OSN FEBRUARY 19, 2021

Fortify Security Team
Feb 19, 2021

Title: Microsoft Wraps Solarwinds Probe, Nudges Companies Toward Zero Trust
Date Published: February 18, 2021

https://www.scmagazine.com/home/security-news/apts-cyberespionage/microsoft-wraps-solarwinds-probe-nudges-companies-toward-zero-trust/

Excerpt: “The findings offer lessons for all companies on the benefits of the zero trust model, she added, saying that a transition from implicit trust to explicit verification requires “protecting identities, especially privileged user accounts.” Such an approach will prevent hackers from taking advantage of gaps, like weak passwords or lack of multifactor authentication, “to find their way into a system, elevate their status, and move laterally across the environments targeting email, source code, critical databases and more”.”

Title: US Cities Disclose Data Breaches After Vendor’s Ransomware Attack
Date Published: February 18, 2021

https://www.bleepingcomputer.com/news/security/us-cities-disclose-data-breaches-after-vendors-ransomware-attack/

Excerpt: “The attack occurred around February 3rd when a cybercrime gang known as ‘Cuba ransomware’ stole unencrypted files and deployed the ransomware. Like other human-operated ransomware, Cuba will breach a network, spread slowly through servers while stealing network credentials and unencrypted files, and finally end the attack by deploying the ransomware to encrypt devices.”

Title: Experts Spotted The First Malware Tailored For Apple M1 Chip, It Is Just The Beginning
Date Published: February 19,  2021

https://securityaffairs.co/wordpress/114767/malware/apple-m1-chip-malware.html

Excerpt: “The malware is a variant of the Pirrit adware that was first spotted at the end of 2020. The malware is able to collect browsing data and serves a large number of ads to the victims, including banners and popups. The malicious ads could also redirect unaware users to malicious websites used to distribute malicious payloads. Wardle pointed out that (static) analysis tools or antivirus engines face difficulties in analyzing ARM64 binaries, this is demonstrated by the fact that the detection rate for these malware is lower when compared to the Intel x86_64 version.”

Title: Exploit Details Emerge for Unpatched Microsoft Bug
Date Published: February 18, 2021

https://threatpost.com/exploit-details-unpatched-microsoft-bug/164083/

Excerpt: “Delivering the exploit in an MHTML file does ensure recipients would open it in Internet Explorer, which is registered to open this file type. “While this delivery method required recipients to confirm a security warning about executing active content, the exploit could be delivered without such warning if the victim visited a malicious web site with Internet Explorer,” according to the posting. Microsoft has acknowledged ENKI’s report and issued a short statement: “Microsoft has a customer commitment to investigate reported security issues and we will provide updates for impacted devices as soon as possible”.”

Title: Nigerian Gets 10-Year Sentence for BEC Scam
Date Published: February 18,  2021

https://www.bankinfosecurity.com/nigerian-gets-10-year-sentence-for-bec-scam-a-16022

Excerpt: “On April 1, 2018, the CFO at Unatrac received a phishing email containing a link, which when clicked on, redirected him to a phishing site that was designed to look like a legitimate Microsoft Office365 login page. Okeke and others accessed the CFO’s Office365 account 464 times between April 6 and April 20, 2018, mostly from IP addresses located in Nigeria. They sent fraudulent wire transfer requests from the account to Unatrac’s financial team. To add credibility to their requests, the cybercriminals sent fake invoices to the CFO’s account from external accounts and forwarded them to the finance team.”

Title: Myanmar Arrests 11 Suspects For Hacking Government Sites During Protests
Date Published: February 19,  2021

https://www.zdnet.com/article/myanmar-arrests-11-suspects-for-hacking-government-sites-during-protests/

Excerpt: “The suspects were part of a group calling themselves the Myanmar Hackers. The group, which operated from a Facebook page of the same name, was linked to attacks and defacements on sites for the Myanmar military, state-run broadcaster MRTV, the Central Bank, the Port Authority, the Food and Drug Administration, and local law enforcement. The cyber intrusions and website defacements were part of nationwide protests against the current government, which illegitimately seized power earlier this month following a military coup.”

Title: Most Common Web Application Security Vulnerabilities #5: Security Misconfiguration
Date Published: February 19,  2021

https://praniethchandrasekara.medium.com/most-common-web-application-security-vulnerabilities-5-security-misconfiguration-813c33269e15

Excerpt: “The security misconfiguration applies to any security issue that is not a consequence of a programming error but a result of a configuration error. Security misconfigurations have been characterized as a separate category in the OWASP Top ten list. As the definition states, this flaw can happen at any level of an application stack, including the network services, web server, platform, application server, frameworks, database, custom code, containers and pre-installed virtual machines or storage.”

Title: Internet Registry RIPE NCC Warns of Credential Stuffing Attack
Date Published: February 19,  2021

https://www.infosecurity-magazine.com/news/internet-registry-ripe-ncc-warns/

Excerpt: “RIPE NCC is the regional internet registry (RIR) for Europe, West Asia and the former Soviet Union. It claimed in an update yesterday that its single sign-on (SSO) service was affected by an attempt to crack open accounts, causing some downtime. “We mitigated the attack, and we are now taking steps to ensure that our services are better protected against such threats in the future,” it noted.”

Title: Hackers Steal Credit Card Data Abusing Google’s Apps Script
Date Published: February 19,  2021

https://securityaffairs.co/wordpress/114750/cyber-crime/googles-apps-script-magecart.html

Excerpt: “Attackers use the script.google.com domain to avoid detection and bypass Content Security Policy (CSP) controls, the Google domain, and its subdomains, are whitelisted by default in the CSP configuration of the e-stores. Experts pointed out that the the actual code hosted at Google is not public, but the error message displayed reaching the above script suggests that stolen payment data is funneled by Google servers to an Israel-based site called analit[.]tech.”

Title: Fbi: Telephony Denial-of-service Attacks Can Lead To Loss Of Lives
Date Published: February 18,  2021

https://www.bleepingcomputer.com/news/security/fbi-telephony-denial-of-service-attacks-can-lead-to-loss-of-lives/

Excerpt: “TDoS attacks are manual or automated malicious attempts to render telephone systems unavailable by blocking incoming and outgoing calls, which could have terrible consequences when directed at 911 or similar emergency call center operations. “The objective is to keep the distraction calls active for as long as possible to overwhelm the victim’s telephone system, which may delay or block legitimate calls for service,” the FBI said. “The resulting increase in time for emergency services to respond may have dire consequences, including loss of life”.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...