September 2, 2021

Fortify Security Team
Sep 2, 2021

Title: Cisco Fixes a Critical Flaw in Enterprise NFVIS for Which POC Exploit Exist
Date Published: September 2, 2021

Excerpt: “A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator.” reads the advisory published by Cisco. “This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device.”

Title: Autodesk Reveals It Was Targeted by Russian Solarwinds Hackers
Date Published: September 2, 2021

Excerpt: “The attackers did not deploy any other malware besides the Sunburst backdoor, likely because it was not selected for second stage exploitation or the threat actors didn’t act quickly enough before they were detected. “Autodesk identified a compromised SolarWinds server on December 13. Soon after, the server was isolated, logs were collected for forensic analysis, and the software patch was applied,” the spokesperson said. “We identified a compromised SolarWinds server and promptly took steps to contain and remediate the incidents.”

Title: Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks
Date Published: September 2, 2021

Excerpt: “The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019. News of the arrest, which originally happened in June, was disclosed by researchers from Netlab,  the network research division of Chinese internet security company Qihoo 360, earlier this Monday, detailing its involvement in the operation. “Mozi uses a P2P [peer-to-peer] network structure, and one of the ‘advantages’ of a P2P network is that it is robust, so even if some of the nodes go down, the whole network will carry on, and the remaining nodes will still infect other vulnerable devices, that is why we can still see Mozi spreading,” said Netlab, which spotted the botnet for the first time in late 2019.”

Title: Sacked Employee Deletes 21GB of Credit Union Files
Date Published: September 2, 2021

Excerpt: “Two days after being fired on May 19 2021, Barile is said to have accessed the file server of the New York-based credit union, opened confidential files and deleted 21.3GB of data, including 20,000 files and almost 3500 directories, according to the Department of Justice (DoJ). The deleted files apparently related to mortgage loan applications and the company’s anti-ransomware software.She also sent a text message shortly after to a friend claiming: “I deleted their shared network documents.” According to the DoJ, the credit union spent $10,000 fixing the unauthorized intrusion and deletion of documents.”

Title: FTC Bans Spyfone and Its CEO From Continuing to Sell Stalkerware
Date Published: September 1, 2021

Excerpt: “According to a complaint filed by the FTC which detailed its investigation into Support King, SpyFone, and Zuckerman, the company sold three versions of its SpyFone app (“Basic,” “Premium,” and “Xtreme”) at various prices. The company also sold “SpyFone for Android Xpress,” which the FTC described not as an app, but as an actual mobile device that came pre-installed with a one-year subscription for Android Xtreme. The price of the device started at $495.”

Title: New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
Date Published: September 2, 2021

Excerpt: “A last collection of flaws discovered in Bluetooth speakers, headphones, and audio modules could be abused to freeze and even completely shut down the devices, requiring the users to manually turn them back on. Troublingly, all the aforementioned BrakTooth attacks could be carried out with a readily available Bluetooth packet sniffer that costs less than $15. The ASSET group has also made available a proof-of-concept (PoC) tool that can be used by vendors producing Bluetooth SoCs, modules, and products to replicate the vulnerabilities and validate against BrakTooth attacks.”

Title: “Bad Bots” Traffic Surge Strikes Financial Services Sector
Date Published: September 1, 2021

Excerpt: “The researchers have distinguished sophisticated bots from simple software that only uses scripts and single, assigned IP addresses through the moniker “advanced persistent bot” (APB). These bots will attempt to avoid detection by mimicking human behavior, such as through the production of mouse clicks and movement, and they may also use P2P networks or cycled IP addresses. Imperva says that 57.1 percent of today’s bots can be considered APBs. The cybersecurity firm estimates that since the beginning of this year, only 37 percent of internet traffic to financial platforms is human, and approximately 31 percent of network traffic is generated by malicious bot applications.”

Title: Ethical Analysis of the Sony Hack Response
Date Published: September 1, 2021

Excerpt: “The virtue approach states that entities should live to achieve the highest potential we can and focus on common virtues such as honesty, courage, generosity, fidelity, and integrity among others (Velasaquez et al., 2015). This approach does not feel appropriate for a corporate entity either. That leaves common good. The common good approach is similar in nature to the utilitarian but the focus shifts to the idea of community. The “community” here is the cadre of fellow Hollywood studios as well as SPE stakeholders. This seems to be the best framework to evaluate SPE’s actions because as part of a global conglomerate headquartered in Japan, SPE holds no special allegiance to a single or group of nations (necessary in the utilitarian approach).”

Title: Google Play Sign-Ins Can Be Abused to Track Another Person’s Movements
Date Published: September 1, 2021

Excerpt: “We should be very clear here, though. This situation is not a form of stalkerware, and it does not, by design, attempt to work around a user’s consent. This is more aptly a design and user experience flaw. However, it is still a flaw that can and should be called out, because the end result can still provide location tracking of another person’s device. The flaw “does highlight the importance of quality assurance and user testing that takes domestic abuse situations into account and takes the leakage of location data seriously,” Galperin said. “One of the most dangerous times in a domestic abuse situation is the time when the survivor is trying to disentangle their digital life from their abusers’. That is a time when the survivors’ data is particularly vulnerable to this kind of misconfiguration problem and the potential consequences are very serious.”

Title: Linphone SIP Stack Bug Could Let Attackers Remotely Crash Client Devices
Date Published: September 1, 2021

Excerpt: “Although the patches are available for the core protocol stack, it’s essential that the updates are applied downstream by vendors that rely on the affected SIP stack in their products. Successful exploits targeting IoT vulnerabilities have demonstrated they can provide an effective foothold onto enterprise networks,” Brizinov said. “A flaw in a foundational protocol such as the SIP stack in VoIP phones and applications can be especially troublesome given the scale and reach shown by attacks against numerous other third-party components used by developers in software projects.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 Excerpt: “The duration of ransomware attacks in 2021...