OSN February 8, 2021

Fortify Security Team
Feb 10, 2021

Title: Microsoft to Alert Office 365 Users of Nation-State Hacking Activity

Date Published: February 8, 2021

https://www.bleepingcomputer.com/news/security/microsoft-to-alert-office-365-users-of-nation-state-hacking-activity/

Excerpt: “Microsoft has been tracking, warning of, and disrupting state-sponsored hacking operations originating from Russia, Iran, and China for years. The alerts regarding hacking activity with potential nation-state fingerprints will be based on indicators of compromise and threat profiles collected and put together by Microsoft’s security experts. Support for the “Potential Nation State Activity Alerts” feature is currently in development and Microsoft is planning to make it generally available worldwide this month in all environments, for all Microsoft Defender for Office 365 (Office 365 Advanced Threat Protection) users.”

Title: New Phishing Attack Uses Morse Code to Hide Malicious URLs

Date Published: February 7, 2021

https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/

Excerpt: “BleepingComputer has seen eleven companies targeted by this phishing attack, including SGS, Dimensional, Metrohm, SBI (Mauritius) Ltd, NUOVO IMAIE, Bridgestone, Cargeas, ODDO BHF Asset Management, Dea Capital, Equinti, and Capital Four. Once a user enters their password, the form will submit the password to a remote site where the attackers can collect the login credentials. Due to this, everyone must pay close attention to URLs and attachment names before submitting any information. If something looks at all suspicious, recipients should contact their network administrators to investigate further.”

Title: Tens of Thousands of Patient Files Leaked in US Hospital Attacks

Date Published: February 8,  2021

https://www.infosecurity-magazine.com/news/tens-thousands-files-leaked-us/

Excerpt: “The unnamed attack group is apparently well known to researchers and is usually in the business of double extortion ransomware, whereby data is stolen and posted to a dark web blog in a bid to force payment. However, it’s unclear why so many records were published in the first instance. Usually such groups post a small slice of what they have to prove they mean business, and only expose large volumes of data in retribution if the victim organization refuses to comply.”

Title: Sensitive Data are in Danger During the COVID Pandemic

https://bugbounter.medium.com/sensitive-data-are-in-danger-during-the-covid-pandemic-1aea3e8d20ff

Date Published: February 5, 2021

Excerpt: “The coronavirus epidemic caught the whole world off guard and caused significant changes in many businesses. Since most of the work process is conducted at home, the overall durability of endpoint and network securities is weakened. Cyber attackers can scan the vulnerabilities of remote workers that access sensitive information easier now. Therefore, companies that do not want to lose their data and suffer a major loss should care about cyber threats more than ever.”

Title: Domestic Kitten – An Inside Look at the Iranian Surveillance Operations

Date Published: February 8,  2021

https://nakedsecurity.sophos.com/2021/02/05/chrome-zero-day-browser-bug-found-patch-now/

Excerpt: “Check Point researchers recently uncovered the full extent of Domestic Kitten’s  extensive surveillance operation against Iranian citizens that could pose a threat to the stability of the Iranian regime. The operation itself is linked to the Iranian government, and executed by APT-C-50.
Starting in 2017, this operation, consisting of 10 unique campaigns, targeted over 1,200 individuals with more than 600 successful infections.  It includes 4 currently active campaigns, the most recent of which began in November 2020. In these campaigns, victims are lured to install a malicious application by multiple vectors, including an Iranian blog site, Telegram channels, and even by SMS with a link to the malicious application.”

Title: Seven Common Microsoft Active Directory Misconfigurations

Date Published: February 8,  2021

https://rootdaemon.com/2021/02/08/seven-common-microsoft-active-directory-misconfigurations-e-hacking-news/

Excerpt: “The modern IT association has a wide assortment of responsibilities and competing priorities. Therefore, cybersecurity is regularly ignored for projects that quickly affect business operations. Sadly, this working model unavoidably prompts unaddressed vulnerabilities and security misconfigurations in services and Active Directory. Seven of the most common system and Active Directory misconfigurations are: Misconfiguration 1: Administrative Privileges When an attacker has gotten initial access inside an environment, the adversary will endeavor to lift privileges inside the network. Adversaries ordinarily have the objective of getting Active Directory Domain Administrator privileges, or, in simple words, complete control over the Active Directory domain.”

Title: Reverse engineering Emotet – Our approach to protect GRNET against the trojan

Date Published: February 8,  2021

https://cert.grnet.gr/en/blog/reverse-engineering-emotet/

Excerpt: “In October 2020 we observed an outbreak of malicious e-mails reaching GRNET employees’ inboxes. Meanwhile, similar campaigns were also targeting several public and private sector organizations in Greece. After acquiring dozens of such e-mails, we started planning our defensive strategy. To do so, we started analyzing the malware that was attached to the emails and realized that were dealing with the infamous Emotet trojan.”

Title: Ziggy Ransomware Shuts Down and Releases Victims’ Decryption Keys

Date Published: February 7,  2021

https://www.bleepingcomputer.com/news/security/ziggy-ransomware-shuts-down-and-releases-victims-decryption-keys/

Excerpt: “In an interview with BleepingComputer, the ransomware admin said they created the ransomware to generate money as they live in a “third-world country.” After feeling guilty about their actions and concerns over recent law enforcement operations against Emotet and Netwalker ransomware, the admin decided to shut down and release all of the keys. Today, the Ziggy ransomware admin posted a SQL file containing 922 decryption keys for encrypted victims. For each victim, the SQL file lists three keys needed to decrypt their encrypted files.”

Title: Fortinet Fixes Critical Vulnerabilities in SSL VPN and Web Firewall

Date Published: February 7,  2021

https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-vulnerabilities-in-ssl-vpn-and-web-firewall/

Excerpt: “Fortinet has fixed multiple severe vulnerabilities impacting its products. The vulnerabilities range from Remote Code Execution (RCE) to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products. Of particular note is the vulnerability CVE-2018-13381 in FortiProxy SSL VPN that can be triggered by a remote, unauthenticated actor through a crafted POST request. Due to a buffer overflow in the SSL VPN portal of FortiProxy, a specially crafted POST request of large size, when received by the product is capable of crashing it, leading to a Denial of Service (DoS) condition.”

Title: Web Developers Sitepoint Discloses a Data Breach

Date Published: February 7,  2021

https://securityaffairs.co/wordpress/114290/data-breach/sitepoint-discloses-data-breach.html

Excerpt: “SitePoint is an Australian-based website, and publisher of books, courses and articles for web developers. The company has disclosed a data breach and notified its users via email. Threat actors offered to sell an archive containing user details for one million SitePoint users on a cybercrime forum. In December, security experts from Bleeping Computer reported that a threat actor was selling user records allegedly stolen from twenty-six companies on a hacker forum.”

Recent Posts

June 30, 2022

Title: Google Blocked Dozens of Domains Used by Hack-For-Hire Groups Date Published: June 30, 2022 https://www.bleepingcomputer.com/news/security/google-blocked-dozens-of-domains-used-by-hack-for-hire-groups/ Excerpt: “Google's Threat Analysis Group (TAG) has blocked...

June 28, 2022

Title: Over 900,000 Kubernetes Instances Found Exposed Online Date Published: June 28, 2022 https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/ Excerpt: “Over 900,000 misconfigured Kubernetes clusters were found...

June 27, 2022

Title: CafePress Fined $500,000 for Breach Affecting 23 Million Users Date Published: June 24, 2022 https://www.bleepingcomputer.com/news/security/cafepress-fined-500-000-for-breach-affecting-23-million-users/ Excerpt: “The U.S. Federal Trade Commission (FTC) has...

June 24, 2022

Title: Scalper Bots out of Control in Israel, Selling State Appointments Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/scalper-bots-out-of-control-in-israel-selling-state-appointments/ Excerpt: “Out-of-control scalper bots have created...

June 23, 2022

Title: New MetaMask Phishing Campaign uses KYC Lures to Steal Passphrases Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/new-metamask-phishing-campaign-uses-kyc-lures-to-steal-passphrases/ Excerpt: “A new phishing campaign is targeting...

June 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage Date Published: June 22, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/ Excerpt: “Microsoft has revealed that this week's...

June 21, 2022

Title: Microsoft 365 Outage Affects Microsoft Teams and Exchange Online Date Published: June 21, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-affects-microsoft-teams-and-exchange-online/ Excerpt: “An ongoing outage affects multiple...