OSN JANUARY 29, 2021

Fortify Security Team
Jan 29, 2021

Title: Windows Installer Zero-Day Vulnerability Gets Free Micropatch
Date Published: January 29, 2021


Excerpt: “A vulnerability in the Windows Installer component, which Microsoft attempted to fix several times to no avail, today received a micropatch to deny hackers the option of gaining the highest privileges on a compromised system. The issue affects Windows 7 through 10. Microsoft’s most recent effort to address the issue (CVE-2020-16902) was in October. A bypass, complete with proof-of-concept (PoC) exploit code emerged in late December 2020.”

Title: “Serious” Vulnerability Found in LIBGCrypt, GNUpg’s Cryptographic Library
Date Published: January 29, 2021


Excerpt: “It was discovered and flagged by Google Project Zero researcher Tavis Ormandy and affects only Libgcrypt v1.9.0. “Exploiting this bug is simple and thus immediate action for 1.9.0 users is required,” Koch noted. “The 1.9.0 tarballs on our FTP server have been renamed so that scripts won’t be able to get this version anymore.”Version 1.9.1, which fixes the flaw, is available for download.”

Title: Trickbot Is Back Again – With Fresh Phishing and Malware Attacks
Date Published: January 29,  2021


Excerpt: “In October last year, a takedown led by Microsoft disrupted the infrastructure behind the Trickbot malware botnet, but now it appears to be coming back to life as researchers at Menlo Security have identified an ongoing malware campaign which has the hallmarks of previous Trickbot activity. These attacks appear to be exclusively targeting legal and insurance companies in North America, with phishing emails encouraging potential victims to click on a link which will redirect them to a server which downloads a malicious payload.”

Title: Lebanese Cedar Apt Group Broke Into Telco and ISPs Worldwide
Date Published: January 28, 2021


Excerpt: “Based on a modified JSP file browser with a unique string that the adversary used to deploy ‘Explosive RAT’ into the victims’ network, we found some 250 servers that were apparently breached by Lebanese Cedar” reads the report published by the ClearSky. “We assess that there are many more companies that have been hacked and that valuable information was stolen from these companies over periods of months and years.”

Title: Lazarus Affiliate ‘ZINC’ Blamed for Campaign Against Security Researcher
Date Published:  January 29,  2021


Excerpt: “Microsoft has attributed a recently discovered campaign to target security researchers with custom malware through elaborate socially-engineered attacks to an APT group affiliated with North Korea-linked Lazarus Group. Google’s Threat Analysis Group (TAG) on Monday already sounded a warning about the attacks, which play the long game and leverage social media to set up trust relationships with researchers and then infect their systems with malware through either malicious web pages or collaborative Visual Studio projects. The attackers appear so far only to be targeting researchers using Windows machines.”

Title: Breach Data Highlights a Pivot to Orgs Over Individuals
Date Published: January 28, 2021


Excerpt: ”
Both the number of data breaches and the number of individuals affected by data breaches plummeted in 2020, as attackers moved away from collecting mass amounts of information and instead targeted user credentials as a way to infiltrate corporate networks to install ransomware. That’s according to a new report, out Jan. 28 from the Identity Theft Resource Center, which estimates that more than 300 million individuals were affected by data breaches in 2020, a large number but a drop of 66% over the previous year. In addition, the number of reported data breaches fell to 1,108, a decline of 19% over 2019.”

Title: LogoKit Can Manipulate Phishing Pages in Real Time
Date Published:  January 29, 2021


Excerpt: “A recently uncovered phishing kit, named LogoKit, eliminates headaches for cybercriminals via automatically pulling victims’ organization logos onto the phishing login page. This gives assailants the tools expected to effectively emulate organization login pages, a task that can now and again be intricate. Cybercriminals have depended on LogoKit to dispatch phishing assaults on in excess of 700 unique domains in the course of 30 days (including 300 in the past week). These focused on services range from generic login portals to bogus SharePoint, Adobe Document Cloud, OneDrive, Office 365, and cryptocurrency exchange login portals. ”

Title: Google Bans Another Misbehaving CA From Chrome
Date Published: January 29, 2021


Excerpt: “Google intends to ban and remove support from Chrome for digital certificates issued by Spanish certificate authority (CA) Camerfirma, the browser maker announced this week. The ban will come into effect with the launch of Chrome 90, scheduled for release in mid-April 2021. After the Chrome 90 launch, all websites that use TLS certificates issued by Camerfirma to secure their HTTPS traffic will show an error and will not load in Chrome going forward.”

Title: Reported US Data Breaches Declined by 19% in 2020
Date Published: January 29, 2021


Excerpt: “In the U.S., reported data breaches and inadvertent data exposure incidents decreased by 19% from 1,473 in 2019 to 1,108 in 2020, as did the overall number of exposed records, according to the Identity Theft Resource Center, a nonprofit organization based in San Diego, California, that provides no-cost assistance to U.S. identity theft victims to help resolve their cases. The ITRC recently released its 15th annual Data Breach Report.”

Title: USCellular hit by a data breach after hackers access CRM software
Date Published: January 28, 2021


Excerpt: “On January 6, 2021, we detected a data security incident in which unauth0rized individuals may have gained access to your wireless customer account and wireless phne number. A few employees in retail stores were successfully scammed by unauthorized individuals and downloaded software onto a store computer.” “Since the employee was already logged into the customer retail management (“CRM”) system, the downloaded software allowed the unauthorized individual to remotely access the store computer and enter the CRM system under the employee’s credentials,” states the USCellular data breach notification.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...