OSN JANUARY 19, 2021

Fortify Security Team
Jan 19, 2021

Title: Hackers Leaked Altered Pfizer Data to Sabotage Trust in Vaccines
Date Published: January 15, 2021


Excerpt: “The European Medicines Agency (EMA) today revealed that some of the stolen Pfizer/BioNTech vaccine candidate data was doctored by threat actors before being leaked online with the end goal of undermining the public’s trust in COVID-19 vaccines. EMA is the decentralized agency that reviews and approves COVID-19 vaccines in the European Union, and the agency that evaluates, monitors, and supervises any new medicines introduced to the EU.”

Title: DNSmasq Vulnerabilities Open Networking Devices, Linux Distros to DNS Cache Poisoning
Date Published: January 19, 2021


Excerpt: “JSOF researchers unearthed seven vulnerabilities: three allow cache poisoning and four are buffer overflow vulnerabilities, the worst of which could lead to a remote code execution on the vulnerable device (if Dnsmasq is configured to use DNSSEC). Collectively dubbed DNSpooq, these vulnerabilities (CVE-2020-25681-7) can be combined to build extremely effective multi-staged attacks, the researchers noted.”

Title: Fireeye Releases Tool for Auditing Networks for Techniques Used by Solarwinds Hackers
Date Published: January 19,  2021


Excerpt: “Cybersecurity firm FireEye has released today a report detailing the techniques used by the SolarWinds hackers inside the networks of companies they breached. Together with the report, FireEye researchers have also released a free tool on GitHub named Azure AD Investigator that they say can help companies determine if the SolarWinds hackers (also known as UNC2452) used any of these techniques inside their networks.”

Title: Successful Malware Incidents Rise as Attackers Shift Tactics
Date Published: January 15, 2021


Excerpt: “Companies relaxed security controls to help employees to be productive during the coronavirus pandemic, leading attackers to shift their tactics and take advantage of the chaos caused by remote work, according to a report published by cloud security firm Wandera on Jan. 15. Compared with pre-pandemic times, employees were twice as likely to connect to inappropriate content during work hours and more likely to continue accessing email after being compromised with mobile malware, the company states in its “Cloud Security Report 2021.” As a result, attackers shifted attacks to the weekends, and 41% more organizations experienced a malware infection on an employee’s remote device.”

Title: Iranian APT Group Revived Phishing Activities Over Holidays
Date Published:  January 16,  2021


Excerpt: “The campaign, which appears to have been active during the last several weeks of 2020, targeted individuals working for think tanks and political research centers, university professors, journalists and environmental activists. “The group started the new round of attacks at a time when most companies, offices, organizations, etc. were either closed or half-closed during the Christmas holidays and, as a result, their technical support and IT departments were not able to immediately review, identify, and neutralize these cyber incidents,” the Certfa Lab report notes. “Charming Kitten has taken full advantage of this timing to execute its new campaign to maximum effect”.”

Title: OpenWRT Reports Data Breach After Hacker Gained Access to Forum Admin Account
Date Published: January 18, 2021


Excerpt: “The maintainers of OpenWRT, an open-source project that provides free and customizable firmware for home routers, have disclosed a security breach that took place over the weekend. According to a message posted on the project’s forum and distributed via multiple Linux and FOSS-themed mailing lists, the security breach took place on Saturday, January 16, around 16:00 GMT, after a hacker accessed the account of a forum administrator.”

Title: Magecart Groups Hide Behind ‘Bulletproof’ Hosting Service
Date Published:  January 16, 2021


Excerpt: “Several Magecart groups hide their JavaScript skimmers, phishing domains and other malicious tools behind a “bulletproof” hosting service called Media Land, according to a report from security firm RiskIQ. During their investigation, the RiskIQ researchers found that thousands of domains used for JavaScript skimmers, phishing domains and other malicious infrastructure have been registered with Media Land since 2018 using at least two email addresses and other aliases.”

Title: Freakout Malware Exploits Critical Bugs to Infect Linux Hosts
Date Published: January 19, 2021


Excerpt: “Security researchers at CheckPoint discovered the FreakOut attacks and say that infected Linux devices join a botnet that could help deploy other cyberattacks. They say that the controller could use the infected machines to mine for cryptocurrency, to spread laterally across a company network, or to aim at other targets while masquerading as the compromised company. FreakOut malware is new on the scene and can serve for port scanning, collect information, network sniffing, or to launch distributed denial-of-service (DDoS) attacks.”

Title: 500k+ Records of C-Level People From Capital Economics Leaked Online
Date Published: January 18, 2021


Excerpt: “Upon analysis of the data, Cyble discovered that there are 500K+ lines of record containing various prominent user profiles.” reads the post published by Cyble. Leaked records include email IDs, password hashes, addresses, etc.   Cyble experts informed its clients about this leak, it pointed out that the availability of corporate email IDs could allow threat actors to carry out a broad range of malicious activities.”

Title: Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’
Date Published: January 15, 2021


Excerpt: “Microsoft is taking matters into its own hands when it comes to companies that haven’t yet updated their systems to address the critical Zerologon flaw. The tech giant will soon by default block vulnerable connections on devices that could be used to exploit the flaw. Starting Feb. 9, Microsoft said it will enable domain controller “enforcement mode” by default, a measure that would help mitigate the threat.”

Recent Posts

January 14, 2022

Title: Android users can now disable 2G to block Stingray attacks Date Published: January 13, 2022 https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/ Excerpt: "Google has finally rolled out an option on Android...

November 23, 2021

Title: Over 4000 UK Retailers Compromised by Magecart Attacks Date Published: November 23, 2021 https://www.infosecurity-magazine.com/news/4000-uk-retailers-compromised/ Excerpt: “UK government security experts have been forced to notify over 4000 domestic online...

November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...