OSN September 14, 2021

Fortify Security Team
Sep 14, 2021

Title: Bot Attacks Grow 41% In First Half of 2021: LexisNexis

Date Published: September 14, 2021


Excerpt: “The LexisNexis Risk Solutions Cybercrime report is compiled through the analysis of 28.7 billion transactions over the six-month period through LexisNexis’ Digital Identity Network. Digital transactions overall are up nearly 30% this year. LexisNexis Risk Solutions researchers wrote that the United States still leads the way as the largest originator of automated bot attacks by volume, followed by the UK, Japan, Canada, Spain, Brazil, Ireland, India, Mexico and Germany. Stephen Topliss, vice president of fraud and identity for LexisNexis Risk Solutions, said the report confirms that cybercriminals are increasingly relying on automated processes but also highlights that fraudsters are further establishing sophisticated and expansive networks to conduct fraud.”

Title: Desktops Move to the Cloud

Date Published: September 14, 2021


Excerpt: “Many of the characteristics that make virtual desktops different from physical ones also make them more secure: For instance, the computer is in the data center, so data never leaves the data center. But many of the most common security threats affect virtual desktops as well as physical ones.
Why VDI is finally coming of age The sudden shift to remote work in 2020 was itself a good reason for an increase in VDI deployments, but there are many others. Users don’t just work at home; they can work anywhere, including the office. VDI means they can use their computer anywhere, on any device.”

Title: Apple Releases Emergency Update: Patch, but Don’t Panic

Date Published: September 14, 2021


Excerpt: “Pegasus spyware is typically installed on victims’ phones using a software exploit that requires little or no user interaction—perhaps no more than a click. The exploits change over time, as they are discovered and patched by Apple. This most recent exploit is a “zero-day, zero-click” flaw in Apple’s iMessage app that requires no user interaction at all. Known as “FORCEDENTRY”, it was discovered by CitizenLab after a forensic examination of a phone belonging to a Saudi activist. The exploit has apparently been in use since at least February 2021, and reportedly works on Apple iOS, MacOS, and WatchOS devices. What should you do next?”

Title: North Korean Hacker Recently Employed Social Media to Launch a Cyberattack

Date Published: September 13, 2021


Excerpt: “Aside from that, they used email to infect the victim with malware, in order to get feedback on a column they claimed to have written about North Korean political affairs. A macro virus has been attached to this email, and if the recipient accepts to download the file, the virus will infect the target’s computer, causing it to crash and freeze. Using the social media feature of spear-phishing to target specific individuals, the attackers exploited the technique as a natural extension of standard spear phishing techniques.”

Title: HP Patches Severe Omen Driver Privilege Escalation Vulnerability

Date Published: September 14, 2021


Excerpt: “A driver developed by HP and used by the software, HpPortIox64.sys, is the source of the security issue. According to the researchers, code partially comes from WinRing0.sys, an OpenLibSys driver used to manage actions including read/write kernel memory. “The link between the two drivers can readily be seen as on some signed HP versions the metadata information shows the original filename and product name,” SentinelLabs noted. Privilege escalation bugs have been found in the WinRing0.sys driver in the past, including flaws that allow users to exploit the IOCTLs interface to perform high-level actions.”

Title: A Guide to Owasp’s Secure Coding

Date Published: September 14, 2021


Excerpt: “Cryptographic practices are employed to maintain information confidentiality and integrity. Different cryptographic approaches, such as symmetric-key cryptography or public-key cryptography, can be deployed throughout the transfer of information and storage depending on the security demands and risks present. For instance, cryptography in daily life refers to several scenarios in which cryptography provides a safe service, such as withdrawing money from a bank, safe web surfing, emails and data storage, and the usage of a cellular smartphone.”

Title: Singapore, India to Link National Payment Systems for Cross-Border Transfers

Date Published: September 14, 2021


Excerpt: “Singapore and India are working to link their country’s respective real-time payment system, enabling funds to be transferred via mobile numbers and virtual payment addresses. The move aims to support growing remittance traffic and drive cross-border interoperability. Work to connect Singapore’s PayNow and India’s Unified Payments Interface (UPI) infrastructures were targeted for completion by July 2022, according to a statement released Tuesday by the Monetary Authority of Singapore (MAS). It added that the initiative was established in partnership with the Reserve Bank of India. The linkage would enable residents in both countries to make real-time, low-cost fund transfers directly between their respective local bank accounts ”

Title: ExpressVPN Bought for $1bn by Brit Biz With an Intriguing History in Adware

Date Published: September 12, 2021


Excerpt: “UK-headquartered Kape Technologies announced on Monday it has acquired ExpressVPN in a $936m (£675m) cash and stocks deal, a move it claims will double its customer base to at least six million. In a canned statement, Kape said combining the two companies would “create a premium consumer privacy and security player,” and that the acquisition “further positions Kape to define the next generation of privacy and security protection tools and services to return greater control over the digital sphere to consumers”.”

Title: Google Addresses a New Chrome Zero-Day Flaw Actively Exploited in the Wild

Date Published: September 14, 2021


Excerpt: “Both zero-day vulnerabilities fixed in Chrome 93.0.4577.82 were disclosed to Google on September 8th, 2021. The first issue, tracked as CVE-2021-30632 is an out-of-bounds write that resides in the V8 JavaScript engine, while the CVE-2021-30633 flws is a use-after-free vulnerability that impacts the Indexed DB API. “Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild,” reads the release note published by the company. Google did not provide details about the attacks either information about the threat actors exploiting the vulnerabilities. The two vulnerabilities were reported by anonymous researchers.”

Title: Vermilion Strike, a Linux Implementation of Cobalt Strike Beacon Used in Attacks

Date Published: September 14, 2021


Excerpt: “The Linux versions of the commercial post-exploitation tool was codenamed Vermilion Strike and according to Intezer researchers, that spotted it, is it fully undetected by vendors. “In August 2021, we at Intezer discovered a fully undetected ELF implementation of Cobalt Strike’s beacon, which we named Vermilion Strike. The stealthy sample uses Cobalt Strike’s Command and Control (C2) protocol when communicating to the C2 server and has Remote Access capabilities such as uploading files, running shell commands and writing to files.” reads the analysis published by Intezer, Intezer researchers reported that the Linux variant has been active in the wild since August, threat actors used it in attacks against telecom companies, government agencies, IT companies, financial institutions and advisory companies.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...