January 3, 2022

Fortify Security Team
Jan 3, 2022

Title: Don’t Copy-paste Commands from Webpages — You Can Get Hacked

Date Published:  January 3, 2022


Excerpt:  “Programmers, sysadmins, security researchers, and tech hobbyists copying-pasting commands from web pages into a console or terminal are warned they risk having their system compromised.  A technologist demonstrates a simple trick that’ll make you think twice before copying and pasting text from web pages.  Recently, Gabriel Friedlander, founder of security awareness training platform Wizer demonstrated an obvious yet surprising hack that’ll make you cautious of copying-pasting commands from web pages.”

Title: Microsoft Releases Emergency Fix for Exchange Year 2022 Bug

Date Published:  January 2, 2022


Excerpt:  “Microsoft has released an emergency fix for a year 2022 bug that is breaking email delivery on on-premise Microsoft Exchange servers.  As the year 2022 rolled in and the clock struck midnight, Exchange admins worldwide discovered that their servers were no longer delivering email. After investigating, they found that mail was getting stuck in the queue.  These errors are caused by Microsoft Exchange checking the version of the FIP-FS antivirus scanning engine and attempting to store the date in a signed int32 variable.”

Title: Apple iOS Vulnerable to HomeKit ‘DoorLock’ Denial of Service Bug

Date Published:  January 3, 2022


Excerpt:  “A novel persistent denial of service vulnerability named ‘doorLock’ was discovered in Apple HomeKit, affecting iOS 14.7 through 15.2.  Apple HomeKit is a software framework that lets iPhone and iPad users control smart home appliances from their devices.  According to Trevor Spinolas, the security researcher who publicly disclosed the details, Apple has known about the flaw since August 10, 2021. Yet, despite the repeated promises to fix it, the researcher says Apple has continually pushed the security update further, and it remains unresolved.”

Title: SEGA Europe Left AWS S3 Bucket Unsecured Exposing Data and Infrastructure to Attack

Date Published:  January 3, 2022


Excerpt:  “At the end of the year, gaming giant SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket, cybersecurity firm VPN Overview reported.  The unsecured S3 bucket contained multiple sets of AWS keys that could have allowed threat actors to access many of SEGA Europe’s cloud services along with MailChimp and Steam keys that allowed access to those services. in SEGA’s name.”

Title: NASA Director Twitter Account Hacked by Powerful Greek Army

Date Published:  January 2, 2022


Excerpt:  “The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group.  I contacted the group for a comment, a spokesman told me that they have targeted the NASA Director for fun, the attack was not politically motivated. They have chosen Kopardekar because they were looking for someone who works at NASA.  In April 2020, the Powerful Greek Army group compromised the Twitter account of the vice-speakers of the Greek Parliament and KINAL MP, Odysseas Konstantinopoulosening.”

Title: Copycat and Fad Hackers Will be the Bane of Supply Chain Security in 2022

Date Published:  December 31, 2021


Excerpt:  “Replicable attacks and a low barrier to entry will ensure the rate of supply chain attacks increases next year, cybersecurity researchers have warned.  The supply chain is a consistent attack vector for threat actors today. By compromising a centralized service, platform, or software, attackers can then either conduct widespread infiltration of the customers and clients of the original — singular — victim or may choose to cherry-pick from the most valuable potential targets.  This can save cybercriminals time and money, as one successful attack can open the door to potentially thousands of victims at once.”

Title: T-Mobile Confirms SIM Swapping Attacks Led to Breach

Date Published:  December 30, 2022


Excerpt:  “T-Mobile has confirmed a data breach that was caused in part by SIM swapping attacks, according to a statement from the company.  The T-Mo Report, a blog tracking T-Mobile, obtained internal reports showing that some data was leaked from a subset of customers.  Some individuals had their customer proprietary network information (CPNI) leaked, which includes information about a customer’s plan, the number of lines, the phone numbers, the billing account, and more. Others had their SIMs swapped.  Some were victims of both the CPNI leak and the SIM swaps.  When pressed for comment by ZDNet, T-Mobile refused to go into detail about the attack and would not say how many customers were affected in the incident.”

Title: DDoS Attacks Against Online Gamers and the Damaging Ripple Effect

Date Published:  December 30, 2021


Excerpt:  “DDoS attacks targeting online gaming platforms are not a new occurrence. Indeed attacks on individual players have become increasingly common over the past decade. However, the explosive growth of gaming during the pandemic has added even more fuel to this fire. So how do these attacks work?  One-on-one sessions and voice messaging services are commonly used gaming practices, which puts unsuspecting potential victims in direct view of their attackers through competition. Most online gaming platforms typically hide a player’s IP address, making it difficult to target an individual. However, many gamers who use private servers may unintentionally reveal their IP address and information to administrators or other fellow players. In addition, third-party messaging apps used by groups of players or teams may also unintentionally disclose their IP information.  An IP address provides unique information to identify a single electronic device connected to the internet, allowing data to be exchanged between a device and its local network. Once located, the attacker can launch a DDoS attack against their target’s specific device. When the attack begins, the individual will experience a sudden lag in the speed and quality of their game, leaving them completely unable to play. The result is that the attacker can then win the game.”

Title: A Year in Microsoft Bugs: The Most Critical, Overlooked & Hard to Patch

Date Published:  December 28, 2021


Excerpt:  “In a year bookended by the late-2020 SolarWinds supply chain attack and the widespread Log4j vulnerability, security teams have consistently juggled and prioritized an ongoing wave of threats. And between those, they have a monthly Patch Tuesday update to contend with.  While Microsoft patched fewer vulnerabilities in 2021 than in 2020, the company fixed 883 bugs in 2021, says Aanchal Gupta, vice president of the Microsoft Security Response Center. Some of these resulted in widespread exploitation; some merited greater attention, and as a group, many reflected trends and patterns that security teams should note in the year ahead.  Among the most memorable vulnerabilities, disclosed and patched in March 2021, were those existing in on-premises versions of Microsoft Exchange Server. At the time it reported the vulnerabilities, Microsoft said these were used in “limited and targeted” attacks conducted by a group called Hafnium, which officials said is state-sponsored and operates out of China.”

Title: 7 of the Most Impactful Cybersecurity Incidents of 2021

Date Published:  December 23, 2021


Excerpt:  “The Log4j vulnerability that became public on Dec. 10 quickly established itself as one of the most significant security threats of 2021. But, by far, it was not the only issue that security teams had to wrestle with through the year.  As with every year, 2021 had its share of other big data breaches and security incidents that impacted many organizations.  For those keeping score, 1,291 breach incidents were publicly reported through Sept. 30, according to the Identity Theft Resource Center (ITRC). That number was already 17% higher than the 1,108 breaches disclosed for all of 2020. If the trend continues, 2021 could break the record of 1,529 breaches that were reported in 2017.  But breaches weren’t the only concern. A new Redscan analysis of the National Vulnerability Database (NVD) showed that more vulnerabilities — 18,439 — have been disclosed so far this year than in any previous year-to-date. Redscan found that some nine in 10 of them can be exploited by attackers with limited hacking or technical skills.  For security teams defending their organizations against threats daily, the statistics are unlikely to come as much of a surprise. Even so, the data hammers home the challenges organizations faced in 2021 — and will no doubt continue to face next year, as well.  The following is a list of seven of the most impactful breaches, attacks, and vulnerabilities of 2021.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...