September 2, 2021

Fortify Security Team
Sep 2, 2021

Title: Cisco Fixes a Critical Flaw in Enterprise NFVIS for Which POC Exploit Exist
Date Published: September 2, 2021

https://securityaffairs.co/wordpress/121746/security/enterprise-nfvis-critical-flaw.html

Excerpt: “A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator.” reads the advisory published by Cisco. “This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device.”

Title: Autodesk Reveals It Was Targeted by Russian Solarwinds Hackers
Date Published: September 2, 2021

https://www.bleepingcomputer.com/news/security/autodesk-reveals-it-was-targeted-by-russian-solarwinds-hackers/

Excerpt: “The attackers did not deploy any other malware besides the Sunburst backdoor, likely because it was not selected for second stage exploitation or the threat actors didn’t act quickly enough before they were detected. “Autodesk identified a compromised SolarWinds server on December 13. Soon after, the server was isolated, logs were collected for forensic analysis, and the software patch was applied,” the spokesperson said. “We identified a compromised SolarWinds server and promptly took steps to contain and remediate the incidents.”

Title: Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks
Date Published: September 2, 2021

https://thehackernews.com/2021/09/chinese-authorities-arrest-hackers.html

Excerpt: “The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019. News of the arrest, which originally happened in June, was disclosed by researchers from Netlab,  the network research division of Chinese internet security company Qihoo 360, earlier this Monday, detailing its involvement in the operation. “Mozi uses a P2P [peer-to-peer] network structure, and one of the ‘advantages’ of a P2P network is that it is robust, so even if some of the nodes go down, the whole network will carry on, and the remaining nodes will still infect other vulnerable devices, that is why we can still see Mozi spreading,” said Netlab, which spotted the botnet for the first time in late 2019.”

Title: Sacked Employee Deletes 21GB of Credit Union Files
Date Published: September 2, 2021

https://www.infosecurity-magazine.com/news/sacked-employee-deletes-credit/

Excerpt: “Two days after being fired on May 19 2021, Barile is said to have accessed the file server of the New York-based credit union, opened confidential files and deleted 21.3GB of data, including 20,000 files and almost 3500 directories, according to the Department of Justice (DoJ). The deleted files apparently related to mortgage loan applications and the company’s anti-ransomware software.She also sent a text message shortly after to a friend claiming: “I deleted their shared network documents.” According to the DoJ, the credit union spent $10,000 fixing the unauthorized intrusion and deletion of documents.”

Title: FTC Bans Spyfone and Its CEO From Continuing to Sell Stalkerware
Date Published: September 1, 2021

https://blog.malwarebytes.com/stalkerware/2021/09/ftc-bans-spyfone-and-its-ceo-from-continuing-to-sell-stalkerware/

Excerpt: “According to a complaint filed by the FTC which detailed its investigation into Support King, SpyFone, and Zuckerman, the company sold three versions of its SpyFone app (“Basic,” “Premium,” and “Xtreme”) at various prices. The company also sold “SpyFone for Android Xpress,” which the FTC described not as an app, but as an actual mobile device that came pre-installed with a one-year subscription for Android Xtreme. The price of the device started at $495.”

Title: New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
Date Published: September 2, 2021

https://thehackernews.com/2021/09/new-braktooth-flaws-leave-millions-of.html

Excerpt: “A last collection of flaws discovered in Bluetooth speakers, headphones, and audio modules could be abused to freeze and even completely shut down the devices, requiring the users to manually turn them back on. Troublingly, all the aforementioned BrakTooth attacks could be carried out with a readily available Bluetooth packet sniffer that costs less than $15. The ASSET group has also made available a proof-of-concept (PoC) tool that can be used by vendors producing Bluetooth SoCs, modules, and products to replicate the vulnerabilities and validate against BrakTooth attacks.”

Title: “Bad Bots” Traffic Surge Strikes Financial Services Sector
Date Published: September 1, 2021

https://cybersecurityventures.com/bad-bots-traffic-surge-strikes-financial-services-sector/

Excerpt: “The researchers have distinguished sophisticated bots from simple software that only uses scripts and single, assigned IP addresses through the moniker “advanced persistent bot” (APB). These bots will attempt to avoid detection by mimicking human behavior, such as through the production of mouse clicks and movement, and they may also use P2P networks or cycled IP addresses. Imperva says that 57.1 percent of today’s bots can be considered APBs. The cybersecurity firm estimates that since the beginning of this year, only 37 percent of internet traffic to financial platforms is human, and approximately 31 percent of network traffic is generated by malicious bot applications.”

Title: Ethical Analysis of the Sony Hack Response
Date Published: September 1, 2021

https://medium.com/@edwincovert/ethical-analysis-of-the-sony-hack-response-26d22e18561c

Excerpt: “The virtue approach states that entities should live to achieve the highest potential we can and focus on common virtues such as honesty, courage, generosity, fidelity, and integrity among others (Velasaquez et al., 2015). This approach does not feel appropriate for a corporate entity either. That leaves common good. The common good approach is similar in nature to the utilitarian but the focus shifts to the idea of community. The “community” here is the cadre of fellow Hollywood studios as well as SPE stakeholders. This seems to be the best framework to evaluate SPE’s actions because as part of a global conglomerate headquartered in Japan, SPE holds no special allegiance to a single or group of nations (necessary in the utilitarian approach).”

Title: Google Play Sign-Ins Can Be Abused to Track Another Person’s Movements
Date Published: September 1, 2021

https://blog.malwarebytes.com/awareness/2021/09/google-play-sign-ins-can-be-abused-to-track-another-persons-movements/

Excerpt: “We should be very clear here, though. This situation is not a form of stalkerware, and it does not, by design, attempt to work around a user’s consent. This is more aptly a design and user experience flaw. However, it is still a flaw that can and should be called out, because the end result can still provide location tracking of another person’s device. The flaw “does highlight the importance of quality assurance and user testing that takes domestic abuse situations into account and takes the leakage of location data seriously,” Galperin said. “One of the most dangerous times in a domestic abuse situation is the time when the survivor is trying to disentangle their digital life from their abusers’. That is a time when the survivors’ data is particularly vulnerable to this kind of misconfiguration problem and the potential consequences are very serious.”

Title: Linphone SIP Stack Bug Could Let Attackers Remotely Crash Client Devices
Date Published: September 1, 2021

https://thehackernews.com/2021/09/linphone-sip-stack-bug-could-let.html

Excerpt: “Although the patches are available for the core protocol stack, it’s essential that the updates are applied downstream by vendors that rely on the affected SIP stack in their products. Successful exploits targeting IoT vulnerabilities have demonstrated they can provide an effective foothold onto enterprise networks,” Brizinov said. “A flaw in a foundational protocol such as the SIP stack in VoIP phones and applications can be especially troublesome given the scale and reach shown by attacks against numerous other third-party components used by developers in software projects.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...