadcasting their outdated IIS versions for everyone to see. “This means that running these servers on visibly vulnerable software is tantamount to extending an invitation to threat actors to infiltrate their networks.”

Title: It Takes Only One Human Error To Cause Your Next Data Breach
Date Published: September 9, 2021

https://medium.com/akati-sekurity/it-takes-only-one-human-error-to-cause-your-next-data-breach-2ed0a93b8d13

Excerpt: “Critical data hacking, network outages, computer viruses, and other cyber-related risks have a variety of effects on our lives, ranging from a minor nuisance to serious incidents. Misconduct and weaknesses, as well as unplanned accidents, can result in cyber attacks. However, they may also be orchestrated or deliberate, such as hacking or unauthorized access. The primary goals of such network hackers or criminals are to steal sensitive information, conduct illicit financial transactions, delete or alter data, and do other similar activities. Terrorists, crackers, and recreational hackers are all possible system hackers.”

Title: [Updated] Windows MSHTML Zero-Day Actively Exploited, Mitigations Required
Date Published: September 9, 2021

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/windows-mshtml-zero-day-actively-exploited-mitigations-required/

Excerpt: “At the moment all supported Windows versions are vulnerable. Since there is no patch available yet, Microsoft proposes a few methods to block these attacks. Disable the installation of all ActiveX controls in Internet Explorer via the registry. Previously-installed ActiveX controls will still run, but no new ones will be added, including malicious ones. Open documents from the Internet in Protected View or Application Guard for Office, both of which prevent the current attack. This is a default setting but it may have been changed. Despite the lack of a ready patch, all versions of Malwarebytes currently block this threat, as shown below. Malwarebytes also detects the eventual payload, Cobalt Strike, and has done so for years, meaning that even if a threat actor had disabled anti-exploit, then Cobalt Strike itself would still be detected.”

Title: Healthcare Orgs in California, Arizona Send Out Breach Letters for Nearly 150,000 After SSNs Accessed During Ransomware Attacks
Date Published: September 10, 2021

https://www.zdnet.com/article/healthcare-orgs-in-california-arizona-send-out-breach-notice-letters-for-nearly-150000-after-ssns-accessed-during-ransomware-attacks/

Excerpt: “It took until August 9, 2021 for Netgain and LifeLong Medical Care to complete their investigation, and the companies eventually found that full names, Social Security numbers, dates of birth, patient cardholder numbers, treatment and diagnosis information was “accessed and/or acquired” during the attacks. LifeLong Medical Care urged those affected to enroll in credit monitoring services, place fraud alerts or security freezes on credit files, obtain credit reports and “remain vigilant” when it comes to “financial account statements, credit reports and explanation of benefits statements for fraudulent or irregular activity”.”

Title: HAProxy Urges Users to Update After HTTP Request Smuggling Vulnerability Found
Date Published: September 10, 2021

https://www.zdnet.com/article/haproxy-urges-users-to-update-after-http-request-smuggling-vulnerability-found/

Excerpt: “This vulnerability has the potential to have a wide-spread impact, but fortunately there are plenty of ways to mitigate risk posed by this HAProxy vulnerability, and many users most likely have already taken the necessary steps to protect themselves,” Bar-Dayan told ZDNet. “CVE-2021-40346 is mitigated if HAProxy has been updated to one of the latest four versions of the software. Like with most vulnerabilities, CVE-2021-40346 can’t be exploited without severe user negligence. The HAProxy team has been responsible in their handling of the bug. Most likely the institutional cloud and application services that use HAProxy in their stack have either applied upgrades or made the requisite configuration changes by now. Now it is up to all HAProxy users to run an effective vulnerability remediation program to protect their businesses from this very real threat.”

Title: Personal Information of Nearly 80,000 MyRepublic Customers Accessed After Breach
Date Published: September 10, 2021

https://www.infosecurity-magazine.com/news/80000-myrepublic-customers-breach/

Excerpt: “The telco stressed that the unauthorized access had no operational impact on its services. Nevertheless, it has informed the Infocomm Media Development Authority and the Personal Data Protection Commission of the incident. MyRepublic also activated its cyber incident response team, comprising a group of external expert advisors to work closely with its internal IT and Network teams. “We are disappointed with what has happened, and I would like to personally apologize for any inconvenience caused,” said MyRepublic chief executive officer Malcolm Rodrigues.”

Title: Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances
Date Published: September 9, 2021

https://unit42.paloaltonetworks.com/azure-container-instances/

Excerpt: “Azure Container Instances (ACI) is Azure’s Container-as-a-Service (CaaS) offering, enabling customers to run containers on Azure without managing the underlying servers. Unit 42 researchers recently identified and disclosed critical security issues in ACI to Microsoft. A malicious Azure user could have exploited these issues to execute code on other users’ containers, steal customer secrets and images deployed to the platform, and possibly abuse ACI’s infrastructure for crypto mining. Researchers named the vulnerability Azurescape – the first cross-account container takeover in the public cloud. Azurescape allowed malicious users to compromise the multitenant Kubernetes clusters hosting ACI, establishing full control over other users’ containers. This post covers the research process, presents an analysis of the issue and suggests best practices for securing Kubernetes, with a focus on multi tenancy, that could help prevent similar attacks.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...