December 22, 2021

Fortify Security Team
Dec 22, 2021

Title: Four Bugs in Microsoft Teams Left Platform Vulnerable Since March

Date Published: December 22, 2021

https://threatpost.com/microsoft-teams-bugs-vulnerable-march/177225/

Excerpt: “Two of the four bugs discovered affected Microsoft Teams being used on any device and allow for server-side request forgery (SSRF) and spoofing, researchers said. The other two—dubbed “IP Address Leak” and “Denial of Service aka Message of Death” by researchers—affect only Android users. The SSRF vulnerability allowed researchers to leak information from Microsoft’s local network and was discovered when Bräunlein tested the /urlp/v1/url/info endpoint for SSRF, he said.”

Title: 2easy Now a Significant Dark Web Marketplace for Stolen Data

Date Published: December 21, 2021

https://www.bleepingcomputer.com/news/security/2easy-now-a-significant-dark-web-marketplace-for-stolen-data/

Excerpt: “A dark web marketplace named ‘2easy’ is becoming a significant player in the sale of stolen data “Logs” harvested from roughly 600,000 devices infected with information-stealing malware. “Logs” are archives of data stolen from compromised web browsers or systems using malware, and their most important aspect is that they commonly include account credentials, cookies, and saved credit cards. 2easy launched in 2018 and has experienced rapid growth since last year when it only sold data from 28,000 infected devices and was considered a minor player.”

Title: Major Services Including Slack, AWS, Hulu, Imgur Facing Outages

Date Published: December 22, 2021

https://www.bleepingcomputer.com/news/technology/major-services-including-slack-aws-hulu-imgur-facing-outages/

Excerpt: “Users are receiving errors when sending or editing messages on Slack, such as:  “Couldn’t send message. Your message, along with any files and attachments, has been saved to your drafts,” or “Sorry, something went wrong with editing your message. Try again in a moment.” currently investigating the issue and will provide a status update once we have more information,” Slack has confirmed, with its status page continuing to show further disruptions.”

Title: Ghana Govt Agency Exposed 700k Citizens’ Data in a Database Mess Up

Date Published: December 22, 2021

https://www.hackread.com/ghana-govt-agency-citizens-data-leak/

Excerpt: “NSS is basically a government program that manages a compulsory year of public service for Ghana-based graduates from specific educational institutions. Thousands of students join this program every year to work in different public sectors such as healthcare. Data of at least 700,000 individuals was exposed in this breach, making the individuals vulnerable to fraud, identity theft, and hacking scams. Moreover, those working at the government agency have also become vulnerable to various attacks.”

Title: China Suspends Deal With Alibaba for Not Sharing log4j 0-Day First with the Government

Date Published: December 22, 2021

https://thehackernews.com/2021/12/china-suspends-deal-with-alibaba-for.html

Excerpt: “China’s internet regulator, the Ministry of Industry and Information Technology (MIIT), has suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of e-commerce giant Alibaba Group, for six months for failing to promptly report a critical security vulnerability affecting the broadly used Log4j logging library. Alibaba Cloud did not immediately report vulnerabilities in the popular, open-source logging framework Apache Log4j2 to China’s telecommunications regulator,” Reuters said. “In response, MIIT suspended a cooperative partnership with the cloud unit regarding cybersecurity threats and information-sharing platforms.”

Title: Ubisoft Reveals Player Data Breach Came from User Error

Date Published: December 22, 2021

https://www.infosecurity-magazine.com/news/ubisoft-player-data-breach/

Excerpt: “Ubisoft has admitted that data on some players may have been taken after a breach of its IT systems stemming from human error. The French gaming giant explained in a brief post that the misconfiguration of its IT infrastructure was quickly identified, but not before unauthorized individuals were able to access and perform a “possible copy” of the information. Data stolen related to players of the wildly popular Just Dance game. “The data in question was limited to ‘technical identifiers’ which include GamerTags, profile IDs, and Device IDs as well as Just Dance videos that were recorded and uploaded to be shared publicly with the in-game community and/or on your social media profiles,” the firm explained.”

Title: US Returns $150m to Sony After Employee BEC Attack

Date Published: December 22, 2021

https://www.infosecurity-magazine.com/news/us-returns-150m-to-sony/

Excerpt: “Although Sony had a double authentication process set up for international money transfers, requiring both Ishii and his supervisor to sign them off, the former is said to have instructed the company’s bank to change the contact email address for his boss. That enabled him to initiate and sign-off money transfers to an account under his control totaling $154m, which he later converted into Bitcoin, according to court documents. Ishii is even said to have emailed several executives, including his supervisor with a ransom note claiming that the money would be returned if they paid a fee. The end goal appears to have been to dissuade them from filing criminal charges.”

Title: Attackers Test “Cab-Less 40444” Exploit in a Dry Run

Date Published: December 21, 2021

https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/

Excerpt: “In the initial versions of CVE-2021-40444 exploits, malicious Office documents retrieved a malware payload packaged into a Microsoft Cabinet (or .CAB) file. When Microsoft’s patch closed that loophole, attackers discovered they could use a different attack chain altogether by enclosing the maldoc in a specially-crafted RAR archive. Because it doesn’t actually use the CAB-style attack method, we’ve called it the CAB-less 40444 exploit. The attachments represent an escalation of the attacker’s abuse of the -40444 bug and demonstrate that even a patch can’t always mitigate the actions of a motivated and sufficiently skilled attacker.”

Title: Of Course a Bluetooth-Using Home COVID Test Was Cracked to Fake Results

Date Published: December 22, 2021

https://www.theregister.com/2021/12/22/ellume_home_covid_test_cracked/

Excerpt: “The firm tested the Ellume COVID-19 Home Test, a device selected specifically because it uses a “Bluetooth connected analyzer for use with an app on your phone.” It gets worse: faked data produced by the Ellume unit was happily ingested by an outfit named Azova that certifies the results of COVID tests so that travelers can enter the USA. F-Secure’s post details a test in which one of its staff used the Ellume device to test for COVID, produced a negative result, but used the methods above to falsify the results.”

Title: The log4j Flaw Is the Latest Reminder That Quick Security Fixes Are Easier Said than Done

Date Published: December 21, 2021

https://www.cyberscoop.com/log4j-hack-security-update-ransomware/

Excerpt: “The researchers found nearly 36,000 Java software packages that depend on the affected Log4j code, most of which were indirect dependencies, which adds complexity and time for anybody responsible for fixing the problems. Even as organizations work to identify vulnerable assets and apply the appropriate patch, the problem may not be totally solved and may not become known for months or even years. Skilled hackers will find ways into systems using the vulnerability before everything can be patched, and then lay low, experts say.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...