OSN September 9, 2021

Fortify Security Team
Sep 9, 2021

Title: CISA Warns of Actively Exploited Zoho ManageEngine ADSelfService Vulnerability

Date Published: September 8, 2021

https://thehackernews.com/2021/09/cisa-warns-of-actively-exploited-zoho.html

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a bulletin warning of a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus deployments that is currently being actively exploited in the wild. The flaw, tracked as CVE-2021-40539, concerns a REST API authentication bypass that could lead to arbitrary remote code execution (RCE). ADSelfService Plus builds up to 6113 are impacted. ManageEngine ADSelfService Plus is an integrated self-service password management and a single sign-on solution for Active Directory and cloud apps, enabling admins to enforce two-factor authentication for application logins and users to reset their passwords.”

Title: Biden Announces Cybersecurity Initiative Partnership

Date Published: September 8, 2021

https://www.trendmicro.com/en_us/research/21/i/biden-announces-cybersecurity-initiative-partnership.html

Excerpt: “Among the private sector companies that pledged commitment was tech giant Apple, announcing that it will invest $10 billion over the next five years to improve supply chain technology. IBM also said it would train 150,000 people in cybersecurity skills in the next three years, collaborating with more than 20 Historically Black Colleges & Universities to establish Cybersecurity Leadership Centers to grow a more diverse cyber workforce. Over the next five years, Google and Microsoft also pledge $10 billion and $20 billion, respectively, to expand zero-trust programs and accelerate efforts in integrating cyber security by design and deliver advanced security solutions.”

Title: TeamTNT With New Campaign AKA “Chimaera”

Date Published: September 8, 2021

https://cybersecurity.att.com/blogs/labs-research/teamtnt-with-new-campaign-aka-chimaera

Excerpt: “AT&T Alien Labs™ has discovered a new campaign by threat group TeamTNT that is targeting multiple operating systems and applications. The campaign uses multiple shell/batch scripts, new open source tools, a cryptocurrency miner, the TeamTNT IRC bot, and more.

Alien Labs research indicates the command and control (C&C) server used in this newly discovered campaign contains infection statistics that suggest TeamTNT has been running this campaign since July 25, 2021, and that it is responsible for thousands of infections globally.”

Title: Attacks on IoT Devices Double Over Past Year

Date Published: September 8, 2021

https://www.infosecurity-magazine.com/news/attacks-iot-devices-double-past/

Excerpt: “The number of attacks targeting IoT devices has almost doubled from the second half of 2020 to the first six months of this year, according to Kaspersky. The Russian cybersecurity firm collected data from a network of honeypots to mimic vulnerable devices and invite attacks. Although these honeypots were on the receiving end of around 639 million cyber-attacks in the final six months of 2020, the figure had soared to over 1.5 billion by the first half of 2021. So far this year, most of these attacks have been attempted using the telnet protocol, which is typically used to access and manage devices remotely. Over 872 million, or nearly 58%, of the total was accounted for this way. The rest used SSH (34%) and web (8%) channels.”

Title: Attacker Releases Credentials for 87,000 Fortigate SSL VPN Devices

Date Published: September 9, 2021

https://www.zdnet.com/article/attacker-releases-credentials-for-87000-fortigate-ssl-vpn-devices/

Excerpt: “CVE-2018-13379 is a known security flaw impacting the FortiOS SSL VPN web tunnel software’s portal. The bug was patched and a fix was released in 2019, including two-factor authentication mitigation. However, close to two years on, the vulnerability has now come back to the fore with the release of stolen credentials online.Fortinet says that the stolen information was “obtained from systems that remained unpatched” at the time an attacker performed a web scan for vulnerable devices.”

Title: Ukrainian Hacker Extradited After Allegedly Sold Thousands of Passwords on the Dark Web

Date Published: September 9, 2021

https://heimdalsecurity.com/blog/ukrainian-hacker-extradited-after-allegedly-sold-thousands-of-passwords-on-the-dark-web/

Excerpt: “Ivanov-Tolpintsev was arrested by Polish authorities in Korczowa, Poland, on October 3, 2020, and extradited to the United States pursuant to the extradition treaty between the United States and the Republic of Poland. Ivanov-Tolpintsev was presented on September 7, 2021, before United States Magistrate Julie S. Sneed, and ordered detained pending trial. He is facing charges of conspiracy, trafficking in unauthorized access devices, and trafficking in computer passwords. If convicted on all counts, he faces a maximum penalty of 17 years in federal prison.”

Title: 91% Of It Teams Have Felt ‘Forced’ to Trade Security for Business Operations

Date Published: September 9, 2021

https://www.zdnet.com/article/91-of-it-teams-have-felt-forced-to-trade-security-for-business-operations/

Excerpt: “In total, 91% of those surveyed said that they have felt “pressured” to compromise security due to the need for business continuity during the COVID-19 pandemic. 76% of respondents said that security had taken a backseat, and furthermore, 83% believe that working from home has created a “ticking time bomb” for corporate security incidents. IT teams, their workloads, and the need to compromise are not the only issues — it also appears there are general feelings of apathy and frustration when it comes to managing cybersecurity in a remote workplace.”

Title: Yandex Is Under the Largest DDoS Attack in the History of Runet

Date Published: September 9, 2021

https://securityaffairs.co/wordpress/122028/hacking/yandex-ddos-attack.html

Excerpt: “The victims of these attacks are different, but the perpetrator, apparently, is the same, and he operates a botnet that has recently appeared in the industry,” Lyamin told Vedomosti. “Some industry players have already announced that the Mirai botnet, which made a splash five years ago and was built on the basis of video cameras, has returned to us. Having devoted the last few weeks to studying the new botnet, we can say that a completely new botnet has appeared and it is built on the network equipment of a very popular vendor from the Baltic States. It spreads through a vulnerability in firmware and already numbers up to hundreds of thousands of infected devices.”

Title: Malware Droppers for Hire Targeting Users on Fake Pirated Software Sites

Date Published: September 8, 2021

https://www.hackread.com/malware-droppers-for-hire-pirated-software-sites/

Excerpt: “Sophos researchers wrote that attackers are using numerous bait pages hosted on WordPress. These bait pages contain download links to different software packages. When a user clicks on these links, they are redirected to a malicious website containing unwanted browser plug-ins and malware. The researchers identified droppers delivering information stealers like Crypto Bot and Raccoon Stealer, as well as backdoors, including Glupteba. Though such malware are easily detectable by the security software, since malicious droppers are in encrypted archives, their files cannot be detected until they get unpacked.”

Title: 3 Years, 17 Alphas, 2 Betas, and Over 7,500 Commits Later, Openssl Version 3 Is Here

Date Published: September 8, 2021

https://www.theregister.com/2021/09/08/openssl_3/

Excerpt: “FIPS-validated cryptographic algorithms are important to have for users seeking US government work, and its omission from version 1.1.1 of OpenSSL (having been present in 1.0.2) has caused the odd headache. The new architecture of version 3.0 restores the module and introduces the “Provider” concept, where different algorithm implementations can be made available (OpenSSL 3.0 comes with five as standard, including the FIPS provider). The other notable change is a move to the Apache License 2.0 from the OpenSSL and SSLeay licenses of old (which still apply to version 1.1.1 and earlier).”

Recent Posts

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...

November 16, 2022

Title: North Korean Hackers Target European Orgs With Updated Malware Date Published: November 15, 2022 https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-european-orgs-with-updated-malware/ Excerpt: “North Korean hackers are using a new...

November 16, 2022

Title: North Korean Hackers Target European Orgs With Updated Malware Date Published: November 15, 2022 https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-european-orgs-with-updated-malware/ Excerpt: “North Korean hackers are using a new...

November 15, 2022

Title: China-Based Campaign Uses 42,000 Phishing Domains Date Published: November 15, 2022 https://www.infosecurity-magazine.com/news/chinabased-campaign-42000-phishing/ Excerpt: “Security researchers have uncovered a sophisticated phishing campaign using tens of...

November 14, 2022

Title: Kmsdbot, a New Evasive Bot for Cryptomining Activity and Ddos Attacks Date Published: November 14, 2022 https://securityaffairs.co/wordpress/138514/malware/kmsdbot-golang-malware.html Excerpt: “Researchers spotted a new evasive malware, tracked as KmsdBot, that...