OSN FEBRUARY 23, 2021

by | Feb 23, 2021 | Open Source News

Title: New Silver Sparrow Malware Infects 30,000 Macs for Unknown Purpose

Date Published: February 22, 2021

https://www.bleepingcomputer.com/news/security/new-silver-sparrow-malware-infects-30-000-macs-for-unknown-purpose/

Excerpt: “According to Malwarebytes, this malware has infected 29,139 Mac devices across 153 countries, with high volumes in the United States, the United Kingdom, Canada, France, and Germany. Named Silver Sparrow, the malware has been seen distributed as two different files named ‘updater.pkg’ or ‘update.pkg’. The only difference seen by Red Canary is that the update.pkg includes both an Intel x86_64 and an Apple M1 binary, while the updater.pkg only includes the Intel executable.”

Title: Accellion FTA Attacks, Extortion Attempts Might Be the Work of FIN11

Date Published: February 23, 2021

https://www.helpnetsecurity.com/2021/02/23/accellion-fta-attacks-fin11/

Excerpt: “Mandiant/FireEye researchers have tentatively linked the Accellion FTA zero-day attacks to FIN11, a cybercrime group leveraging CLOP ransomware to extort targeted organizations. Accellion has also confirmed on Monday that “out of approximately 300 total FTA clients, fewer than 100 were victims of the attack”. Starting in December 2020, unknown attackers began exploiting previously unknown vulnerabilities in Accellion FTA (File Transfer Appliance), an enterprise file-sharing solution for securely transferring large and sensitive files.”

Title: NurseryCam Daycare Cam Service Shut Down After Security Breach

Date Published: February 23,  2021

https://securityaffairs.co/wordpress/114919/data-breach/nurserycam-security-breach.html

Excerpt: “On Friday, The Register become aware of the compromise of the NurseryCam network. NurseryCam is produced by the companies FootfallCam Ltd and Meta Technologies Ltd. In response to the incident, the company shut down its IoT camera service on Saturday and reported the security breach to the parents.”

Title: 10K Microsoft Email Users Hit in FedEx Phishing Attack

https://threatpost.com/microsoft-fedex-phishing-attack/164143/

Date Published: February 23, 2021

Excerpt: “Both scams have targeted Microsoft email users and aim to swipe their work email account credentials. They also used phishing pages hosted on legitimate domains, including those from Quip and Google Firebase – allowing the emails to slip by security filters built to block known bad links. “The email titles, sender names and content did enough to mask their true intention and make victims think the emails were really from FedEx and DHL Express respectively,” said researchers with Armorblox on Tuesday.”

Title: Chinese Hacking Group ‘Cloned’ NSA Exploit Tool

Date Published: February 22,  2021

https://www.bankinfosecurity.com/chinese-hacking-group-cloned-nsa-exploit-tool-a-16042

Excerpt: “The latest report by Check Point not only shows the dangers of what happens when the NSA’s tools are stolen by nation-state hacking groups, but also the flaws with the Vulnerabilities Equities Process, a U.S. government program that discloses software vulnerabilities to vendors so they can be patched, says Scott Shackelford, chair of Indiana University’s cybersecurity program.”

Title: Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang

https://krebsonsecurity.com/2021/02/mexican-politician-removed-over-alleged-ties-to-romanian-atm-skimmer-gang/

Date Published: February 22,  2021

Excerpt: “The leader of Mexico’s Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico’s top tourist destinations over the past five years. The scandal is the latest fallout stemming from a three-part investigation into the organized crime group by KrebsOnSecurity in 2015.”

Title: Ukraine: DDoS Attacks on Govt Sites Originated From Russia

Date Published: February 23,  2021

https://www.bleepingcomputer.com/news/security/ukraine-ddos-attacks-on-govt-sites-originated-from-russia/

Excerpt: “The National Security and Defense Council (NSDC) of Ukraine is accusing threat actors located on Russia networks of performing DDoS attacks on Ukrainian government websites since February 18th. The National Coordination Center for Cybersecurity (NCCC) at the NSDC state that these DDoS attacks have been massive and have targeted government websites in the defense and security sector. While Ukraine did not directly accuse Russia of the denial of service attacks, they stated that the attackers’ IP addresses were located on Russian networks”

Title: Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Date Published: February 23,  2021

https://thehackernews.com/2021/02/shadow-attacks-let-attackers-replace.html

Excerpt: “The findings were presented yesterday at the Network and Distributed System Security Symposium (NDSS), with 16 of the 29 PDF viewers tested — including Adobe Acrobat, Foxit Reader, Perfect PDF, and Okular — found vulnerable to shadow attacks. To carry out the attack, a malicious actor creates a PDF document with two different contents: one which is the content that’s expected by the party signing the document, and the other, a piece of hidden content that gets displayed once the PDF is signed.”

Title: These Hackers Sell Network Logins to the Highest Bidder. And Ransomware Gangs Are Buying

Date Published: February 23,  2021

https://www.zdnet.com/article/these-hackers-sell-network-logins-to-the-highest-bidder-and-ransomware-gangs-are-buying/

Excerpt: “These brokers work to hack into networks but rather than making profit by conducting their own cyber campaigns, they’ll act as a middleman, selling entry to networks on to other criminals, making money from the sales. Access via Remote Desktop Protocol (RDP) is the most sought after listings by cyber criminals. This can provide stealthy remote access to an entire corporate network because by allowing attackers to start from legitimate login credentials to remotely control a computer, so are much less likely to arise suspicion of nefarious activity.”

Title: SonicWall Was Hacked. Was It Also Extorted?

Date Published: February 22,  2021

https://www.bankinfosecurity.com/blogs/sonicwall-was-hacked-was-also-extorted-p-2999

Excerpt: “On Jan. 22, SonicWall said intruders had likely used zero-day vulnerabilities in its own remote access product, Secure Mobile Access, to access its own internal systems (see SonicWall Investigating Zero-Day Attacks Against Its Products). Since that time, SonicWall has issued a patch for a zero-day vulnerability and firmware updates for its SMA 100 remote access product, including new firmware updates on Friday.”