OSN October 12, 2021

Fortify Security Team
Oct 12, 2021

Title: CISA Names 3 ‘Exceptionally Dangerous’ Behaviors to Avoid

Date Published: October 12, 2021


Excerpt: “As per CISA, “The presence of these Bad Practices in organizations that support Critical Infrastructure… is exceptionally dangerous and increases risk to our critical infrastructure, on which we rely for national security, economic stability and life, health and safety of the public.” Even for those outside of national cybersecurity, these behaviors should be top of mind for any vulnerability assessment. While they may seem simple, each one involves complex cyber crime that cannot be ignored.”

Title: Oracle Joins Multi-Cloud Security Notification Project

Date Published: October 12, 2021


Excerpt: “Oracle is joining the Cloud Security Notification Framework project (CSNF), an initiative looking to develop a standardized framework for dealing with cloud security issues in enterprise environments, which often use a variety of different cloud services. That reliance on multiple providers can make keeping up with and reacting to security notifications and alerts difficult, because many cloud service providers have their own systems set up for security reporting. The disparate nature can make managing cloud security difficult for businesses – particularly following the growth in the use of cloud services over the past 18 months.”

Title: Microsoft Revokes Insecure SSH Keys for Azure DevOps Customers

Date Published: October 12, 2021


Excerpt: “While Azure DevOps customers who haven’t already been informed their SSH keys were revoked are likely unaffected by this vulnerability, Microsoft still advises them to add new SSH public keys to Azure DevOps Services/TFS. Detailed information on removing your SSH public keys and adding new ones is available on Microsoft’s support website. Yesterday, GitHub also announced that it revoked weak SSH authentication keys generated with GitKraken versions using the faulty library, which created duplicate keypairs incorrectly. The library flaw was discovered by Axosoft engineer Dan Suceava “who noticed that keypair was regularly generating duplicate RSA keys,” and GitHub senior security engineer Kevin Jones identified the cause.”

Title: Microsoft Warns Over Password Attacks Against These Office 365 Customers

Date Published: October 12, 2021


Excerpt: “Microsoft says 250 Office 365 customers in the US and Israeli defense technology sector have bee targeted with ‘password-spraying’ attacks, where attackers try to access many accounts with commonly used passwords. The technique relies on people using variations of common passwords. The password attacks focussed on critical infrastructure companies operating in the Persian Gulf and were carried out by a group Microsoft is tracking as DEV-0343 – most likely a new group from Iran.”

Title: Ransomware: No Decline in Victims Posted to Data Leak Sites

Date Published: October 12, 2021


Excerpt: “Unfortunately, despite the White House declaring war on ransomware, including initiatives to improve the cyber resiliency of U.S. businesses, at least so far the number of victims being listed on such sites hasn’t been declining, reports Allan Liska, an intelligence analyst at threat intelligence firm Recorded Future. “The number of victims posted to ransomware extortion sites remained near an all-time high in September,” Liska tweets. “As always, remember that only a small fraction of ransomware victims make it to extortion sites so these numbers aren’t representative of all attacks”.”

Title: DDoS Operator Arrested by the Ukrainian Police

Date Published: October 12, 2021


Excerpt: “The threat actor was apprehended at his Prykarpattya residence, where he was reportedly utilizing the botnet to launch DDoS assaults or support other criminal behavior for his clients. Brute-forcing login passwords on websites, spamming activities, and penetration testing on remote devices to find and exploit vulnerabilities were all part of this activity. According to a statement provided by SSU, the hacker wasn’t only utilizing his botnet’s sheer force to bring down websites. Instead, he conducted reconnaissance and penetration testing on the target websites in order to find and exploit weaknesses.”

Title: Over 90% of Firms Suffered Supply Chain Breaches Last Year

Date Published: October 12, 2021


Excerpt: “Budget increases demonstrate that firms are recognizing the need to invest in cybersecurity and vendor risk management. However, the wide yet consistent array of pain points suggests that this investment is not as effective as it needs to be,” argued BlueVoyant global head of third-party cyber-risk management, Adam Bixler. This, tied to the lack of visibility, monitoring and senior-level reporting, underscores a need for further improvement when approaching third-party cyber risk, in order to reduce the exposure of data before attackers take advantage of this.”

Title: AWS IAM and Cross Account Attacks

Date Published: October 12, 2021


Excerpt: “The recommended way of giving a supplier access to your AWS account is via a cross account trust, on an AWS Role. You don’t have to manage credentials and you can explicitly allow access to another AWS IAM identity. In the AWS documentation this is referred to as an Assume Role Policy Document or a trust policy. Technically this is a single API call to the AWS Security Token Service (STS), which returns a pair of time bound credentials, for the target role. For those curious on how the AWS STS AssumeRole works, this is what an example request looks like.”

Title: How MITRES Att&CK Framework Helps Security Teams Map Adversary Behavior

Date Published: October 6, 2021


Excerpt: “The Mitre ATT&CK knowledge base contains a solid foundation of adversary tactics and techniques that have been observed and documented. The latest update, Mitre ATT&CK version 9, published in April 2021, introduces 16 new Groups, 67 new pieces of software, with updates to 36 Groups and 51 software entries. The Mitre ATT&CK framework originated from MITRE’s Fort Meade eXperiment (FMX) research focused on the investigation into using endpoint telemetry to improve post-compromise detection. It’s helpful to explore Mitre ATT&CK framework use cases, common pitfalls, and recommendations for use.”

Title: Microsoft Mitigated a Record 2.4 Tbps Ddos Attack in August

Date Published: October 12, 2021


Excerpt: “The last week of August, we observed a 2.4 Tbps DDoS attack targeting an Azure customer in Europe. This is 140 percent higher than 2020’s 1 Tbps attack and higher than any network volumetric event previously detected on Azure.” reads the post published by Microsoft. “The attack vector was a UDP reflection spanning more than 10 minutes with very short-lived bursts, each ramping up in seconds to terabit volumes. In total, we monitored three main peaks, the first at 2.4 Tbps, the second at 0.55 Tbps, and the third at 1.7 Tbps.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...