OSN MARCH 1, 2021

Fortify Security Team
Mar 1, 2021

Title: NSA, Microsoft Promote a Zero Trust Approach to Cybersecurity
Date Published: February 27, 2021


Excerpt: “Combining user and device data with security-relevant information such as location, time, logged behavior, can be used by the system to allow or deny access to specific assets, and the decision is logged for use in future suspicious activity analytics. This process applies to every individual access request to a sensitive resource. Building a mature zero-trust environment, though, is not a task done overnight but a gradual transition that often requires additional capabilities as it does not address new adversary tools, tactics, or techniques.”

Title: Critical Flaw in Rockwell PLCs Allows Attackers To Fiddle With Them (CVE-2021-22681)
Date Published: March 1, 2021


Excerpt: “Rockwell Automation’s PLCs are used around the world to control industrial equipment. The flaw may allow an attacker to discover the cryptographic key used to verify communication between Rockwell Logix controllers and their engineering stations. A critical, easy to exploit vulnerability (CVE-2021-22681) may allow attackers to remotely connect to a number of Rockwell Automation’s programmable logic controllers (PLCs) and to install new (malicious) firmware, alter the device’s configuration, and so on. Due to these factors the vulnerability has received the maximum CVSS v3 severity score – 10.0.”

Title: Intern Caused ‘solarwinds123’ Password Leak, Former SolarWinds CEO Says
Date Published: March 1,  2021


Excerpt: “Top executives of the SolarWinds firm believe that the root cause of the recently disclosed supply chain attack is an intern that has used a weak password for several years. Initial investigation suggested that the password “solarwinds123” was publicly accessible via a misconfigured GitHub repository since June 17, 2018. The issue was addressed on November 22, 2019. In December, Security researcher Vinoth Kumar revealed he notified the company of a publicly accessible GitHub repository that was leaking the FTP credentials of the company’s download website in the clear text. An attacker could have used these credentials to upload tainted updates to the company download site.”

Title: Ryuk Ransomware Updated With ‘Worm-Like Capabilities’
Date Published: March 1, 2021


Excerpt: “Updating Ryuk with this capability is notable because it’s a type of human-operated ransomware, meaning that after attackers gain remote access to a system, they manually conduct reconnaissance of the system, drop malicious executables and later trigger them. Imbuing the ransomware with worm-like capabilities, however, means that attackers appear to be trying to better automate their ability to rapidly disperse malware from an initial, infected system across an entire network, thus reducing the “intrusion to infection” time.”

Title: Gootkit RAT Using SEO To Distribute Malware Through Compromised Sites
Date Published: March 1, 2021


Excerpt: “The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft,” Sophos researchers Gabor Szappanos and Andrew Brandt said in a write-up published today. “In recent years, almost as much effort has gone into improvement of its delivery method as has gone into the NodeJS-based malware itself.” Dubbed “Gootloader,” the expanded malware delivery system comes amid a surge in the number of infections targeting users in France, Germany, South Korea, and the U.S.”

Title: Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions
Date Published: March 1,  2021


Excerpt: “The attacks, which coincided with the standoff between the two nations in May 2020, targeted a total of 12 organizations, 10 of which are in the power generation and transmission sector. “10 distinct Indian power sector organizations, including four of the five Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India’s critical infrastructure,” Recorded Future said in a report published yesterday. “Other targets identified included 2 Indian seaports”.”

Title: Businessman Charged With Intent To Steal General Electric’s Secret Silicon Technology
Date Published: March 1,  2021


Excerpt: “According to the DoJ indictment, between roughly March 2017 and January 2018, Ng teamed up with a co-conspirator, a former GE engineer, to hash out a plan to steal the company’s proprietary data.  General Electric’s silicon carbide metal-oxide semiconductor field-effect transistors (MOSFETs) are semiconductor designs that the company has been working on for more than a decade. GE’s chips are used in a variety of products and have landed the firm contracts in both the automotive and military space.”

Title: Gab Hacked – DDoSecrets Leak Profiles, Posts, DMs, Passwords Online
Date Published: March 1,  2021


Excerpt: “On February 26th,2020, Gab.com published a blog post in which the company addressed hacking-related rumors and denied that it has suffered a data breach. The company then went offline mysteriously for a short period of time a week ago and insisted that there was some issue with Bitcoin wallet spam which affected only a few accounts. Gab’s CEO Andrew Torba claimed that they were contacted by reporters who talked about an alleged data breach that may have leaked an archive of posts, DMs, profiles, and hashed passwords.”

Title: Recent Google Voice Outage Caused by Expired Certificates
Date Published: February 28, 2021


Excerpt: “Due to an issue with updating certificate configurations, the active certificate in Google Voice frontend systems inadvertently expired at 2021-02-15 23:51:00, triggering the issue,” Google explained. “During the impact period, any clients attempting to establish or reestablish an SIP connection were unable to do so.” After the expired certificates triggered the outage, users could not access the Google Voice service to make or receive VoIP calls. However, client devices that already had an active SIP connection before the incident were unaffected during the outage (as long as the connection was not interrupted).”

Title: Beware: AOL Phishing Email States Your Account Will Be Closed
Date Published: February 28,  2021


Excerpt: “Scared that the email accounts they used for close to 25 years would be closed, they forwarded me the email and asked for advice. The email stated that they need to login and verify their account within 72 hours, or AOL will deactivate their account. “We don’t want to say goodbye!” “We noticed you haven’t updated your account information recently, and since your security is our top priority, we plan to close this account as soon as possible. It’s going to take 3 days unless you act soon. Unless you verify this account, it will be closed in 72 hrs,” warns the AOL phishing email.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...