Syntax Bearror

Top Menu

  • Home
  • PowerShell Resource
  • SpiceWorld 2019 Resources
  • Contact Us
  • About Us

Main Menu

  • Home
  • Blog
  • IT Guides
  • How-To’s
  • IT Fixes
  • Cybersecurity
  • Reviews
  • Home
  • PowerShell Resource
  • SpiceWorld 2019 Resources
  • Contact Us
  • About Us

logo

Header Banner

Syntax Bearror

  • Home
  • Blog
  • IT Guides
  • How-To’s
  • IT Fixes
  • Cybersecurity
  • Reviews
Bear Security
Home›Bear Security›Bear Security – Security News for the Week of July 26th, 2021

Bear Security – Security News for the Week of July 26th, 2021

By Christopher
July 26, 2021
1630
0
Share:
Collage of Hundred Dollar Bills and Bitcoin Coins in Silver and Gold

These are the stories that relate to our business, clients, careers, and community in the cybersecurity world for the Week of July 26th, 2021. Watch this in video form over on YouTube, or you can listen on the go with the Bear Security podcast.

Kaseya Gets Decryptor, Requires NDA to Receive

ARS Technica reported on Thursday that IT software firm Kaseya, who was at the center of the largest coordinated ransomware attack to date, has obtained a universal decryptor to restore the data of companies affected. Kaseya claims the decryptor came from a trusted third party, but how they obtained this, and whether they paid for it, remains uncertain. This development comes as a relief for organizations who have been unable to resume operations or fully restore their data, especially after the ransomware group REvil, who is responsible for the attack, went offline.

To make these already turbulent matters worse, CNN is reporting that Kaseya is requiring that businesses sign a Non-Disclosure Agreement in order to obtain the decryptor, making it harder for researchers and even the Government, to piece together what happened. While NDA’s are not uncommon in certain situations, we have to wonder what exactly is Kaseya looking to hide at this point? Thus far, Kaseya has declined to comment on the agreements to CNN.

Read the full story from ARS Technica or the reporting by CNN about the NDAs.

Organizations Publish Forensic Evidence of Spyware Used By Governments Against Targets

Wired reported Thursday on research published by an international group of researchers and journalists from more than 14 different organizations, regarding the behavior of Israeli spyware vendor, NSO Group. They say that the NSO group’s spyware, Pegasus, was being used on activists, journalists, executives, and politicians by multiple governments including India, Mexico, and the United Arab Emirates, based on a leaked list of 50,000 phone numbers they obtained. In addition to the research, they published a tool called the Mobile Verification Toolkit, which can check your Android or iOS device for any indicators that it was bugged by the Pegasus spyware. Amazon recently shut down cloud infrastructure linked to the NSO group last Monday after reports began to surface about the use of the Pegasus spyware.

NSO Group has called the research “False allegations by a consortium of media outlets” and said it would no longer respond to media inquiries.

Read the full story including the checkered history of the NSO Group over on Wired. If you believe you may have been targeted, you can check out the Mobile Verification Toolkit over on GitHub.

SeriousSAM Vulnerability Allows Standard Users to Access Sensitive Information

ThreatPost is reporting that a privilege escalation vulnerability affecting versions of Windows 10 & the pre-build versions of Windows 11 has been given a workaround fix by Microsoft. The vulnerability, tracked as CVE-2021-36934 exists due to an unusual set of permissions on multiple system files, including the SAM database, which would allow an attacker access to hashed credentials. These hashes could then be decrypted offline and used to gain access using more permissive accounts overall.

Systems running Windows 10 as far back as build 1809 have been found to be vulnerable, but not every system is showing to be vulnerable unless shadow volumes are enabled or the Windows System Protection feature. To resolve the vulnerability, Microsoft is recommending administrators reset the permissions on the target folder, along with clearing all prior shadow copies.

Read the full story over on ThreatPost or Microsoft’s MSRC advisory that includes the workaround details.

Fortinet FortiManager and FortiAnalyzer Patched After Remote Code Execution Vulnerability Discovered

The Register is reporting that Fortinet has patched flaws in their FortiManager and FortiAnalyzer products to address a remote code execution vulnerability. The vulnerability affects the fgfmsd daemon and can be exploited by sending a specially crafted request to the target device’s FGFM port which provides a remote attacker the ability to execute unauthorized code as root. The FGFM service is disabled by default in FortiAnalyzer, and can only be enabled on certain models.

Fortinet recommends customers upgrade to the most recently released version, in the 5.x, 6.x, or 7.x branch, to close the hole. If that is not possible, the workaround is to disable the FortiManager features on the FortiAnalyzer units manually.

You can find the workaround code or more on this vulnerability over on The Register.

Pair of Linux Privilege Escalation Flaws Go Back to 2014

DarkReading is reporting that Qualys has identified two vulnerabilities in the Linux kernel. The vulnerabilities relate to how the Linux kernel handles the conversion of specific data types that can then be used to gain root-level access. This is triggered by either mounting a filesystem on a very long path which can crash a system, or creating, mounting, and deleting a deep directory structure whose total path length exceeds 1 GB. So far, RedHat, Ubuntu, Debian, and SUSE have confirmed the vulnerability and released patches. A PoC has also been published but an attacker must have an authenticated user account to be able to attempt the exploitation.

Read more about the vulnerability over at DarkReading, or the research details over at Qualys.

Stories Not Included in This Week’s Episode

  • A deep dive workshop on the Velociraptor tool.
  • The Cybersecurity and Infrastructure Security Agency (CISA) has released several analysis samples of malware that affected Pulse Secure.
  • What someone learned after doing Cloud Forensics for a year in Azure AD.
  • A PowerShell way to determine what accounts in Microsoft 365 have MFA Enforced or Not Enforced.
  • Learn a method of Command-Line Obfuscation to help understand how it appears on your systems.

That’s all for this week’s security news. Come back every Monday morning for the next rendition or check it out over on YouTube or on podcast. Stay safe out there friends.

Feature photo by David McBee from Pexels.

TagsFortiAnalyzerFortiManagerFortinetKaseyaKernelLinuxNSO GroupPegasusQualysRansomwareREvilSeriousSAMwindows
Previous Article

Bear Security – Security News for the ...

Share:

Christopher

Christopher Clai is a Senior Security Engineer, IT Generalist, and Developer from Chicago, IL with over 20 years of experience in Information Technology ranging from small businesses to Fortune 500's. Chris loves the Pacific Northwest, Sushi, Invader Zim, Rugby, World of Warcraft, raves, and is an avid user of Microsoft and Linux-based technologies.

Related articles More from author

  • Colorado Flag Waving
    Bear Security

    Bear Security – Security News for the Week of July 19th, 2021

    July 19, 2021
    By Christopher
  • Bear Security

    Bear Security – Security News for Week of May 1st, 2021

    May 1, 2021
    By Christopher
  • Bear Security

    Bear Security – Security News for the Week of July 5th, 2021

    July 5, 2021
    By Christopher
  • Green Code on Laptop Screen with Hand on Keyboard
    Bear Security

    Bear Security – Security News for Week of June 19th, 2021

    June 20, 2021
    By Christopher
  • Screenshot of Windows Background
    How To's

    Redirecting Profile Folders in Windows 10

    August 18, 2019
    By Christopher
  • Bear Security

    Bear Security – Security News for Week of June 5th, 2021

    June 5, 2021
    By Christopher

Leave a reply Cancel reply

  • Microsoft Defender ATP Logo
    IT Fixes

    Fixing Sudden Loss of SIEM Synchronization with Windows Defender ATP

  • From The Desk of Syntax Bearror
    Blog

    The Next Phase for Syntax Bearror

  • Blog

    My Bachelor Degree Experience at WGU

Follow Us on Social

See the Syntax at These Events

All appearances for 2020 have been cancelled due to COVID-19. Stay safe out there and see you all at events in 2021!

Like This Content?

Help Sytnax Bearror create more content, videos, podcasts, scripts, and more by contributing to our caffiene and technology addictions.

Subscribe to our Patreon

Buy Us a Coffee

Most Popular

IT Fixes

Dell Laptops Showing “Press Power Button and Volume Down to Login”

  • How to Root AT&T Samsung S5 G900A (Up to Lollipop 5.0)

    By Christopher
    May 21, 2015
  • Fixing APC PowerChute Personal Edition Not Detecting UPS on Windows 10

    By Christopher
    March 15, 2021
  • Windows 10 Locking Up Intermittently with File Operations

    By Christopher
    October 24, 2015
  • PrintNightmare Part II – Print Spooler Remains Vulnerable Across Windows

    By Christopher
    July 3, 2021

Latest Tweets

  • My time on this social network has come to an end. Fair winds my friends. Find me at: https://t.co/G1ygbdZ5Cd:… https://t.co/qEwtgbJlJm

    Nov 20, 2022
  • Midterms must not have been loud enough. Millennials and Gen Z, get louder.

    Nov 14, 2022
  • Given the direction of things, I'll likely be leaving the bird app. Let's connect via other platforms!… https://t.co/4bl04V46mz

    Oct 31, 2022
  • If you are a member of ISC2, this is a good thread to read on the upcoming vote. I agree with the author, these are… https://t.co/O1dFGUbQQG

    Oct 17, 2022
  • Maybe unpopular opinion? Microsoft needs to make Threat Explorer a part of the Defender for 365 P1 License. Threat… https://t.co/1x0qnoMRrb

    Oct 12, 2022

Categories

Bear Security Blog Cybersecurity How To's IT Fixes Reviews

Copyright Statement

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
©2014 - 2021 - SyntaxBearror.io. All rights reserved unless otherwise noted.