January 11, 2021

Fortify Security Team
Jan 11, 2022

Title: Kcodes Netusb Kernel Remote Code Execution Flaw Impacts Millions of Devices
Date Published: January 11, 2022

https://www.zdnet.com/article/kcodes-netusb-kernel-remote-code-execution-flaw-impacts-millions-of-devices/

Excerpt: “Researcher Max Van Amerongen discovered the bug while examining a Netgear device. The kernel module, NetUSB, did not properly validate the size of packets fetched via remote connections, allowing a potential heap buffer overflow. According to Amerongen, although a malicious payload would be difficult to write to trigger CVE-2021-45388 due to coding restraints, an exploit could result in the remote execution of code in the kernel. SentinelOne says that vendors including Netgear, TP-Link, DLink, and Western Digital license the software, and all of them are now aware of the security flaw.”

Title: New MacOS Vulnerability, “Powerdir,” Could Lead To Unauthorized User Data Access
Date Published: January 10, 2022

https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/

Excerpt: “Following our discovery of the “Shrootless” vulnerability, Microsoft uncovered a new macOS vulnerability, “powerdir,” that could allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology, thereby gaining unauthorized access to a user’s protected data. We shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR). Apple released a fix for this vulnerability, now identified as CVE-2021-30970, as part of security updates released on December 13, 2021. We encourage macOS users to apply these security updates as soon as possible.”

Title: Ransomware: Hackers Are Using log4j Flaw as Part of Their Attacks, Warns Microsoft
Date Published: January 11, 2022

https://www.zdnet.com/article/ransomware-warning-hackers-are-using-log4j-flaw-as-part-of-their-attacks-warns-microsoft/

Excerpt: “The financially motivated ransomware attacks target CVE-2021-44228, the original Log4Shell flaw disclosed on December 9, and mark one new threat posed by the critical vulnerability that affects internet-facing software, systems and devices where vulnerable versions of the Java-based Log4j application error-logging component are present. “As early as January 4, attackers started exploiting the CVE-2021-44228 vulnerability in internet-facing systems running VMware Horizon. Our investigation shows that successful intrusions in these campaigns led to the deployment of the NightSky ransomware,” Microsoft notes in an update to its recommendations for mitigating Log4Shell.”

Title: Avoslocker Ransomware Now Targets Linux Systems, Including ESXi Servers
Date Published: January 11, 2022

https://securityaffairs.co/wordpress/126564/malware/avoslocker-targets-linux-esxi.html

Excerpt: “According to BleepingComputer, upon execution AvosLinux terminates all ESXi machines on the server then it starts encrypting files. The AvosLocker ransomware appends the .avoslinux extension to the filenames of all the encrypted files, then drops ransom notes in each folder containing the encrypted files. The AvosLocker ransomware-as-a-service recently emerged in the threat landscape and its attacks surged between November and December. In a recent wave of attacks, AvosLocker ransomware is rebooting systems into Windows Safe Mode to disable endpoint security solutions.”

Title: Four Million Outdated log4j Downloads Were Served from Apache Maven Central Alone despite Vuln Publicity Blitz
Date Published: January 11, 2022

https://www.zdnet.com/article/abcbot-botnet-has-now-been-linked-to-xanthe-cryptojacking-group/

Excerpt: “Maven’s central repository is where a large number of Java-based projects retrieve required libraries from. Interestingly enough, Sonatype said about 42 per cent of total downloads of Log4j over the weekend were of the very latest versions, 2.17 and 2.17.1 – the main Log4shell vulnerabilities were addressed by 2.16 – which suggests that at least some organisations are not just installing the patched versions of 2.15 or 2.16 but picking up the very latest. As for the cause of the outdated downloads, Turunen opined: “There’s this sort of long tail of software where it’s still being built… not necessarily as a direct dependency”.”

Title: Panasonic Giving Employees the Option of a Four-Day Work Week
Date Published: January 10, 2022

https://www.zdnet.com/article/panasonic-giving-employees-the-option-of-a-four-day-work-week/

Excerpt: “She added Panasonic will revise its appraisal system, and promotion and screening system, which the company believes will better support challenges faced by individuals in both their work and home life. Separately, the Japanese conglomerate has provided an update on its investigation into the data breach the company experienced in November. It detailed that candidate, applicant and internship related information, business partner contact details, and other business-related information provided by business partners and information generated internally by the company were accessed unlawfully during the breach. Individuals impacted are being informed, Panasonic said.”

Title: No Significant Intrusions Related to Log4j Flaw Yet, CISA Says
Date Published: January 10, 2022

https://www.darkreading.com/vulnerabilities-threats/no-significant-intrusions-related-to-log4j-flaw-yet-cisa-says

Excerpt: “The widespread patching and mitigation efforts within government — and elsewhere — are likely one reason there has not been any major reported incidents of a Log4j-related compromise in the US so far, the two CISA officials said. But it is also likely that attackers have already compromised many systems and are waiting for the right moment to strike, they noted. Meanwhile, Matt Keller, vice president of federal services at GuidePoint Security, says his organization’s interactions with federal agencies show that some of them are struggling to patch the Log4Shell flaw because they have end-of-life or end-of-support systems in their environments.”

Title: Breach Response Shift: More Lawyers, Less Cyber-Insurance Coverage
Date Published: January 10, 2022

https://www.darkreading.com/attacks-breaches/changes-to-breach-response-more-lawyers-less-cyber-coverage

Excerpt: “While the strategy may protect companies in the case of a lawsuit, since much of a legal firm’s research would be considered privileged information, the legal layers also make the collection of breach data more difficult, says Tufts’ Wolff. Wolff is collaborating with law professor Daniel Schwarcz at the University of Minnesota Law School and postdoctoral fellow in computer science Daniel Woods at the University of Innsbruck in Austria to determine whether the shift to using attorneys — and the protection that attorney-client privilege grants companies — is undermining organizations’ cybersecurity response.”

Title: Extortion DDoS Attacks Grow Stronger and More Common
Date Published: January 10, 2022

https://www.bleepingcomputer.com/news/security/extortion-ddos-attacks-grow-stronger-and-more-common/

Excerpt: “Looking at the IP addresses, most of these DDoS incidents originate from China, the U.S., Brazil, and India, deployed by botnets such as Meris, which emerged this year with a record-breaking assault of 21.8 million requests against Russian internet giant Yandex. Unlike an application-layer DDoS, which denies users access to a service, a network-layer DDoS attack targets the entire network infrastructure of a company trying to take down routers and servers. One of the largest DDoS attacks that Cloudflare mitigated lasted for 60 seconds and came from a botnet with 15,000 systems that hurled close to 2Tbps of junk packets at a customer.”

Title: Cyber-Thieves Raid Grass Valley
Date Published: January 10, 2022

https://www.infosecurity-magazine.com/news/cyber-thieves-raid-grass-valley/

Excerpt: “The city said that the attacker exploited the unauthorized access they enjoyed between April 13 and July 1 2021, to steal data belonging to an unspecified number of individuals. Victims affected by the data breach include Grass Valley employees, former employees, spouses, dependents, and individual vendors hired by the city. Other victims include individuals whose information may have been provided to the Grass Valley Police Department and individuals whose information was provided to the Grass Valley Community Development Department in loan application documents.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...