OSN FEBRUARY 9, 2021

by | Feb 11, 2021 | Open Source News

Title: Microsoft: Keep Your Guard up Even After Emotet’s Disruption

Date Published: February 8, 2021

https://www.bleepingcomputer.com/news/security/microsoft-keep-your-guard-up-even-after-emotet-s-disruption/

Excerpt: “With law enforcement taking over the botnet and forcing it to uninstall itself in April, this could amount to a significant disruption that should make it very difficult for Emotet to return. However, notwithstanding all signs pointing to Emotet having a hard time coming back, other disrupted botnets have been able to recover in the past despite concerted effort to take down. For instance, despite hopes that the disruption of TrickBot in October by the US government and Microsoft would have had a long-term effect, TrickBot was soon back up and running.”

Title: Microsoft to Alert Enterprise Security Teams When Nation-State Attackers Target Their Employees

Date Published: February 9, 2021

https://www.helpnetsecurity.com/2021/02/09/enterprise-alert-nation-state/

Excerpt: “The new feature might be a direct consequence of the recent SolarWinds hack, during which the attackers – who are believed to be government-backed – have also compromised some of the company’s Office 365 email accounts (though that was not the initial attack vector). Google has, on the other hand, started warning Gmail users of state-sponsored attacks in 2012 and G Suite admins in 2018, allowing them to reset the password of any account with suspicious activity, enroll the user in 2-Step Verification, or ask them to take additional steps to secure their account.”

Title: Iranian Cyber Groups Spying on Dissidents & Others of Interest to Government

Date Published: February 9,  2021

https://www.darkreading.com/attacks-breaches/iranian-cyber-groups-spying-on-dissidents-and-others-of-interest-to-government/d/d-id/1340104

Excerpt: “Infy’s modus operandi has been to install surveillance malware on PCs belonging to targeted individuals and collecting a wide range of information from them, including contact information, sensitive data, voice recordings, and image captures. Infy ceased operations briefly between mid-2016 and mid-2017 after researchers from Palo Alto took down the group’s command-and-control (C2) infrastructure and, with that, its ability to communicate with the victims.”

Title: Hacker Tries to Poison Water Supply of Florida Town

https://threatpost.com/hacker-tries-to-poison-water-supply-of-florida-town/163761/

Date Published: February 9, 2021

Excerpt: “A threat actor hacked into the computer system of the water treatment facility in Oldsmar, Fla., and tried to poison the town’s water supply by raising the levels of sodium hydroxide, or lye, in the water supply. The attack happened just two days before NFL’s Super Bowl LV was held nearby in Tampa Bay, according to local authorities. An operator at the plant first noticed a brief intrusion Friday, Feb. 5, around 8:00 a.m., Pinellas County Sheriff Bob Gualtieri said in a press conference about the incident Monday. Someone remotely accessed the computer system the operator was monitoring that controls chemical levels in the water as well as other operations, he said.”

Title: CD Projekt Red Gaming Studio Hit by Ransomware Attack

Date Published: February 9,  2021

https://www.bleepingcomputer.com/news/security/cd-projekt-red-gaming-studio-hit-by-ransomware-attack/

Excerpt: “The attackers claim in the ransom note left on CD PROJEKT RED’s encrypted systems that they were able to steal the full source code of Cyberpunk 2077, the Witcher 3, Gwent, as well as for an unreleased Witcher 3 version. They also allegedly exfiltrated accounting, administration, legal, HR, and investor relations documents before encrypting the company’s systems. Systems compromised in the attack did not contain customers’ personal data according to information available following an ongoing investigation.”

Title: Ukrainian Police Arrest Author of World’s Largest Phishing Service U-Admin

Date Published: February 9,  2021

https://thehackernews.com/2021/02/ukrainian-police-arrest-author-of.html

Excerpt: “The Ukrainian attorney general’s office said it worked with the National Police and its Main Investigation Department to identify a 39-year-old man from the Ternopil region who developed a phishing package and a special administrative panel for the service, which were then aimed at several banks located in Australia, Spain, the U.S., Italy, Chile, the Netherlands, Mexico, France, Switzerland, Germany, and the U.K.”

Title: Malicious Code Injected via Google Chrome Extension Highlights App Risks

Date Published: February 8,  2021

https://www.darkreading.com/application-security/malicious-code-injected-via-google-chrome-extension-highlights-app-risks/d/d-id/1340100

Excerpt: “The Great Suspender utility for Chrome has a very simple task—reduce the memory consumed by the browser through shutting down tab processes that are old, removing their content from memory. Yet, the original maintainer of the open-source project sold the code to an unknown group, who changed the functionality of the plugin and installed updated code on users’ systems without notification and without publishing the code to the plugin’s repository on GitHub, according to some reports.”

Title: Critical WordPress Plugin Flaw Allows Site Takeover

Date Published: February 8,  2021

https://threatpost.com/critical-wordpress-plugin-flaw-site-takeover/163734/

Excerpt: “Researchers are urging WordPress websites that utilize the NextGen Gallery plugin to apply a patch addressing critical and high-severity flaws. The NextGen Gallery plugin, which is installed on 800,000 WordPress websites, allows sites to upload photos in batch quantities, import metadata and edit image thumbnails. Researchers discovered two cross-site request forgery (CSRF) flaws – one critical and one high-severity – in the plugin.”

Title: Top Barcode Scanner App Infected 10 Million Users With Malware

Date Published: February 8,  2021

https://www.hackread.com/barcode-scanner-app-infected-users-malware/

Excerpt: “According to Malwarebytes’ Nathan Collier, the added code utilized “heavy obfuscation’ for evading detection. After the malware was discovered, the company ‘jumped past’ its original Adware detection category to Trojan, and Google was promptly notified. The app was removed straightaway. What really happened with the app remains unclear. Was it hijacked by cyber crooks or the developers created it with the intention of turning it into malware? Let’s wait and watch until the truth unfolds.”

Title: Emsisoft Suffers System Breach

Date Published: February 8,  2021

https://www.inoreader.com/article/3a9c6e7bd3b1ad94-emsisoft-suffers-system-breach

Excerpt: “The attack profile indicates that this was an automated attack and not specifically targeted at Emsisoft. Also, our traffic logs indicate that only parts of the affected database were accessed and not the entire database,” wrote Mairoll in a February 4 incident update. “However, due to technical limitations it’s impossible to determine exactly which data rows were accessed”.”