OSN FEBRUARY 18, 2021

by | Feb 18, 2021 | Open Source News

Title: Masslogger Swipes Microsoft Outlook, Google Chrome Credentials

Date Published: February 17, 2021

https://threatpost.com/masslogger-microsoft-outlook-google-chrome/164011/

Excerpt: “The use of compiled HTML (usually used for Windows help files) can be advantageous for the attacker since the initial infection vector is email. “Many organizations will not consider CHM files to be executables so it is more likely they will evade content filters filtering incoming email messages based on the attachment name or type”. Masslogger is a commodity malware that has been in development and circulation for almost a year now. We wanted to emphasize that these campaigns with these particular spreading techniques can likely be linked to a single actor, based on the exfiltration server domain used in all campaigns for exfiltrating credentials.”

Title: Solarwinds Attack Hit 100 Companies and Took Months of Planning, Says White House

Date Published: February 18, 2021

https://www.zdnet.com/article/solarwinds-attack-hit-100-companies-and-took-months-of-planning-says-white-house/

Excerpt: “The White House team leading the investigation into the SolarWinds hack is worried that the breach of 100 US companies has the potential to make the initial compromise a headache in future. Anne Neuberger, deputy national security advisor for Cyber and Emerging Technology at the White House, said in a press briefing that nine government agencies were breached while many of the 100 private sector US organizations that were breached were technology companies. Confirmed to have been breached, include the US Treasury Department, the Department of Homeland Security, the US Department of State, the US Department of Energy, and the National Nuclear Security Administration.”

Title: Three North Korean Hackers Charged for Financial and Revenge-Motivated Hacks

Date Published: February 17,  2021

https://www.scmagazine.com/home/security-news/three-north-korean-hackers-charged-for-financial-and-revenge-motivated-hacks/

Excerpt: “The department’s criminal charges are uniquely credible forms of attribution — we can prove these allegations beyond a reasonable doubt using only unclassified, admissible evidence.” The charges capture years-worth of North Korean hacking, including the widely publicized 2014 Sony hack, the 2016 hack of the Central Bank of Bangladesh, the 2017 WannaCry ransomware attack and others. The group’s activities were both “revenge and financially motivated”.”

Title: Details Tied to Safari Browser-based ‘ScamClub’ Campaign Revealed

https://threatpost.com/safari-browser-scamclub-campaign-revealed/164023/

Date Published: February 17, 2021

Excerpt: “The Safari bug, patched on Dec. 2 by Apple, was exploited by a malvertising campaign that redirected traffic to scam sites that flogged gift cards, prizes and malware to victims. Impacted was Apple’s Safari browser running on macOS Big Sur 11.0.1 and Google’s iOS-based Chrome browser. The common thread is Apple’s WebKit browser engine framework. The attacks, which researchers at Confiant Security attributed to ScamClub, exploited a flaw in the open-source WebKit engine, according to a blog post published Tuesday by Eliya Stein, a senior security engineer who found the bug on June 22, 2020.”

Title: Microsoft Pulls a Second Windows SSU for Blocking Security Updates

Date Published: February 18,  2021

https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-a-second-windows-ssu-for-blocking-security-updates/

Excerpt: “Microsoft has pulled one more buggy Windows 10 servicing stack update (SSU), KB4601390, because it blocked customers from installing this month’s security and Cumulative Updates. The company resolved the update installation problems by releasing a new servicing stack update (SSU), KB5001079. Windows 10 SSUs provide servicing stack fixes, the component used by Windows 10 to download and install updates correctly.”

Title: WatchDog: Exposing a Cryptojacking Campaign That’s Operated for Two Years

https://unit42.paloaltonetworks.com/watchdog-cryptojacking/

Date Published: February 17,  2021

Excerpt: “Within this blog, Unit 42 researchers provide an overview of the WatchDog cryptojacking campaign. The WatchDog miner is composed of a three-part Go Language binary set and a bash or PowerShell script file. The binaries perform specific functionality, one of which emulates the Linux watchdog daemon functionality by ensuring that the mining process does not hang, overload or terminate unexpectedly. The second Go binary downloads a configurable list of IP addresses net ranges before providing the functionality of targeted exploitation operations of identified NIX or Windows systems discovered during the scanning operation.”

Title: The OpenSSL Project Addressed Three Vulnerabilities

Date Published: February 18,  2021

https://securityaffairs.co/wordpress/114712/security/openssl-flaws.html

Excerpt: “The first vulnerability, tracked as CVE-2021-23841, is a NULL pointer dereference issue that can be exploited to cause a crash and trigger a DoS condition. The security advisory states that the X509_issuer_and_serial_hash function is never called directly by OpenSSL itself, which means it only impacts applications that invoke the function directly while managing certificates obtained from untrusted sources.”

Title: First Malware Designed for Apple m1 Chip Discovered in the Wild

Date Published: February 18,  2021

https://thehackernews.com/2021/02/first-malware-designed-for-apple-m1.html

Excerpt: “The heavily obfuscated GoSearch22 adware disguises itself as a legitimate Safari browser extension when in fact, it collects browsing data and serves a large number of ads such as banners and popups, including some that link to dubious websites to distribute additional malware. Wardle said the extension was signed with an Apple Developer ID “hongsheng_yan” in November to conceal its malicious content further, but it has since been revoked, meaning the application will no longer run on macOS unless attackers re-sign it with another certificate.”

Title: Singtel Breach Hits 129,000 Customers

Date Published: February 18,  2021

https://www.infosecurity-magazine.com/news/singtel-breach-hits-129000/

Excerpt: “Yesterday it confirmed that over 100,000 customers had personal information compromised, including Singaporean ID cards (NRIC), names, dates of birth, mobile numbers and addresses. Also exposed in the breach were the bank account details of 28 former Singtel employees, the credit card details of 45 employees of a corporate customer and unspecified information on 23 suppliers, partners and corporate customers.”

Title: Breaches Cost US Healthcare Organizations $13bn in 2020

Date Published: February 18,  2021

https://www.infosecurity-magazine.com/news/breaches-cost-healthcare-13/

Excerpt: “Although the number of victims dropped slightly from the 27.5 million recorded in 2019, the average cost per breached record increased from $429 to $499 over the period. That means healthcare organizations were on the hook for $13.2bn as a result of breaches last year. The sector also comes top of IBM’s Cost of a Data Breach list, with an average of over $7.1m per breach. “The vast majority of healthcare organizations process and store protected health information (PHI) such as Social Security numbers, medical history and other personal data. It is no surprise that these entities would be targeted by malicious cyber-criminals seeking to access sensitive data for monetary gain”.”