OSN JANUARY 19, 2021

Fortify Security Team
Jan 19, 2021

Title: Hackers Leaked Altered Pfizer Data to Sabotage Trust in Vaccines
Date Published: January 15, 2021


Excerpt: “The European Medicines Agency (EMA) today revealed that some of the stolen Pfizer/BioNTech vaccine candidate data was doctored by threat actors before being leaked online with the end goal of undermining the public’s trust in COVID-19 vaccines. EMA is the decentralized agency that reviews and approves COVID-19 vaccines in the European Union, and the agency that evaluates, monitors, and supervises any new medicines introduced to the EU.”

Title: DNSmasq Vulnerabilities Open Networking Devices, Linux Distros to DNS Cache Poisoning
Date Published: January 19, 2021


Excerpt: “JSOF researchers unearthed seven vulnerabilities: three allow cache poisoning and four are buffer overflow vulnerabilities, the worst of which could lead to a remote code execution on the vulnerable device (if Dnsmasq is configured to use DNSSEC). Collectively dubbed DNSpooq, these vulnerabilities (CVE-2020-25681-7) can be combined to build extremely effective multi-staged attacks, the researchers noted.”

Title: Fireeye Releases Tool for Auditing Networks for Techniques Used by Solarwinds Hackers
Date Published: January 19,  2021


Excerpt: “Cybersecurity firm FireEye has released today a report detailing the techniques used by the SolarWinds hackers inside the networks of companies they breached. Together with the report, FireEye researchers have also released a free tool on GitHub named Azure AD Investigator that they say can help companies determine if the SolarWinds hackers (also known as UNC2452) used any of these techniques inside their networks.”

Title: Successful Malware Incidents Rise as Attackers Shift Tactics
Date Published: January 15, 2021


Excerpt: “Companies relaxed security controls to help employees to be productive during the coronavirus pandemic, leading attackers to shift their tactics and take advantage of the chaos caused by remote work, according to a report published by cloud security firm Wandera on Jan. 15. Compared with pre-pandemic times, employees were twice as likely to connect to inappropriate content during work hours and more likely to continue accessing email after being compromised with mobile malware, the company states in its “Cloud Security Report 2021.” As a result, attackers shifted attacks to the weekends, and 41% more organizations experienced a malware infection on an employee’s remote device.”

Title: Iranian APT Group Revived Phishing Activities Over Holidays
Date Published:  January 16,  2021


Excerpt: “The campaign, which appears to have been active during the last several weeks of 2020, targeted individuals working for think tanks and political research centers, university professors, journalists and environmental activists. “The group started the new round of attacks at a time when most companies, offices, organizations, etc. were either closed or half-closed during the Christmas holidays and, as a result, their technical support and IT departments were not able to immediately review, identify, and neutralize these cyber incidents,” the Certfa Lab report notes. “Charming Kitten has taken full advantage of this timing to execute its new campaign to maximum effect”.”

Title: OpenWRT Reports Data Breach After Hacker Gained Access to Forum Admin Account
Date Published: January 18, 2021


Excerpt: “The maintainers of OpenWRT, an open-source project that provides free and customizable firmware for home routers, have disclosed a security breach that took place over the weekend. According to a message posted on the project’s forum and distributed via multiple Linux and FOSS-themed mailing lists, the security breach took place on Saturday, January 16, around 16:00 GMT, after a hacker accessed the account of a forum administrator.”

Title: Magecart Groups Hide Behind ‘Bulletproof’ Hosting Service
Date Published:  January 16, 2021


Excerpt: “Several Magecart groups hide their JavaScript skimmers, phishing domains and other malicious tools behind a “bulletproof” hosting service called Media Land, according to a report from security firm RiskIQ. During their investigation, the RiskIQ researchers found that thousands of domains used for JavaScript skimmers, phishing domains and other malicious infrastructure have been registered with Media Land since 2018 using at least two email addresses and other aliases.”

Title: Freakout Malware Exploits Critical Bugs to Infect Linux Hosts
Date Published: January 19, 2021


Excerpt: “Security researchers at CheckPoint discovered the FreakOut attacks and say that infected Linux devices join a botnet that could help deploy other cyberattacks. They say that the controller could use the infected machines to mine for cryptocurrency, to spread laterally across a company network, or to aim at other targets while masquerading as the compromised company. FreakOut malware is new on the scene and can serve for port scanning, collect information, network sniffing, or to launch distributed denial-of-service (DDoS) attacks.”

Title: 500k+ Records of C-Level People From Capital Economics Leaked Online
Date Published: January 18, 2021


Excerpt: “Upon analysis of the data, Cyble discovered that there are 500K+ lines of record containing various prominent user profiles.” reads the post published by Cyble. Leaked records include email IDs, password hashes, addresses, etc.   Cyble experts informed its clients about this leak, it pointed out that the availability of corporate email IDs could allow threat actors to carry out a broad range of malicious activities.”

Title: Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’
Date Published: January 15, 2021


Excerpt: “Microsoft is taking matters into its own hands when it comes to companies that haven’t yet updated their systems to address the critical Zerologon flaw. The tech giant will soon by default block vulnerable connections on devices that could be used to exploit the flaw. Starting Feb. 9, Microsoft said it will enable domain controller “enforcement mode” by default, a measure that would help mitigate the threat.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...