OSN FEBRUARY 25, 2021

Fortify Security Team
Feb 26, 2021

Title: Over 8 Million COVID-19 Test Results Leaked Online

Date Published: February 24, 2021

https://www.bleepingcomputer.com/news/security/over-8-million-covid-19-test-results-leaked-online/

Excerpt: “This week, security researcher Sourajeet Majumder has shared with BleepingComputer his discovery of another government website exposing millions of COVID-19 test results. “I have found an issue in an Indian Government site which is resulting in the leakage of test reports of EVERYONE who took a COVID-19 test in a particular state.” “These reports have sensitive information about the citizens in them like name, age, date and time of sample testing, residence address, etc,” Majumder told BleepingComputer. The state the researcher refers to is the Indian state of West Bengal”.”

Title: Attackers Are Looking To Exploit Critical VMware vCenter Server RCE Flaw, Patch ASAP!

Date Published: February 25, 2021

https://www.helpnetsecurity.com/2021/02/25/cve-2021-21972/

Excerpt: “The error allows an unauthorized user to send a specially crafted request, which will later give them the opportunity to execute arbitrary commands on the server. After receiving such an opportunity, the attacker can develop this attack, successfully move through the corporate network, and gain access to the data stored in the attacked system (such as information about virtual machines and system users). If the vulnerable software can be accessed from the Internet, this will allow an external attacker to penetrate the company’s external perimeter and also gain access to sensitive data.”

Title: Microsoft Lures Populate Half of Credential-Swiping Phishing Emails

Date Published: February 24,  2021

https://threatpost.com/microsoft-lures-credential-swiping-phishing-emails/164207/

Excerpt: “According to researchers, beyond the 45 percent of credential-stealing phishing attacks targeting Microsoft, the next-largest category was “generic”– meaning there wasn’t a specific brand associated with the email or the landing page asking the recipient to log in. However, beyond Microsoft’s trusted collaboration services such as SharePoint, OneDrive or Office 365, researchers said they have seen other cloud provider products being leveraged in attacks. This includes Google (such as Google Forms), Adobe and file-sharing services.”

Title: Cybersecurity Agencies Warn of Accellion Vulnerability Exploits

https://www.bankinfosecurity.com/cybersecurity-agencies-warn-accellion-vulnerability-exploits-a-16057

Date Published: February 24, 2021

Excerpt: “The security agencies recommend updating to Accellion FTA version FTA_9_12_432 or later as the best way to mitigate the risks. If this is not possible, organizations should isolate or block internet access to and from systems hosting the software, check systems for malicious activity and consider moving to a new file-sharing platform. Accellion says FTA will reach end of life on April 30, 2021, when the company will no longer support it. Accellion is recommending its customers migrate to its newer product, Kiteworks, which it says is more secure.”

Title: Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

Date Published: February 25, 2021

https://thehackernews.com/2021/02/russian-hackers-targeted-ukraine.html

Excerpt: “Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities. “The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for the circulation of documents in most public authorities,” the National Security and Defense Council of Ukraine (NSDC) said in a statement published on Wednesday.”

Title: LazyScripter: From Empire To Double RAT

https://resources.malwarebytes.com/files/2021/02/LazyScripter.pdf

Date Published: February 25,  2021

Excerpt: “In late December 2020 we observed a few malicious documents with embedded objects that were designed to target job seekers. The embedded objects were either VBScript or batch files that deployed two opensource multi-stage Remote Access Trojans (RATs): Octopus and Koadic. Interestingly, in some cases the attacker managed to drop other RATs such as LuminosityLink, RMS, Quasar, njRat and Remcos.”

Title: From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR

Date Published: February 24,  2021

https://www.ndss-symposium.org/wp-content/uploads/ndss2021_2A-2_23134_paper.pdf

Excerpt: “Abstract—When a domain is registered, information about the registrants and other related personnel is recorded by WHOIS databases owned by registrars or registries (called WHOIS providers jointly), which are open to public inquiries. However, due to the enforcement of the European Union’s General Data Protection Regulation (GDPR), certain WHOIS data (i.e., the records about EEA, or the European Economic Area, registrants) needs to be redacted before being released to the public. Anecdotally, it was reported that actions have been taken by some WHOIS providers. Yet, so far there is no systematic study to quantify the changes made by the WHOIS providers in response to the GDPR, their strategies for data redaction and impact on other applications relying on WHOIS data.”

Title: Revealed: The Military Radar System Swiped From Aerospace Biz, Leaked Online by Clop Ransomware Gang

Date Published: February 24,  2021

https://www.theregister.com/2021/02/24/seaspray_radar_ransomware/

Excerpt: “CAD drawings of a radar antenna stolen and then leaked online by criminals were of a military radar system produced by defense contractor Leonardo and fitted to a number of UK, US, and UAE aircraft, The Register can confirm. The purloined blueprint was dumped on the dark web by the Clop ransomware and extortion gang as part of the criminals’ usual modus operandi of compromising computers, exfiltrating valuable documents, encrypting victims’ file systems, and demanding a ransom for the decryption keys and a promise to not publicly leak the stolen materials.”

Title: Cybercriminals Target QuickBooks Databases

Date Published: February 24, 2021

https://www.darkreading.com/attacks-breaches/cybercriminals-target-quickbooks-databases/d/d-id/1340248

Excerpt: “The breaches start with two types of phishing attacks to gain access to QuickBooks databases, according to findings by ThreatLocker. In the first, the attackers send a PowerShell command that runs inside the malicious email. In the second, the attackers send a Word document via email; if the recipient opens the attached document, a macro or link within that document downloads a file onto their machine. Once the executable or PowerShell command runs, it retrieves the victim’s most recently saved QuickBooks file location, points to the file share or local file, and grabs that file.”

Title: The IoT Cybersecurity Improvement Act: A First Step in Bolstering Smart Technology Security

Date Published: February 25,  2021

https://www.securitymagazine.com/articles/94683-the-iot-cybersecurity-improvement-act-a-first-step-in-bolstering-smart-technology-security

Excerpt: “in an effort to help bolster the security of IoT devices, on December 4, 2020, the Trump administration signed the Internet of Things Cybersecurity Improvement Act of 2020. The first-of-its-kind legislation requires the creation of security standards and guidelines for IoT devices used in and purchased by the federal government, and encompasses issues such as secure development, identity management, patching processes, and configuration management. The IoT security bill also calls for guidelines in vulnerability reporting for IoT devices in government networks, as well as of those of federal contractors.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...