OSN February 1, 2021

Fortify Security Team
Feb 1, 2021

Title: A New Software Supply-Chain Attack Targeted Millions With Spyware

Date Published: February 1, 2021


Excerpt: “Cybersecurity researchers today disclosed a new supply chain attack compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs. Dubbed “Operation NightScout” by Slovak cybersecurity firm ESET, the highly-targeted surveillance campaign involved distributing three different malware families via tailored malicious updates to selected victims based in Taiwan, Hong Kong.”

Title: Hacker Group Inserted Malware in Noxplayer Android Emulator

Date Published: February 1, 2021


Excerpt: “The attack was discovered by Slovak security firm ESET on January 25, last week, and targeted BigNox, a company that makes NoxPlayer, a software client for emulating Android apps on Windows or macOS desktops. ESET says that based on evidence its researchers gathered, a threat actor compromised one of the company’s official API (api.bignox.com) and file-hosting servers (res06.bignox.com).”

Title: Google Discloses a Severe Flaw in Widely Used Libgcrypt Encryption Library

Date Published: February 1,  2021


Excerpt: “There is a heap buffer overflow in libgcrypt due to an incorrect assumption in the block buffer management code. Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs.” reads the advisory published by Ormandy. “This code in _gcry_md_block_write (part of the generic block buffer abstraction code) assumes that the occupied space in a block buffer cannot exceed the blocksize of the algorithm.”

Title: Nation-States and Their Supply-Chain Attack Strategy


Date Published: February 2, 2021

Excerpt: “It’s clear the SolarWinds incident has rocked the infosec community to its core. While there is still much to be uncovered, the public details indicate attackers inserted code into a third-party IT provider’s services, in order to perpetrate intricate attacks against multiple organizations. This type of incident, commonly referred to as a “supply-chain attack,” has been the cornerstone in some of the biggest security incidents of the past decade.”

Title: Industrial Gear at Risk from Fuji Code-Execution Bugs

Date Published:  January 29,  2021


Excerpt: “Fuji Electric’s Tellus Lite V-Simulator and V-Server Lite are both affected by the vulnerabilities, which all carry a CVSS severity rating of 7.8. The two make up a comprehensive human-machine interface (HMI) system, used to remotely monitor and collect production data in real time, and control a variety of industrial and critical-infrastructure gear. It can be used to interface with various manufacturers’ programmable logic controllers (PLCs), temperature controllers, inverters and so on.”

Title: WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites

Date Published: January 29, 2021


Excerpt: “The plugin in question is Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter, from developer Sygnoos. The plugin has been installed on 200,000 WordPress websites. Versions 3.71 and below are affected by the vulnerability (a fix has been issued in version 3.72; and the latest version is 3.73). “The only requirement for exploitation is that the user is logged in and has access to the nonce token,” said researchers with WebArx on Friday. “It is affecting methods which in turn could cause damage to the reputation and security status of the site”.”

Title: Malicious Actors Reserving Their Cyber Attacks for the Hospitality Industry

Date Published:  January 31, 2021


Excerpt: “Already hard hit by the coronavirus pandemic, hospitality companies must now deal with the increasing threat of cyber attacks that can hurt their reputation as well as lead to large fines from regulators. To keep up with customer demand, enhance convenience and foster a safer environment, many hotels have embraced technological innovations such as biometrics to speed up check-in processes and avoid the hassle of lost room keys. Hotels with smart televisions that allow guests to log in to their existing streaming services are becoming more common as well as public Wi-Fi that is free for all to use. However, the more gateways guests can access to connect to different networks, the more surface area is created for potential cyber attacks.”

Title: CISA Says Many Victims of SolarWinds Hackers Had No Direct Link to SolarWinds

Date Published: February 1, 2021


Excerpt: “This is an ongoing response, and we are still working with our government and private sector partners to fully understand this campaign, and to develop and share timely information to mitigate the threat posed by this adversary,” the agency said. CISA’s acting director, Brandon Wales, told The Wall Street Journal last week that roughly 30% of the victims identified by the agency did not have a direct connection to SolarWinds. Wales also said some victims were compromised before SolarWinds started delivering malicious product updates to customers.”

Title: This Malware Hides Behind Free VPN, Pirated Security Software Keys

Date Published: January 29, 2021


Excerpt: “Proofpoint researchers have discovered a new strain of DanaBot malware. It is being distributed through pirated software keys. The user is tricked into downloading infected software disguised as anti-virus programs, VPNs, and online games. According to researchers, websites offering cracked or pirated versions of the software are distributing the new version of DanaBot, capable of stealing the victim’s online banking credentials.”

Title: Police Using Emotet’s Network to Help Victims

Date Published: January 28, 2021


Excerpt: “Dutch police, along with law enforcement agencies from the seven other nations that participated in the yearlong operation, have created two tools to help organizations and individuals discover if they have been victimized and then recover. One tool enables a user to check if their email address and password have been compromised by Emotet. The other software tool, which is being pushed out by Netherlands authorities using the captured botnet’s servers, can disconnect infected devices from the botnet.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...