OSN FEBRUARY 23, 2021

Fortify Security Team
Feb 23, 2021

Title: New Silver Sparrow Malware Infects 30,000 Macs for Unknown Purpose

Date Published: February 22, 2021

https://www.bleepingcomputer.com/news/security/new-silver-sparrow-malware-infects-30-000-macs-for-unknown-purpose/

Excerpt: “According to Malwarebytes, this malware has infected 29,139 Mac devices across 153 countries, with high volumes in the United States, the United Kingdom, Canada, France, and Germany. Named Silver Sparrow, the malware has been seen distributed as two different files named ‘updater.pkg’ or ‘update.pkg’. The only difference seen by Red Canary is that the update.pkg includes both an Intel x86_64 and an Apple M1 binary, while the updater.pkg only includes the Intel executable.”

Title: Accellion FTA Attacks, Extortion Attempts Might Be the Work of FIN11

Date Published: February 23, 2021

https://www.helpnetsecurity.com/2021/02/23/accellion-fta-attacks-fin11/

Excerpt: “Mandiant/FireEye researchers have tentatively linked the Accellion FTA zero-day attacks to FIN11, a cybercrime group leveraging CLOP ransomware to extort targeted organizations. Accellion has also confirmed on Monday that “out of approximately 300 total FTA clients, fewer than 100 were victims of the attack”. Starting in December 2020, unknown attackers began exploiting previously unknown vulnerabilities in Accellion FTA (File Transfer Appliance), an enterprise file-sharing solution for securely transferring large and sensitive files.”

Title: NurseryCam Daycare Cam Service Shut Down After Security Breach

Date Published: February 23,  2021

https://securityaffairs.co/wordpress/114919/data-breach/nurserycam-security-breach.html

Excerpt: “On Friday, The Register become aware of the compromise of the NurseryCam network. NurseryCam is produced by the companies FootfallCam Ltd and Meta Technologies Ltd. In response to the incident, the company shut down its IoT camera service on Saturday and reported the security breach to the parents.”

Title: 10K Microsoft Email Users Hit in FedEx Phishing Attack

https://threatpost.com/microsoft-fedex-phishing-attack/164143/

Date Published: February 23, 2021

Excerpt: “Both scams have targeted Microsoft email users and aim to swipe their work email account credentials. They also used phishing pages hosted on legitimate domains, including those from Quip and Google Firebase – allowing the emails to slip by security filters built to block known bad links. “The email titles, sender names and content did enough to mask their true intention and make victims think the emails were really from FedEx and DHL Express respectively,” said researchers with Armorblox on Tuesday.”

Title: Chinese Hacking Group ‘Cloned’ NSA Exploit Tool

Date Published: February 22,  2021

https://www.bankinfosecurity.com/chinese-hacking-group-cloned-nsa-exploit-tool-a-16042

Excerpt: “The latest report by Check Point not only shows the dangers of what happens when the NSA’s tools are stolen by nation-state hacking groups, but also the flaws with the Vulnerabilities Equities Process, a U.S. government program that discloses software vulnerabilities to vendors so they can be patched, says Scott Shackelford, chair of Indiana University’s cybersecurity program.”

Title: Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang

https://krebsonsecurity.com/2021/02/mexican-politician-removed-over-alleged-ties-to-romanian-atm-skimmer-gang/

Date Published: February 22,  2021

Excerpt: “The leader of Mexico’s Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico’s top tourist destinations over the past five years. The scandal is the latest fallout stemming from a three-part investigation into the organized crime group by KrebsOnSecurity in 2015.”

Title: Ukraine: DDoS Attacks on Govt Sites Originated From Russia

Date Published: February 23,  2021

https://www.bleepingcomputer.com/news/security/ukraine-ddos-attacks-on-govt-sites-originated-from-russia/

Excerpt: “The National Security and Defense Council (NSDC) of Ukraine is accusing threat actors located on Russia networks of performing DDoS attacks on Ukrainian government websites since February 18th. The National Coordination Center for Cybersecurity (NCCC) at the NSDC state that these DDoS attacks have been massive and have targeted government websites in the defense and security sector. While Ukraine did not directly accuse Russia of the denial of service attacks, they stated that the attackers’ IP addresses were located on Russian networks”

Title: Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Date Published: February 23,  2021

https://thehackernews.com/2021/02/shadow-attacks-let-attackers-replace.html

Excerpt: “The findings were presented yesterday at the Network and Distributed System Security Symposium (NDSS), with 16 of the 29 PDF viewers tested — including Adobe Acrobat, Foxit Reader, Perfect PDF, and Okular — found vulnerable to shadow attacks. To carry out the attack, a malicious actor creates a PDF document with two different contents: one which is the content that’s expected by the party signing the document, and the other, a piece of hidden content that gets displayed once the PDF is signed.”

Title: These Hackers Sell Network Logins to the Highest Bidder. And Ransomware Gangs Are Buying

Date Published: February 23,  2021

https://www.zdnet.com/article/these-hackers-sell-network-logins-to-the-highest-bidder-and-ransomware-gangs-are-buying/

Excerpt: “These brokers work to hack into networks but rather than making profit by conducting their own cyber campaigns, they’ll act as a middleman, selling entry to networks on to other criminals, making money from the sales. Access via Remote Desktop Protocol (RDP) is the most sought after listings by cyber criminals. This can provide stealthy remote access to an entire corporate network because by allowing attackers to start from legitimate login credentials to remotely control a computer, so are much less likely to arise suspicion of nefarious activity.”

Title: SonicWall Was Hacked. Was It Also Extorted?

Date Published: February 22,  2021

https://www.bankinfosecurity.com/blogs/sonicwall-was-hacked-was-also-extorted-p-2999

Excerpt: “On Jan. 22, SonicWall said intruders had likely used zero-day vulnerabilities in its own remote access product, Secure Mobile Access, to access its own internal systems (see SonicWall Investigating Zero-Day Attacks Against Its Products). Since that time, SonicWall has issued a patch for a zero-day vulnerability and firmware updates for its SMA 100 remote access product, including new firmware updates on Friday.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...