CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Website Subscribe

Episode 46: February 20 2023

February 20, 2023 Jim Guckin CyberSecurity News Byte Weekly 22:5031.00M Comments Off on Episode 46: February 20 2023

Links

https://thehackernews.com/2023/02/fortinet-issues-patches-for-40-flaws.html

https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter

https://www.bleepingcomputer.com/news/security/coinbase-cyberattack-targeted-employees-with-fake-sms-alert/

https://www.securityweek.com/spain-orders-extradition-of-british-alleged-hacker-to-u-s/

Fortinet Patches 40 Flaws

  • Fortinet released updates.
    • Addresses 40 vulnerabilities.
      • 2 – Critical
      • 15 – High
      • 22 – Medium
      • 1 – Low
    • internally discovered and reported
  • CVE-2022-39952
    • CVSS 9.8/10
    • in the FortiNAC network access control solution
      • arbitrary code execution
      • unauthenticated attacker to write to the system.
    • Impacted Versions
      • FortiNAC version 9.4.0
      • FortiNAC version 9.2.0 through 9.2.5
      • FortiNAC version 9.1.0 through 9.1.7
      • FortiNAC 8.8 all versions
      • FortiNAC 8.7 all versions
      • FortiNAC 8.6 all versions
      • FortiNAC 8.5 all versions, and
      • FortiNAC 8.3 all versions
    • Horizon2.ai
      • Plans to release PoC code soon.

  • CVE-2021-42756
    • CVSS 9.3/10
    • unauthenticated remote attacker to allow code execution.
      • via specifically crafted HTTP requests
    • Impacted Versions
      • FortiWeb versions 6.4 all versions
      • FortiWeb versions 6.3.16 and below
      • FortiWeb versions 6.2.6 and below
      • FortiWeb versions 6.1.2 and below
      • FortiWeb versions 6.0.7 and below, and
      • FortiWeb versions 5.x all versions
    • fixes available in versions FortiWeb 6.0.8, 6.1.3, 6.2.7, 6.3.17, and 7.0.0

Twitter MMS MFA Disaster

  • 20 March 2023
    • Twitter will make text message MFA Blue only.
    • Paid
    • After date, disabled automatically.
  • Other Methods Still Free
    • Authentication App
    • Security Key
  • Cost
    • MMS services cost to send text messages

Coinbase cyberattack targeted employees with fake SMS alert

  • Coinbase
    • cryptocurrency exchange
    • attacker obtained some contact information belonging to multiple Coinbase employees
    • customer funds and data remained unaffected.
  • Attack
    • Sunday, February 5
    • SMS alerts urging them to login to company accounts.
      • most employees ignored the messages.
      • one fell for it and went to the phishing page.
    • After entering their credentials
      • thanked and prompted to disregard the message.
  • Phase 2
    • log into Coinbase’s internal systems using the stolen credential.
      • MFA WIN!
    • 20 minutes later called the employee claiming to be from the Coinbase IT team.
      • directed the victim to log into their workstation and follow some instructions.
  • CSIRT
    • detected the unusual activity within 10 minutes.
    • contacted the victim to inquire about unusual recent activities from their account.
    • employee realized what happened and stopped talking with attacker.
  • Defense
    • Any web traffic from the company’s technology assets to specific addresses, including sso-.com, -sso.com, login.-sso.com, dashboard-.com, and *-dashboard.com.
    • Any downloads or attempted downloads of specific remote desktop viewers, including AnyDesk (anydesk dot com) and ISL Online (islonline[.]com)
    • Any attempts to access the organization from a third-party VPN provider, specifically Mullvad VPN
    • Incoming phone calls/text messages from specific providers, including Google Voice, Skype, Vonage/Nexmo, and Bandwidth
    • Any unexpected attempts to install specific browser extensions, including EditThisCookie

Spain Orders Extradition of Alleged British Hacker to US

  • Spain’s National Court
    • agreed to the extradition to the U.S. of a British citizen.
      • who allegedly took part in computer attacks.
        • July 2020 hacking of 130 Twitter accounts of public figures
          • Joseph Biden
          • Barack Obama
          • Bill Gates
    • requirements had been met for handing over Joseph James O’Connor to U.S. authorities.
      • 14 charges
        • revelation of secrets
        • membership of a criminal gang
        • illegal access to computer systems
        • internet fraud
        • money laundering and extortion.
  • Joseph James O’Connor
    • Age 23
    • Liverpool, England
    • arrested in the southern Spanish coastal town of Estepona in July 2021.
  • SnapChat
    • hacking the Snapchat account of an unidentified public figure
      • allegedly tried to extort.
        • with the threat of publishing nude photographs
  • Swatting
    • prank calls to emergency services aimed at getting large numbers of police to be sent to different locations.

CyberSecurity News Byte is a weekly podcast, condensing the latest cybersecurity news, in an easily digestible format. News that you need to know to keep yourself and your organization safe from today’s threats.

Facebook Twitter Instagram

© 2021-2022 All Rights Reserved. Developed By Podcrease