CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Subscribe

Episode 46: February 20 2023

February 20, 2023 Jim Guckin CyberSecurity News Byte 22:5031.00M Comments Off on Episode 46: February 20 2023

Links

https://thehackernews.com/2023/02/fortinet-issues-patches-for-40-flaws.html

https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter

https://www.bleepingcomputer.com/news/security/coinbase-cyberattack-targeted-employees-with-fake-sms-alert/

https://www.securityweek.com/spain-orders-extradition-of-british-alleged-hacker-to-u-s/

Fortinet Patches 40 Flaws

  • Fortinet released updates.
    • Addresses 40 vulnerabilities.
      • 2 – Critical
      • 15 – High
      • 22 – Medium
      • 1 – Low
    • internally discovered and reported
  • CVE-2022-39952
    • CVSS 9.8/10
    • in the FortiNAC network access control solution
      • arbitrary code execution
      • unauthenticated attacker to write to the system.
    • Impacted Versions
      • FortiNAC version 9.4.0
      • FortiNAC version 9.2.0 through 9.2.5
      • FortiNAC version 9.1.0 through 9.1.7
      • FortiNAC 8.8 all versions
      • FortiNAC 8.7 all versions
      • FortiNAC 8.6 all versions
      • FortiNAC 8.5 all versions, and
      • FortiNAC 8.3 all versions
    • Horizon2.ai
      • Plans to release PoC code soon.

  • CVE-2021-42756
    • CVSS 9.3/10
    • unauthenticated remote attacker to allow code execution.
      • via specifically crafted HTTP requests
    • Impacted Versions
      • FortiWeb versions 6.4 all versions
      • FortiWeb versions 6.3.16 and below
      • FortiWeb versions 6.2.6 and below
      • FortiWeb versions 6.1.2 and below
      • FortiWeb versions 6.0.7 and below, and
      • FortiWeb versions 5.x all versions
    • fixes available in versions FortiWeb 6.0.8, 6.1.3, 6.2.7, 6.3.17, and 7.0.0

Twitter MMS MFA Disaster

  • 20 March 2023
    • Twitter will make text message MFA Blue only.
    • Paid
    • After date, disabled automatically.
  • Other Methods Still Free
    • Authentication App
    • Security Key
  • Cost
    • MMS services cost to send text messages

Coinbase cyberattack targeted employees with fake SMS alert

  • Coinbase
    • cryptocurrency exchange
    • attacker obtained some contact information belonging to multiple Coinbase employees
    • customer funds and data remained unaffected.
  • Attack
    • Sunday, February 5
    • SMS alerts urging them to login to company accounts.
      • most employees ignored the messages.
      • one fell for it and went to the phishing page.
    • After entering their credentials
      • thanked and prompted to disregard the message.
  • Phase 2
    • log into Coinbase’s internal systems using the stolen credential.
      • MFA WIN!
    • 20 minutes later called the employee claiming to be from the Coinbase IT team.
      • directed the victim to log into their workstation and follow some instructions.
  • CSIRT
    • detected the unusual activity within 10 minutes.
    • contacted the victim to inquire about unusual recent activities from their account.
    • employee realized what happened and stopped talking with attacker.
  • Defense
    • Any web traffic from the company’s technology assets to specific addresses, including sso-.com, -sso.com, login.-sso.com, dashboard-.com, and *-dashboard.com.
    • Any downloads or attempted downloads of specific remote desktop viewers, including AnyDesk (anydesk dot com) and ISL Online (islonline[.]com)
    • Any attempts to access the organization from a third-party VPN provider, specifically Mullvad VPN
    • Incoming phone calls/text messages from specific providers, including Google Voice, Skype, Vonage/Nexmo, and Bandwidth
    • Any unexpected attempts to install specific browser extensions, including EditThisCookie

Spain Orders Extradition of Alleged British Hacker to US

  • Spain’s National Court
    • agreed to the extradition to the U.S. of a British citizen.
      • who allegedly took part in computer attacks.
        • July 2020 hacking of 130 Twitter accounts of public figures
          • Joseph Biden
          • Barack Obama
          • Bill Gates
    • requirements had been met for handing over Joseph James O’Connor to U.S. authorities.
      • 14 charges
        • revelation of secrets
        • membership of a criminal gang
        • illegal access to computer systems
        • internet fraud
        • money laundering and extortion.
  • Joseph James O’Connor
    • Age 23
    • Liverpool, England
    • arrested in the southern Spanish coastal town of Estepona in July 2021.
  • SnapChat
    • hacking the Snapchat account of an unidentified public figure
      • allegedly tried to extort.
        • with the threat of publishing nude photographs
  • Swatting
    • prank calls to emergency services aimed at getting large numbers of police to be sent to different locations.