OSN September 14, 2021

Fortify Security Team
Sep 14, 2021

Title: Bot Attacks Grow 41% In First Half of 2021: LexisNexis

Date Published: September 14, 2021

https://www.zdnet.com/article/bot-attacks-grow-41-in-first-half-of-2021-lexisnexis/

Excerpt: “The LexisNexis Risk Solutions Cybercrime report is compiled through the analysis of 28.7 billion transactions over the six-month period through LexisNexis’ Digital Identity Network. Digital transactions overall are up nearly 30% this year. LexisNexis Risk Solutions researchers wrote that the United States still leads the way as the largest originator of automated bot attacks by volume, followed by the UK, Japan, Canada, Spain, Brazil, Ireland, India, Mexico and Germany. Stephen Topliss, vice president of fraud and identity for LexisNexis Risk Solutions, said the report confirms that cybercriminals are increasingly relying on automated processes but also highlights that fraudsters are further establishing sophisticated and expansive networks to conduct fraud.”

Title: Desktops Move to the Cloud

Date Published: September 14, 2021

https://medium.com/enterprise-nxt/desktops-move-to-the-cloud-5a4ebb758f65

Excerpt: “Many of the characteristics that make virtual desktops different from physical ones also make them more secure: For instance, the computer is in the data center, so data never leaves the data center. But many of the most common security threats affect virtual desktops as well as physical ones.
Why VDI is finally coming of age The sudden shift to remote work in 2020 was itself a good reason for an increase in VDI deployments, but there are many others. Users don’t just work at home; they can work anywhere, including the office. VDI means they can use their computer anywhere, on any device.”

Title: Apple Releases Emergency Update: Patch, but Don’t Panic

Date Published: September 14, 2021

https://blog.malwarebytes.com/privacy-2/2021/09/apple-releases-emergency-update-patch-but-dont-panic/

Excerpt: “Pegasus spyware is typically installed on victims’ phones using a software exploit that requires little or no user interaction—perhaps no more than a click. The exploits change over time, as they are discovered and patched by Apple. This most recent exploit is a “zero-day, zero-click” flaw in Apple’s iMessage app that requires no user interaction at all. Known as “FORCEDENTRY”, it was discovered by CitizenLab after a forensic examination of a phone belonging to a Saudi activist. The exploit has apparently been in use since at least February 2021, and reportedly works on Apple iOS, MacOS, and WatchOS devices. What should you do next?”

Title: North Korean Hacker Recently Employed Social Media to Launch a Cyberattack

Date Published: September 13, 2021

https://cybersecuritylog.com/north-korean-hacker-recently-employed-social-media-to-launch-a-cyberattack

Excerpt: “Aside from that, they used email to infect the victim with malware, in order to get feedback on a column they claimed to have written about North Korean political affairs. A macro virus has been attached to this email, and if the recipient accepts to download the file, the virus will infect the target’s computer, causing it to crash and freeze. Using the social media feature of spear-phishing to target specific individuals, the attackers exploited the technique as a natural extension of standard spear phishing techniques.”

Title: HP Patches Severe Omen Driver Privilege Escalation Vulnerability

Date Published: September 14, 2021

https://www.zdnet.com/article/hp-patches-omen-driver-privilege-escalation-vulnerability/

Excerpt: “A driver developed by HP and used by the software, HpPortIox64.sys, is the source of the security issue. According to the researchers, code partially comes from WinRing0.sys, an OpenLibSys driver used to manage actions including read/write kernel memory. “The link between the two drivers can readily be seen as on some signed HP versions the metadata information shows the original filename and product name,” SentinelLabs noted. Privilege escalation bugs have been found in the WinRing0.sys driver in the past, including flaws that allow users to exploit the IOCTLs interface to perform high-level actions.”

Title: A Guide to Owasp’s Secure Coding

Date Published: September 14, 2021

https://cybersecurity.att.com/blogs/security-essentials/a-guide-to-owasps-secure-coding

Excerpt: “Cryptographic practices are employed to maintain information confidentiality and integrity. Different cryptographic approaches, such as symmetric-key cryptography or public-key cryptography, can be deployed throughout the transfer of information and storage depending on the security demands and risks present. For instance, cryptography in daily life refers to several scenarios in which cryptography provides a safe service, such as withdrawing money from a bank, safe web surfing, emails and data storage, and the usage of a cellular smartphone.”

Title: Singapore, India to Link National Payment Systems for Cross-Border Transfers

Date Published: September 14, 2021

https://www.zdnet.com/article/singapore-india-to-link-national-payment-systems-for-cross-border-transfers/

Excerpt: “Singapore and India are working to link their country’s respective real-time payment system, enabling funds to be transferred via mobile numbers and virtual payment addresses. The move aims to support growing remittance traffic and drive cross-border interoperability. Work to connect Singapore’s PayNow and India’s Unified Payments Interface (UPI) infrastructures were targeted for completion by July 2022, according to a statement released Tuesday by the Monetary Authority of Singapore (MAS). It added that the initiative was established in partnership with the Reserve Bank of India. The linkage would enable residents in both countries to make real-time, low-cost fund transfers directly between their respective local bank accounts ”

Title: ExpressVPN Bought for $1bn by Brit Biz With an Intriguing History in Adware

Date Published: September 12, 2021

https://www.theregister.com/2021/09/14/expressvpn_bought_kape/

Excerpt: “UK-headquartered Kape Technologies announced on Monday it has acquired ExpressVPN in a $936m (£675m) cash and stocks deal, a move it claims will double its customer base to at least six million. In a canned statement, Kape said combining the two companies would “create a premium consumer privacy and security player,” and that the acquisition “further positions Kape to define the next generation of privacy and security protection tools and services to return greater control over the digital sphere to consumers”.”

Title: Google Addresses a New Chrome Zero-Day Flaw Actively Exploited in the Wild

Date Published: September 14, 2021

https://securityaffairs.co/wordpress/122192/hacking/google-zero-day-10.html

Excerpt: “Both zero-day vulnerabilities fixed in Chrome 93.0.4577.82 were disclosed to Google on September 8th, 2021. The first issue, tracked as CVE-2021-30632 is an out-of-bounds write that resides in the V8 JavaScript engine, while the CVE-2021-30633 flws is a use-after-free vulnerability that impacts the Indexed DB API. “Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild,” reads the release note published by the company. Google did not provide details about the attacks either information about the threat actors exploiting the vulnerabilities. The two vulnerabilities were reported by anonymous researchers.”

Title: Vermilion Strike, a Linux Implementation of Cobalt Strike Beacon Used in Attacks

Date Published: September 14, 2021

https://securityaffairs.co/wordpress/122172/malware/cobalt-strike-beacon.html

Excerpt: “The Linux versions of the commercial post-exploitation tool was codenamed Vermilion Strike and according to Intezer researchers, that spotted it, is it fully undetected by vendors. “In August 2021, we at Intezer discovered a fully undetected ELF implementation of Cobalt Strike’s beacon, which we named Vermilion Strike. The stealthy sample uses Cobalt Strike’s Command and Control (C2) protocol when communicating to the C2 server and has Remote Access capabilities such as uploading files, running shell commands and writing to files.” reads the analysis published by Intezer, Intezer researchers reported that the Linux variant has been active in the wild since August, threat actors used it in attacks against telecom companies, government agencies, IT companies, financial institutions and advisory companies.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...