January 11, 2021

Fortify Security Team
Jan 11, 2022

Title: Kcodes Netusb Kernel Remote Code Execution Flaw Impacts Millions of Devices
Date Published: January 11, 2022

https://www.zdnet.com/article/kcodes-netusb-kernel-remote-code-execution-flaw-impacts-millions-of-devices/

Excerpt: “Researcher Max Van Amerongen discovered the bug while examining a Netgear device. The kernel module, NetUSB, did not properly validate the size of packets fetched via remote connections, allowing a potential heap buffer overflow. According to Amerongen, although a malicious payload would be difficult to write to trigger CVE-2021-45388 due to coding restraints, an exploit could result in the remote execution of code in the kernel. SentinelOne says that vendors including Netgear, TP-Link, DLink, and Western Digital license the software, and all of them are now aware of the security flaw.”

Title: New MacOS Vulnerability, “Powerdir,” Could Lead To Unauthorized User Data Access
Date Published: January 10, 2022

https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/

Excerpt: “Following our discovery of the “Shrootless” vulnerability, Microsoft uncovered a new macOS vulnerability, “powerdir,” that could allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology, thereby gaining unauthorized access to a user’s protected data. We shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR). Apple released a fix for this vulnerability, now identified as CVE-2021-30970, as part of security updates released on December 13, 2021. We encourage macOS users to apply these security updates as soon as possible.”

Title: Ransomware: Hackers Are Using log4j Flaw as Part of Their Attacks, Warns Microsoft
Date Published: January 11, 2022

https://www.zdnet.com/article/ransomware-warning-hackers-are-using-log4j-flaw-as-part-of-their-attacks-warns-microsoft/

Excerpt: “The financially motivated ransomware attacks target CVE-2021-44228, the original Log4Shell flaw disclosed on December 9, and mark one new threat posed by the critical vulnerability that affects internet-facing software, systems and devices where vulnerable versions of the Java-based Log4j application error-logging component are present. “As early as January 4, attackers started exploiting the CVE-2021-44228 vulnerability in internet-facing systems running VMware Horizon. Our investigation shows that successful intrusions in these campaigns led to the deployment of the NightSky ransomware,” Microsoft notes in an update to its recommendations for mitigating Log4Shell.”

Title: Avoslocker Ransomware Now Targets Linux Systems, Including ESXi Servers
Date Published: January 11, 2022

https://securityaffairs.co/wordpress/126564/malware/avoslocker-targets-linux-esxi.html

Excerpt: “According to BleepingComputer, upon execution AvosLinux terminates all ESXi machines on the server then it starts encrypting files. The AvosLocker ransomware appends the .avoslinux extension to the filenames of all the encrypted files, then drops ransom notes in each folder containing the encrypted files. The AvosLocker ransomware-as-a-service recently emerged in the threat landscape and its attacks surged between November and December. In a recent wave of attacks, AvosLocker ransomware is rebooting systems into Windows Safe Mode to disable endpoint security solutions.”

Title: Four Million Outdated log4j Downloads Were Served from Apache Maven Central Alone despite Vuln Publicity Blitz
Date Published: January 11, 2022

https://www.zdnet.com/article/abcbot-botnet-has-now-been-linked-to-xanthe-cryptojacking-group/

Excerpt: “Maven’s central repository is where a large number of Java-based projects retrieve required libraries from. Interestingly enough, Sonatype said about 42 per cent of total downloads of Log4j over the weekend were of the very latest versions, 2.17 and 2.17.1 – the main Log4shell vulnerabilities were addressed by 2.16 – which suggests that at least some organisations are not just installing the patched versions of 2.15 or 2.16 but picking up the very latest. As for the cause of the outdated downloads, Turunen opined: “There’s this sort of long tail of software where it’s still being built… not necessarily as a direct dependency”.”

Title: Panasonic Giving Employees the Option of a Four-Day Work Week
Date Published: January 10, 2022

https://www.zdnet.com/article/panasonic-giving-employees-the-option-of-a-four-day-work-week/

Excerpt: “She added Panasonic will revise its appraisal system, and promotion and screening system, which the company believes will better support challenges faced by individuals in both their work and home life. Separately, the Japanese conglomerate has provided an update on its investigation into the data breach the company experienced in November. It detailed that candidate, applicant and internship related information, business partner contact details, and other business-related information provided by business partners and information generated internally by the company were accessed unlawfully during the breach. Individuals impacted are being informed, Panasonic said.”

Title: No Significant Intrusions Related to Log4j Flaw Yet, CISA Says
Date Published: January 10, 2022

https://www.darkreading.com/vulnerabilities-threats/no-significant-intrusions-related-to-log4j-flaw-yet-cisa-says

Excerpt: “The widespread patching and mitigation efforts within government — and elsewhere — are likely one reason there has not been any major reported incidents of a Log4j-related compromise in the US so far, the two CISA officials said. But it is also likely that attackers have already compromised many systems and are waiting for the right moment to strike, they noted. Meanwhile, Matt Keller, vice president of federal services at GuidePoint Security, says his organization’s interactions with federal agencies show that some of them are struggling to patch the Log4Shell flaw because they have end-of-life or end-of-support systems in their environments.”

Title: Breach Response Shift: More Lawyers, Less Cyber-Insurance Coverage
Date Published: January 10, 2022

https://www.darkreading.com/attacks-breaches/changes-to-breach-response-more-lawyers-less-cyber-coverage

Excerpt: “While the strategy may protect companies in the case of a lawsuit, since much of a legal firm’s research would be considered privileged information, the legal layers also make the collection of breach data more difficult, says Tufts’ Wolff. Wolff is collaborating with law professor Daniel Schwarcz at the University of Minnesota Law School and postdoctoral fellow in computer science Daniel Woods at the University of Innsbruck in Austria to determine whether the shift to using attorneys — and the protection that attorney-client privilege grants companies — is undermining organizations’ cybersecurity response.”

Title: Extortion DDoS Attacks Grow Stronger and More Common
Date Published: January 10, 2022

https://www.bleepingcomputer.com/news/security/extortion-ddos-attacks-grow-stronger-and-more-common/

Excerpt: “Looking at the IP addresses, most of these DDoS incidents originate from China, the U.S., Brazil, and India, deployed by botnets such as Meris, which emerged this year with a record-breaking assault of 21.8 million requests against Russian internet giant Yandex. Unlike an application-layer DDoS, which denies users access to a service, a network-layer DDoS attack targets the entire network infrastructure of a company trying to take down routers and servers. One of the largest DDoS attacks that Cloudflare mitigated lasted for 60 seconds and came from a botnet with 15,000 systems that hurled close to 2Tbps of junk packets at a customer.”

Title: Cyber-Thieves Raid Grass Valley
Date Published: January 10, 2022

https://www.infosecurity-magazine.com/news/cyber-thieves-raid-grass-valley/

Excerpt: “The city said that the attacker exploited the unauthorized access they enjoyed between April 13 and July 1 2021, to steal data belonging to an unspecified number of individuals. Victims affected by the data breach include Grass Valley employees, former employees, spouses, dependents, and individual vendors hired by the city. Other victims include individuals whose information may have been provided to the Grass Valley Police Department and individuals whose information was provided to the Grass Valley Community Development Department in loan application documents.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...