December 23, 2021

Fortify Security Team
Dec 23, 2021

Title: Apache’s New Security Update for HTTP Server Fixes Two Flaws
Date Published: December 23, 2021

https://www.zdnet.com/article/apaches-new-security-update-for-http-server-fixes-two-flaws/

Excerpt: “The foundation has released version 2.4.52 of the Apache HTTP Server (web server) that addresses two flaws tracked as CVE-2021-44790 and CVE-2021-44224, which have respective CVSS severity scores of 9.8 (critical) and 8.2 (high) out of a possible 10. A score of 9.8 is very bad, and in recent weeks has only been topped by the Log4j vulnerability known as Log4Shell, which had a severity score of 10 out of 10. The first Apache web server flaw is a memory-related buffer overflow affecting Apache HTTP Server 2.4.51 and earlier. The Cybersecurity and Infrastructure Security Agency (CISA) warns it “may allow a remote attacker to take control of an affected system”. The less serious flaw allows for server side request forgery in Apache HTTP Server 2.4.7 up to 2.4.51.”

Title: Hacker Faces over 20 Years in Jail for Creating Fake Rideshare and Delivery Service Accounts
Date Published: December 23, 2021

https://heimdalsecurity.com/blog/hacker-faces-over-20-years-in-jail-for-creating-fake-rideshare-and-delivery-service-accounts/

Excerpt: “The hacker managed to collect victim names, dates of birth, driver’s license information, and social security numbers (SSNs) available for sale on dark web marketplaces and misused them to create fake documents. As explained by BleepingComputer, most of the time, the hackers were the ones to take the photos used to bypass the facial recognition verifications used as security measures in rideshare and delivery service provider systems. In order to exchange information with the victim, the fraudsters purposefully staged a small car accident or took pictures of the victim’s license while making an alcohol delivery via one of the services.”

Title: FBI Traces and Grabs Back $150 Million Theft That Was Turned into Bitcoins
Date Published: December 23, 2021

https://blog.malwarebytes.com/crypto/2021/12/fbi-traces-and-grabs-back-150-million-theft-that-was-turned-into-bitcoins/

Excerpt: “Second, the FBI’s footprint internationally through our Legal Attaché offices and the pre-existing relationships we have established in foreign countries—in this instance with Japan—enabled law enforcement to coordinate and identify the subject. The FBI’s technical expertise was able to trace the money to the subject’s crypto wallet and seize those funds … Criminals should take note: You cannot rely on cryptocurrency to hide your ill-gotten gains from law enforcement.”

Title: Three Trivial Bugs in Microsoft Teams Software Remain Unpatched
Date Published: December 23, 2021

https://securityaffairs.co/wordpress/125922/hacking/microsoft-team-unpatched-flaws.html

Excerpt: “When creating a link preview, the backend fetches the referenced preview thumbnail and makes it available from a Microsoft domain. This ensures that the IP address and user agent data is not leaked when the receiving client loads the thumbnail. However, by intercepting the sending of the message, it’s possible to point the thumbnail URL to a non-Microsoft domain.” reads the analysis. “The Android client does not check the domain/does not have a CSP restricting the allowed domains and loads the thumbnail image from any domain.”

Title: This New Ransomware Has Simple but Very Clever Tricks to Evade PC Defenses
Date Published: December 23, 2021

https://www.zdnet.com/article/this-new-ransomware-has-simple-but-very-clever-tricks-to-evade-pc-defenses/

Excerpt: “One of the key features of AvosLocker is using the AnyDesk remote IT administration tool and running it Windows Safe Mode. The latter option was used by REvil, Snatch and BlackMatter as a way to disable a target’s intended security and IT admin tools. As Sophos points out, many endpoint security products do not run in Safe Mode – a special diagnostic configuration in which Windows disables most third-party drivers and software, and can render otherwise protected machines unsafe.”

Title: Alibaba Suffers Government Crackdown Over Log4j
Date Published: December 23, 2021

https://www.infosecurity-magazine.com/news/alibaba-suffers-government/

Excerpt: “According to news site Protocol, a Chinese regulation dubbed Provisions on Security Loopholes of Network Products was in force as of September. It mandates vulnerabilities be reported immediately to the manufacturer and within two days to the Chinese authorities. As a result, Alibaba Cloud has reportedly been suspended from MIIT’s threat information sharing platform for six months. Alibaba Cloud researcher Chen Zhaojun is credited by Apache with finding the first bug in the popular logging utility, dubbed “Log4Shell”.”

Title: Logistics Giant Warns of Scams Following Ransomware Attack
Date Published: December 23, 2021

https://blog.malwarebytes.com/reports/2021/12/logistics-giant-warns-of-scams-following-ransomware-attack/

Excerpt: “German logistics giant Hellmann Worldwide Logistics has issued a warning that data was stolen from the company when it was hit with a ransomware attack on December 9, 2021. It is not entirely clear what type of data was extracted, but the company says it is warning partners and customers to double check their communications with it, as a precaution. Criminals could use the leaked data to make social engineering attacks more believable, so Hellmann is asking people that do business with it to look out for fraudulent mails and calls.”

Title: 3 Reasons Why You Should Fuzz Your Christmas Tree
Date Published: December 23, 2021

https://medium.com/@CI_Fuzz/3-reasons-why-you-should-fuzz-your-christmas-tree-bbc0e4c99ce3

Excerpt: “Christmas trees (especially those put up by geeks) are often decorated with smart lights that are connected to Wi-Fi. Vulnerabilities in such hardware can be an entry point for attackers who want to hack Christmas. How easily such vulnerabilities can be exploited became clear in a 2018 study, in which security researchers managed to completely shut down Christmas decorations remotely. In other instances, IoT devices were hacked over the cloud and even set on fire*.”

Title: HackDHS Bug Bounty Program Accepts Reports of Log4J-Related Flaws in DHS Systems
Date Published: December 23, 2021

https://securityaffairs.co/wordpress/125913/security/hack-dhs-bug-bounty-log4j.html

Excerpt: “The Department of Homeland Security (DHS) has launched the ‘Hack DHS’ bug bounty program last week to allow vetted white hat hackers to discover and report security vulnerabilities in external DHS systems. The Hack DHS bug bounty program will occur in three phases throughout Fiscal Year 2022. During the first phase, researchers will perform remote vulnerability assessments on certain DHS external systems. In the second phase, the experts will participate in a live, in-person hacking event, while in the third phase, DHS will identify and review lessons learned, and plan for future bug bounties.”

Title: The log4j Flaw Is the Latest Reminder That Quick Security Fixes Are Easier Said than Done
Date Published: December 23, 2021

https://www.cyberscoop.com/log4j-hack-security-update-ransomware/

Excerpt: “The researchers found nearly 36,000 Java software packages that depend on the affected Log4j code, most of which were indirect dependencies, which adds complexity and time for anybody responsible for fixing the problems. Even as organizations work to identify vulnerable assets and apply the appropriate patch, the problem may not be totally solved and may not become known for months or even years. Skilled hackers will find ways into systems using the vulnerability before everything can be patched, and then lay low, experts say.

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...