OSN February 8, 2021

by | Feb 10, 2021 | Open Source News

Title: Microsoft to Alert Office 365 Users of Nation-State Hacking Activity

Date Published: February 8, 2021

https://www.bleepingcomputer.com/news/security/microsoft-to-alert-office-365-users-of-nation-state-hacking-activity/

Excerpt: “Microsoft has been tracking, warning of, and disrupting state-sponsored hacking operations originating from Russia, Iran, and China for years. The alerts regarding hacking activity with potential nation-state fingerprints will be based on indicators of compromise and threat profiles collected and put together by Microsoft’s security experts. Support for the “Potential Nation State Activity Alerts” feature is currently in development and Microsoft is planning to make it generally available worldwide this month in all environments, for all Microsoft Defender for Office 365 (Office 365 Advanced Threat Protection) users.”

Title: New Phishing Attack Uses Morse Code to Hide Malicious URLs

Date Published: February 7, 2021

https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/

Excerpt: “BleepingComputer has seen eleven companies targeted by this phishing attack, including SGS, Dimensional, Metrohm, SBI (Mauritius) Ltd, NUOVO IMAIE, Bridgestone, Cargeas, ODDO BHF Asset Management, Dea Capital, Equinti, and Capital Four. Once a user enters their password, the form will submit the password to a remote site where the attackers can collect the login credentials. Due to this, everyone must pay close attention to URLs and attachment names before submitting any information. If something looks at all suspicious, recipients should contact their network administrators to investigate further.”

Title: Tens of Thousands of Patient Files Leaked in US Hospital Attacks

Date Published: February 8,  2021

https://www.infosecurity-magazine.com/news/tens-thousands-files-leaked-us/

Excerpt: “The unnamed attack group is apparently well known to researchers and is usually in the business of double extortion ransomware, whereby data is stolen and posted to a dark web blog in a bid to force payment. However, it’s unclear why so many records were published in the first instance. Usually such groups post a small slice of what they have to prove they mean business, and only expose large volumes of data in retribution if the victim organization refuses to comply.”

Title: Sensitive Data are in Danger During the COVID Pandemic

https://bugbounter.medium.com/sensitive-data-are-in-danger-during-the-covid-pandemic-1aea3e8d20ff

Date Published: February 5, 2021

Excerpt: “The coronavirus epidemic caught the whole world off guard and caused significant changes in many businesses. Since most of the work process is conducted at home, the overall durability of endpoint and network securities is weakened. Cyber attackers can scan the vulnerabilities of remote workers that access sensitive information easier now. Therefore, companies that do not want to lose their data and suffer a major loss should care about cyber threats more than ever.”

Title: Domestic Kitten – An Inside Look at the Iranian Surveillance Operations

Date Published: February 8,  2021

https://nakedsecurity.sophos.com/2021/02/05/chrome-zero-day-browser-bug-found-patch-now/

Excerpt: “Check Point researchers recently uncovered the full extent of Domestic Kitten’s  extensive surveillance operation against Iranian citizens that could pose a threat to the stability of the Iranian regime. The operation itself is linked to the Iranian government, and executed by APT-C-50.
Starting in 2017, this operation, consisting of 10 unique campaigns, targeted over 1,200 individuals with more than 600 successful infections.  It includes 4 currently active campaigns, the most recent of which began in November 2020. In these campaigns, victims are lured to install a malicious application by multiple vectors, including an Iranian blog site, Telegram channels, and even by SMS with a link to the malicious application.”

Title: Seven Common Microsoft Active Directory Misconfigurations

Date Published: February 8,  2021

https://rootdaemon.com/2021/02/08/seven-common-microsoft-active-directory-misconfigurations-e-hacking-news/

Excerpt: “The modern IT association has a wide assortment of responsibilities and competing priorities. Therefore, cybersecurity is regularly ignored for projects that quickly affect business operations. Sadly, this working model unavoidably prompts unaddressed vulnerabilities and security misconfigurations in services and Active Directory. Seven of the most common system and Active Directory misconfigurations are: Misconfiguration 1: Administrative Privileges When an attacker has gotten initial access inside an environment, the adversary will endeavor to lift privileges inside the network. Adversaries ordinarily have the objective of getting Active Directory Domain Administrator privileges, or, in simple words, complete control over the Active Directory domain.”

Title: Reverse engineering Emotet – Our approach to protect GRNET against the trojan

Date Published: February 8,  2021

https://cert.grnet.gr/en/blog/reverse-engineering-emotet/

Excerpt: “In October 2020 we observed an outbreak of malicious e-mails reaching GRNET employees’ inboxes. Meanwhile, similar campaigns were also targeting several public and private sector organizations in Greece. After acquiring dozens of such e-mails, we started planning our defensive strategy. To do so, we started analyzing the malware that was attached to the emails and realized that were dealing with the infamous Emotet trojan.”

Title: Ziggy Ransomware Shuts Down and Releases Victims’ Decryption Keys

Date Published: February 7,  2021

https://www.bleepingcomputer.com/news/security/ziggy-ransomware-shuts-down-and-releases-victims-decryption-keys/

Excerpt: “In an interview with BleepingComputer, the ransomware admin said they created the ransomware to generate money as they live in a “third-world country.” After feeling guilty about their actions and concerns over recent law enforcement operations against Emotet and Netwalker ransomware, the admin decided to shut down and release all of the keys. Today, the Ziggy ransomware admin posted a SQL file containing 922 decryption keys for encrypted victims. For each victim, the SQL file lists three keys needed to decrypt their encrypted files.”

Title: Fortinet Fixes Critical Vulnerabilities in SSL VPN and Web Firewall

Date Published: February 7,  2021

https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-vulnerabilities-in-ssl-vpn-and-web-firewall/

Excerpt: “Fortinet has fixed multiple severe vulnerabilities impacting its products. The vulnerabilities range from Remote Code Execution (RCE) to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products. Of particular note is the vulnerability CVE-2018-13381 in FortiProxy SSL VPN that can be triggered by a remote, unauthenticated actor through a crafted POST request. Due to a buffer overflow in the SSL VPN portal of FortiProxy, a specially crafted POST request of large size, when received by the product is capable of crashing it, leading to a Denial of Service (DoS) condition.”

Title: Web Developers Sitepoint Discloses a Data Breach

Date Published: February 7,  2021

https://securityaffairs.co/wordpress/114290/data-breach/sitepoint-discloses-data-breach.html

Excerpt: “SitePoint is an Australian-based website, and publisher of books, courses and articles for web developers. The company has disclosed a data breach and notified its users via email. Threat actors offered to sell an archive containing user details for one million SitePoint users on a cybercrime forum. In December, security experts from Bleeping Computer reported that a threat actor was selling user records allegedly stolen from twenty-six companies on a hacker forum.”