OSN February 8, 2021

Fortify Security Team
Feb 10, 2021

Title: Microsoft to Alert Office 365 Users of Nation-State Hacking Activity

Date Published: February 8, 2021

https://www.bleepingcomputer.com/news/security/microsoft-to-alert-office-365-users-of-nation-state-hacking-activity/

Excerpt: “Microsoft has been tracking, warning of, and disrupting state-sponsored hacking operations originating from Russia, Iran, and China for years. The alerts regarding hacking activity with potential nation-state fingerprints will be based on indicators of compromise and threat profiles collected and put together by Microsoft’s security experts. Support for the “Potential Nation State Activity Alerts” feature is currently in development and Microsoft is planning to make it generally available worldwide this month in all environments, for all Microsoft Defender for Office 365 (Office 365 Advanced Threat Protection) users.”

Title: New Phishing Attack Uses Morse Code to Hide Malicious URLs

Date Published: February 7, 2021

https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/

Excerpt: “BleepingComputer has seen eleven companies targeted by this phishing attack, including SGS, Dimensional, Metrohm, SBI (Mauritius) Ltd, NUOVO IMAIE, Bridgestone, Cargeas, ODDO BHF Asset Management, Dea Capital, Equinti, and Capital Four. Once a user enters their password, the form will submit the password to a remote site where the attackers can collect the login credentials. Due to this, everyone must pay close attention to URLs and attachment names before submitting any information. If something looks at all suspicious, recipients should contact their network administrators to investigate further.”

Title: Tens of Thousands of Patient Files Leaked in US Hospital Attacks

Date Published: February 8,  2021

https://www.infosecurity-magazine.com/news/tens-thousands-files-leaked-us/

Excerpt: “The unnamed attack group is apparently well known to researchers and is usually in the business of double extortion ransomware, whereby data is stolen and posted to a dark web blog in a bid to force payment. However, it’s unclear why so many records were published in the first instance. Usually such groups post a small slice of what they have to prove they mean business, and only expose large volumes of data in retribution if the victim organization refuses to comply.”

Title: Sensitive Data are in Danger During the COVID Pandemic

https://bugbounter.medium.com/sensitive-data-are-in-danger-during-the-covid-pandemic-1aea3e8d20ff

Date Published: February 5, 2021

Excerpt: “The coronavirus epidemic caught the whole world off guard and caused significant changes in many businesses. Since most of the work process is conducted at home, the overall durability of endpoint and network securities is weakened. Cyber attackers can scan the vulnerabilities of remote workers that access sensitive information easier now. Therefore, companies that do not want to lose their data and suffer a major loss should care about cyber threats more than ever.”

Title: Domestic Kitten – An Inside Look at the Iranian Surveillance Operations

Date Published: February 8,  2021

https://nakedsecurity.sophos.com/2021/02/05/chrome-zero-day-browser-bug-found-patch-now/

Excerpt: “Check Point researchers recently uncovered the full extent of Domestic Kitten’s  extensive surveillance operation against Iranian citizens that could pose a threat to the stability of the Iranian regime. The operation itself is linked to the Iranian government, and executed by APT-C-50.
Starting in 2017, this operation, consisting of 10 unique campaigns, targeted over 1,200 individuals with more than 600 successful infections.  It includes 4 currently active campaigns, the most recent of which began in November 2020. In these campaigns, victims are lured to install a malicious application by multiple vectors, including an Iranian blog site, Telegram channels, and even by SMS with a link to the malicious application.”

Title: Seven Common Microsoft Active Directory Misconfigurations

Date Published: February 8,  2021

https://rootdaemon.com/2021/02/08/seven-common-microsoft-active-directory-misconfigurations-e-hacking-news/

Excerpt: “The modern IT association has a wide assortment of responsibilities and competing priorities. Therefore, cybersecurity is regularly ignored for projects that quickly affect business operations. Sadly, this working model unavoidably prompts unaddressed vulnerabilities and security misconfigurations in services and Active Directory. Seven of the most common system and Active Directory misconfigurations are: Misconfiguration 1: Administrative Privileges When an attacker has gotten initial access inside an environment, the adversary will endeavor to lift privileges inside the network. Adversaries ordinarily have the objective of getting Active Directory Domain Administrator privileges, or, in simple words, complete control over the Active Directory domain.”

Title: Reverse engineering Emotet – Our approach to protect GRNET against the trojan

Date Published: February 8,  2021

https://cert.grnet.gr/en/blog/reverse-engineering-emotet/

Excerpt: “In October 2020 we observed an outbreak of malicious e-mails reaching GRNET employees’ inboxes. Meanwhile, similar campaigns were also targeting several public and private sector organizations in Greece. After acquiring dozens of such e-mails, we started planning our defensive strategy. To do so, we started analyzing the malware that was attached to the emails and realized that were dealing with the infamous Emotet trojan.”

Title: Ziggy Ransomware Shuts Down and Releases Victims’ Decryption Keys

Date Published: February 7,  2021

https://www.bleepingcomputer.com/news/security/ziggy-ransomware-shuts-down-and-releases-victims-decryption-keys/

Excerpt: “In an interview with BleepingComputer, the ransomware admin said they created the ransomware to generate money as they live in a “third-world country.” After feeling guilty about their actions and concerns over recent law enforcement operations against Emotet and Netwalker ransomware, the admin decided to shut down and release all of the keys. Today, the Ziggy ransomware admin posted a SQL file containing 922 decryption keys for encrypted victims. For each victim, the SQL file lists three keys needed to decrypt their encrypted files.”

Title: Fortinet Fixes Critical Vulnerabilities in SSL VPN and Web Firewall

Date Published: February 7,  2021

https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-vulnerabilities-in-ssl-vpn-and-web-firewall/

Excerpt: “Fortinet has fixed multiple severe vulnerabilities impacting its products. The vulnerabilities range from Remote Code Execution (RCE) to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products. Of particular note is the vulnerability CVE-2018-13381 in FortiProxy SSL VPN that can be triggered by a remote, unauthenticated actor through a crafted POST request. Due to a buffer overflow in the SSL VPN portal of FortiProxy, a specially crafted POST request of large size, when received by the product is capable of crashing it, leading to a Denial of Service (DoS) condition.”

Title: Web Developers Sitepoint Discloses a Data Breach

Date Published: February 7,  2021

https://securityaffairs.co/wordpress/114290/data-breach/sitepoint-discloses-data-breach.html

Excerpt: “SitePoint is an Australian-based website, and publisher of books, courses and articles for web developers. The company has disclosed a data breach and notified its users via email. Threat actors offered to sell an archive containing user details for one million SitePoint users on a cybercrime forum. In December, security experts from Bleeping Computer reported that a threat actor was selling user records allegedly stolen from twenty-six companies on a hacker forum.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...