OSN October 6, 2021

Fortify Security Team
Oct 6, 2021

Title: Patch Apache HTTP Servers Now to Avoid Zero Day Exploit
Date Published: October 6, 2021

https://www.infosecurity-magazine.com/news/patch-apache-http-servers-now-zero/

Excerpt: “CVE-2021-41773 is described as a path traversal flaw in version 2.4.49, which was itself only released a few weeks ago. “An attacker could use a path traversal attack to map URLs to files outside the expected document root,” a description of the bug noted. “If files outside of the document root are not protected by ‘require all denied’ these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts.” According to Sonatype senior security researcher, Ax Sharma, there are around 112,000 Apache servers across the globe running version 2.4.49, two-fifths of which are located in the US. He argued that the new zero-day exploit highlights that, even when a vendor releases patches, they may subsequently be bypassed.”

Title: Ransomware Law Would Require Victims to Disclose Ransom Payments Within 48 Hours
Date Published: October 6, 2021

https://www.zdnet.com/article/ransomware-law-would-require-victims-to-disclose-ransom-payments-within-48-hours/

Excerpt: “Ransomware attacks are becoming more common every year, threatening our national security, economy, and critical infrastructure. Unfortunately, because victims are not required to report attacks or payments to federal authorities, we lack the critical data necessary to understand these cybercriminal enterprises and counter these intrusions,” said Congresswoman Ross. “The data that this legislation provides will ensure both the federal government and private sector are equipped to combat the threats that cybercriminals pose to our nation,” she added. Currently, the Ransomware Disclosure Act is just a proposal. In order become legislation it will have to be approved by both the House of Representatives and the Senate before it could be signed into law by President Biden.”

Title: Emerging Trends From a Year of Cybersecurity Threats
Date Published: October 6, 2021

https://blogs.cisco.com/security/emerging-trends-from-a-year-of-cybersecurity-threats

Excerpt: “Usernames and passwords have never been a particularly secure mechanism of verifying users’ identities. Users are prone to disclosing their usernames and passwords in response to the socially engineered cues of phishing attacks. Studies have shown that users will even willingly disclose their password in return for a chocolate treat. The continued use of legacy systems, poor choices in system implementation, or bad hashing algorithms has also allowed attackers to collect vast numbers of usernames and plaintext password pairs.”

Title: 150 Million Google User Accounts Will Automatically Be Enrolled Into 2FA
Date Published: October 5, 2021

https://heimdalsecurity.com/blog/150-million-google-user-accounts-will-automatically-be-enrolled-into-2fa/

Excerpt: “When 2SV is enabled on a Google Account and a user signs in with the proper username and password, they are prompted to provide an extra form of verification to confirm they are the account owner. A code from an authenticator app or SMS text, Google Prompt, a hardware security key, such as a Yubikey or Google Titan, or even an iOS device can be used for this extra verification. As reported by BleepingComputer, Google stated that by the end of the year, 150 million additional Google Accounts would be automatically enrolled in 2SV.”

Title: Atom Silo Uses DLL Side-Loading to Deploy Ransomware
Date Published: October 6, 2021

https://www.infosecurity-magazine.com/news/atom-silo-dll-ransomware/

Excerpt: “Security researchers have warned of a new ransomware variant leveraging a recently disclosed vulnerability for initial access and going to great lengths to evade detection. Atom Silo is almost identical to the LockFile ransomware spotted spreading earlier this year by exploiting PetitPotam and ProxyShell vulnerabilities in Microsoft products, according to Sophos. However, in Atom Silo’s case, the variant exploited a vulnerability in Atlassian’s Confluence collaboration software made public just three weeks before the attack. Interestingly, the researchers discovered that a separate threat actor had exploited the same bug to deploy a coinminer (also called a cryptocurrency miner) on the victim organization’s system.”

Title: Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers
Date Published: October 6, 2021

https://thehackernews.com/2021/10/multiple-critical-flaws-discovered-in.html

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an advisory regarding multiple security vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers that could be exploited to achieve remote code execution and denial-of-service (DoS) conditions. “A Control Component Library (CCL) may be modified by a bad actor and loaded to a controller such that malicious code is executed by the controller,” Honeywell noted in an independent security notification published earlier this February. Credited with discovering and reporting the flaws are Rei Henigman and Nadav Erez of industrial cybersecurity firm Claroty.”

Title: UK Newspaper the Telegraph Exposed a 10tb Database With Subscriber Data
Date Published: October 6, 2021

https://securityaffairs.co/wordpress/123020/data-breach/the-telegraph-data-leak.html

Excerpt: “Evidence suggests the data was left unprotected for about three weeks, since September 1st. We do not know if any unauthorized parties accessed it during that time, but our honeypot experiments show attackers can find and steal data from unprotected databases in just a few hours after they’re exposed.” “The data was generated from an internal logging server for *The Telegraph*.co.uk website.” wrote Diachenko. “The instance was indexed on specialized search engines on September 1, 2021, so the period of exposure is at least three weeks. That’s plenty of time for attackers and automated scanners to find the exposed database and exfiltrate the contained data.”

Title: Lantenna Attack Allows Exfiltrating Data From Air-Gapped Systems via Ethernet Cables
Date Published: October 6, 2021

https://securityaffairs.co/wordpress/123008/hacking/lantenna-attack-exfiltration-technique.html

Excerpt: “LANTENNA – a new type of electromagnetic attack allowing adversaries to leak sensitive data from isolated, air-gapped networks. Malicious code in air gapped computers gathers sensitive data and then encodes it over radio waves emanating from the Ethernet cables, using them as antennas. A nearby receiving device can intercept the signals wirelessly, decode the data, and send it to the attacker.” reads the paper published by the researchers. “Notably, the malicious code can run in an ordinary user-mode process and successfully operate from within a virtual machine.”

Title: Mandiant Tackles Ransomware and Breaches With New Tools
Date Published: October 5, 2021

https://www.darkreading.com/dr-tech/mandiant-tackles-ransomware-and-breaches-with-new-tools

Excerpt: “Mandiant announced two new Mandiant Advantage services to fight ransomware and data breaches during the annual Cyber Defense Summit. The new software-as-a-service offerings — Active Breach & Intel Monitoring and Ransomware Defense Validation — allow enterprise security teams to detect the presence of active Indicators of Compromise in their environments and test their defenses against ransomware attacks.”

Title: Hong Kong Firm Becomes Latest Marketing Company Hit With Revil Ransomware
Date Published: October 5, 2021

https://www.zdnet.com/article/hong-kong-firm-becomes-latest-marketing-company-hit-with-revil-ransomware/

Excerpt: “Their website is currently down, and there was no response to ZDNet requests for comment. Matt Lane, CEO of UK-based cybersecurity firm X Cyber Group, said his team routinely “scrutinizes the activities of cybercriminals for evidence of their behaviors” as a way to protect clients and customers. On Tuesday, they discovered that REvil had breached Fimmick’s databases and claimed to have data from a number of global brands. Lane shared screenshots showing REvil’s threatening posts toward Fimmick that included information stolen from the company’s website.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...