OSN FEBRUARY 25, 2021

Fortify Security Team
Feb 26, 2021

Title: Over 8 Million COVID-19 Test Results Leaked Online

Date Published: February 24, 2021

https://www.bleepingcomputer.com/news/security/over-8-million-covid-19-test-results-leaked-online/

Excerpt: “This week, security researcher Sourajeet Majumder has shared with BleepingComputer his discovery of another government website exposing millions of COVID-19 test results. “I have found an issue in an Indian Government site which is resulting in the leakage of test reports of EVERYONE who took a COVID-19 test in a particular state.” “These reports have sensitive information about the citizens in them like name, age, date and time of sample testing, residence address, etc,” Majumder told BleepingComputer. The state the researcher refers to is the Indian state of West Bengal”.”

Title: Attackers Are Looking To Exploit Critical VMware vCenter Server RCE Flaw, Patch ASAP!

Date Published: February 25, 2021

https://www.helpnetsecurity.com/2021/02/25/cve-2021-21972/

Excerpt: “The error allows an unauthorized user to send a specially crafted request, which will later give them the opportunity to execute arbitrary commands on the server. After receiving such an opportunity, the attacker can develop this attack, successfully move through the corporate network, and gain access to the data stored in the attacked system (such as information about virtual machines and system users). If the vulnerable software can be accessed from the Internet, this will allow an external attacker to penetrate the company’s external perimeter and also gain access to sensitive data.”

Title: Microsoft Lures Populate Half of Credential-Swiping Phishing Emails

Date Published: February 24,  2021

https://threatpost.com/microsoft-lures-credential-swiping-phishing-emails/164207/

Excerpt: “According to researchers, beyond the 45 percent of credential-stealing phishing attacks targeting Microsoft, the next-largest category was “generic”– meaning there wasn’t a specific brand associated with the email or the landing page asking the recipient to log in. However, beyond Microsoft’s trusted collaboration services such as SharePoint, OneDrive or Office 365, researchers said they have seen other cloud provider products being leveraged in attacks. This includes Google (such as Google Forms), Adobe and file-sharing services.”

Title: Cybersecurity Agencies Warn of Accellion Vulnerability Exploits

https://www.bankinfosecurity.com/cybersecurity-agencies-warn-accellion-vulnerability-exploits-a-16057

Date Published: February 24, 2021

Excerpt: “The security agencies recommend updating to Accellion FTA version FTA_9_12_432 or later as the best way to mitigate the risks. If this is not possible, organizations should isolate or block internet access to and from systems hosting the software, check systems for malicious activity and consider moving to a new file-sharing platform. Accellion says FTA will reach end of life on April 30, 2021, when the company will no longer support it. Accellion is recommending its customers migrate to its newer product, Kiteworks, which it says is more secure.”

Title: Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

Date Published: February 25, 2021

https://thehackernews.com/2021/02/russian-hackers-targeted-ukraine.html

Excerpt: “Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities. “The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for the circulation of documents in most public authorities,” the National Security and Defense Council of Ukraine (NSDC) said in a statement published on Wednesday.”

Title: LazyScripter: From Empire To Double RAT

https://resources.malwarebytes.com/files/2021/02/LazyScripter.pdf

Date Published: February 25,  2021

Excerpt: “In late December 2020 we observed a few malicious documents with embedded objects that were designed to target job seekers. The embedded objects were either VBScript or batch files that deployed two opensource multi-stage Remote Access Trojans (RATs): Octopus and Koadic. Interestingly, in some cases the attacker managed to drop other RATs such as LuminosityLink, RMS, Quasar, njRat and Remcos.”

Title: From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR

Date Published: February 24,  2021

https://www.ndss-symposium.org/wp-content/uploads/ndss2021_2A-2_23134_paper.pdf

Excerpt: “Abstract—When a domain is registered, information about the registrants and other related personnel is recorded by WHOIS databases owned by registrars or registries (called WHOIS providers jointly), which are open to public inquiries. However, due to the enforcement of the European Union’s General Data Protection Regulation (GDPR), certain WHOIS data (i.e., the records about EEA, or the European Economic Area, registrants) needs to be redacted before being released to the public. Anecdotally, it was reported that actions have been taken by some WHOIS providers. Yet, so far there is no systematic study to quantify the changes made by the WHOIS providers in response to the GDPR, their strategies for data redaction and impact on other applications relying on WHOIS data.”

Title: Revealed: The Military Radar System Swiped From Aerospace Biz, Leaked Online by Clop Ransomware Gang

Date Published: February 24,  2021

https://www.theregister.com/2021/02/24/seaspray_radar_ransomware/

Excerpt: “CAD drawings of a radar antenna stolen and then leaked online by criminals were of a military radar system produced by defense contractor Leonardo and fitted to a number of UK, US, and UAE aircraft, The Register can confirm. The purloined blueprint was dumped on the dark web by the Clop ransomware and extortion gang as part of the criminals’ usual modus operandi of compromising computers, exfiltrating valuable documents, encrypting victims’ file systems, and demanding a ransom for the decryption keys and a promise to not publicly leak the stolen materials.”

Title: Cybercriminals Target QuickBooks Databases

Date Published: February 24, 2021

https://www.darkreading.com/attacks-breaches/cybercriminals-target-quickbooks-databases/d/d-id/1340248

Excerpt: “The breaches start with two types of phishing attacks to gain access to QuickBooks databases, according to findings by ThreatLocker. In the first, the attackers send a PowerShell command that runs inside the malicious email. In the second, the attackers send a Word document via email; if the recipient opens the attached document, a macro or link within that document downloads a file onto their machine. Once the executable or PowerShell command runs, it retrieves the victim’s most recently saved QuickBooks file location, points to the file share or local file, and grabs that file.”

Title: The IoT Cybersecurity Improvement Act: A First Step in Bolstering Smart Technology Security

Date Published: February 25,  2021

https://www.securitymagazine.com/articles/94683-the-iot-cybersecurity-improvement-act-a-first-step-in-bolstering-smart-technology-security

Excerpt: “in an effort to help bolster the security of IoT devices, on December 4, 2020, the Trump administration signed the Internet of Things Cybersecurity Improvement Act of 2020. The first-of-its-kind legislation requires the creation of security standards and guidelines for IoT devices used in and purchased by the federal government, and encompasses issues such as secure development, identity management, patching processes, and configuration management. The IoT security bill also calls for guidelines in vulnerability reporting for IoT devices in government networks, as well as of those of federal contractors.”

Recent Posts

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...