OSN October 7, 2021

Fortify Security Team
Oct 7, 2021

Title: Microsoft Fixes Bug Blocking Azure Virtual Desktops Security Updates

Date Published: October 7, 2021

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-blocking-azure-virtual-desktops-security-updates/

Excerpt: “Microsoft also provides two workarounds that allow customers to apply monthly security updates on Azure Virtual Desktop systems using WSUS if they can’t immediately deploy the KB5005565 CU that fixes the known issue. The first workaround requires deploying up-to-date images to all impacted devices, including all Azure Marketplace security updates. The second approach, needed on computers where image redeployment is not an option, requires manually downloading and installing the missing security updates from the Microsoft Update Catalog.”

Title: Telegraph Newspaper Bares 10tb of Subscriber Data and Server Logs to World+Dog

Date Published: October 5, 2021

https://www.theregister.com/2021/10/05/telegraph_newspaper_10tb_data_breach/

Excerpt: “The Telegraph newspaper managed to leak 10TB of subscriber data and server logs after leaving an Elasticsearch cluster unsecured for most of September, according to the researcher who found it online. The blunder was uncovered by well-known security researcher Bob Diachenko, who said that the cluster had been freely accessible “without a password or any other authentication required to access it.” After sampling the database to determine its owner, Diachenko saw the personal details of at least 1,200 Telegraph subscribers along with a substantial quantity of internal server logs, he told The Register.”

Title: Transdev Denies Data Stolen by Ransomware Group, Connects Leak to September Attack on Client

Date Published: October 7, 2021

https://www.zdnet.com/article/transdev-denies-data-stolen-by-ransomware-group/

Excerpt: “The LockBit ransomware group listed Transdev on its leak site next to a timer set to expire at 1:00 on Sunday. But Transdev — which calls itself the “largest private provider of multiple modes of transport in North America” — said the data being hawked by Lockbit was from one of their clients. “We are aware that a cybercriminal group has made a threat to publish data, which they allege belongs to Transdev. However, we believe the data referenced by the criminal group likely belongs to a Transdev Client which was the subject of a cyber event in mid-September,” a Transdev spokesperson told ZDNet.”

Title: New Cybersecurity Regulations Released by TSA for Trains and Planes

Date Published: October 7, 2021

https://www.zdnet.com/article/new-cybersecurity-regulations-released-by-tsa-for-trains-and-planes/

Excerpt: “Whether by air, land, or sea, our transportation systems are of utmost strategic importance to our national and economic security. The last year and a half has powerfully demonstrated what’s at stake,” Mayorkas said, according to Reuters. In April, the New York City’s Metropolitan Transportation Authority — one of the largest transportation systems in the world — was hacked by a group based in China. While the attack did not cause any damage and no riders were put at risk, city officials raised alarms in a report because the attackers could have reached critical systems and may have left backdoors in the system. ”

Title: Cybercriminals Threaten to Hack EU Hospitals in Latest COVID-19 Vaccine Scam

Date Published: October 7, 2021

https://www.zdnet.com/article/cybercriminals-threaten-to-hack-eu-hospitals-in-latest-covid-19-vaccine-scam/

Excerpt: “This is very likely a scheme to steal people’s information and money. Scammers are always willing to prey on the vaccination-hesitant and those who desire a record of vaccination without actually getting the vaccine,” DarkOwl CEO Mark Turnage told ZDNet. “The offer has been circulated across multiple darknet forums and discussion groups. The cyber criminals also host a dedicated hidden service promoting their services. This very well could be a scam and they do not have the skills or access to actually hack any EU hospitals’ vaccination databases. Nevertheless, the idea is novel and it not out of the realm of possibility that hospitals are vulnerable to such record alterations”.”

Title: Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects

Date Published: October 7, 2021

https://thehackernews.com/2021/10/code-execution-bug-affects-yamale.html

Excerpt: “A high-severity code injection vulnerability has been disclosed in 23andMe’s Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code. The flaw, tracked as CVE-2021-38305 (CVSS score: 7.8), involves manipulating the schema file provided as input to the tool to circumvent protections and achieve code execution. Particularly, the issue resides in the schema parsing function, which allows any input passed to be evaluated and executed, resulting in a scenario where a specially-crafted string within the schema can be abused for the injection of system commands.”

Title: Unpatched Dahua Cams Vulnerable to Unauthenticated Remote Access

Date Published: October 7, 2021

https://www.bleepingcomputer.com/news/security/unpatched-dahua-cams-vulnerable-to-unauthenticated-remote-access/

Excerpt: “Dahua Technology is banned from doing business and selling products in the United States, as the Chinese surveillance camera vendor was added onto the U.S. Department of Commerce’s ‘Entity List’ back in October 2019. However, there are still tens of thousands of Dahua cameras actively used in the country, and some of them may not be so obvious. As a recent report from The Intercept details, many cameras sold in the U.S. under American (like Honeywell) or Canadian branding are, in fact, using Dahua hardware and even software.”

Title: Twitch Data Breach Updates: Login Credentials or Card Numbers Not Exposed

Date Published: October 7, 2021

https://securityaffairs.co/wordpress/123060/data-breach/twitch-data-breach-updates.html

Excerpt: “As the investigation is ongoing, we are still in the process of understanding the impact in detail. We understand that this situation raises concerns, and we want to address some of those here while our investigation continues.” reads the update published by the company. “At this time, we have no indication that login credentials have been exposed. We are continuing to investigate. Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed.”

Title: Honeywell Critical Vulnerabilities in Experion Process Knowledge System and ACE Controllers

Date Published: October 7, 2021

https://heimdalsecurity.com/blog/honeywell-critical-vulnerabilities-in-experion-process-knowledge/

Excerpt: “In the case of the Experion PKS, Team82 found that it is possible to mimic the download code procedure and use these requests to upload arbitrary DLL/ELF files (for simulators and controllers, respectively). The device then loads the executables without performing checks or sanitization, giving an attacker the ability to upload executables and run unauthorized native code remotely without authentication.”

Title: New U.S. Government Initiative Holds Contractors Accountable for Cybersecurity

Date Published: October 7, 2021

https://thehackernews.com/2021/10/us-justice-dept-launches-civil-cyber.html

Excerpt: “The Civil Cyber-Fraud Initiative is part of the U.S. Justice Department’s (DoJ) efforts to build resilience against cybersecurity intrusions and holding companies to task for deliberately providing deficient cybersecurity products or services, misrepresenting their cybersecurity practices or protocols, or violating their obligations to monitor and report cybersecurity incidents and breaches. To that end, the government intends to utilize the False Claims Act (FCA) to go after contractors and grant recipients for cybersecurity-related fraud by failing to secure their networks and notify about security breaches adequately.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...