OSN MARCH 1, 2021

Fortify Security Team
Mar 1, 2021

Title: NSA, Microsoft Promote a Zero Trust Approach to Cybersecurity
Date Published: February 27, 2021


Excerpt: “Combining user and device data with security-relevant information such as location, time, logged behavior, can be used by the system to allow or deny access to specific assets, and the decision is logged for use in future suspicious activity analytics. This process applies to every individual access request to a sensitive resource. Building a mature zero-trust environment, though, is not a task done overnight but a gradual transition that often requires additional capabilities as it does not address new adversary tools, tactics, or techniques.”

Title: Critical Flaw in Rockwell PLCs Allows Attackers To Fiddle With Them (CVE-2021-22681)
Date Published: March 1, 2021


Excerpt: “Rockwell Automation’s PLCs are used around the world to control industrial equipment. The flaw may allow an attacker to discover the cryptographic key used to verify communication between Rockwell Logix controllers and their engineering stations. A critical, easy to exploit vulnerability (CVE-2021-22681) may allow attackers to remotely connect to a number of Rockwell Automation’s programmable logic controllers (PLCs) and to install new (malicious) firmware, alter the device’s configuration, and so on. Due to these factors the vulnerability has received the maximum CVSS v3 severity score – 10.0.”

Title: Intern Caused ‘solarwinds123’ Password Leak, Former SolarWinds CEO Says
Date Published: March 1,  2021


Excerpt: “Top executives of the SolarWinds firm believe that the root cause of the recently disclosed supply chain attack is an intern that has used a weak password for several years. Initial investigation suggested that the password “solarwinds123” was publicly accessible via a misconfigured GitHub repository since June 17, 2018. The issue was addressed on November 22, 2019. In December, Security researcher Vinoth Kumar revealed he notified the company of a publicly accessible GitHub repository that was leaking the FTP credentials of the company’s download website in the clear text. An attacker could have used these credentials to upload tainted updates to the company download site.”

Title: Ryuk Ransomware Updated With ‘Worm-Like Capabilities’
Date Published: March 1, 2021


Excerpt: “Updating Ryuk with this capability is notable because it’s a type of human-operated ransomware, meaning that after attackers gain remote access to a system, they manually conduct reconnaissance of the system, drop malicious executables and later trigger them. Imbuing the ransomware with worm-like capabilities, however, means that attackers appear to be trying to better automate their ability to rapidly disperse malware from an initial, infected system across an entire network, thus reducing the “intrusion to infection” time.”

Title: Gootkit RAT Using SEO To Distribute Malware Through Compromised Sites
Date Published: March 1, 2021


Excerpt: “The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft,” Sophos researchers Gabor Szappanos and Andrew Brandt said in a write-up published today. “In recent years, almost as much effort has gone into improvement of its delivery method as has gone into the NodeJS-based malware itself.” Dubbed “Gootloader,” the expanded malware delivery system comes amid a surge in the number of infections targeting users in France, Germany, South Korea, and the U.S.”

Title: Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions
Date Published: March 1,  2021


Excerpt: “The attacks, which coincided with the standoff between the two nations in May 2020, targeted a total of 12 organizations, 10 of which are in the power generation and transmission sector. “10 distinct Indian power sector organizations, including four of the five Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India’s critical infrastructure,” Recorded Future said in a report published yesterday. “Other targets identified included 2 Indian seaports”.”

Title: Businessman Charged With Intent To Steal General Electric’s Secret Silicon Technology
Date Published: March 1,  2021


Excerpt: “According to the DoJ indictment, between roughly March 2017 and January 2018, Ng teamed up with a co-conspirator, a former GE engineer, to hash out a plan to steal the company’s proprietary data.  General Electric’s silicon carbide metal-oxide semiconductor field-effect transistors (MOSFETs) are semiconductor designs that the company has been working on for more than a decade. GE’s chips are used in a variety of products and have landed the firm contracts in both the automotive and military space.”

Title: Gab Hacked – DDoSecrets Leak Profiles, Posts, DMs, Passwords Online
Date Published: March 1,  2021


Excerpt: “On February 26th,2020, Gab.com published a blog post in which the company addressed hacking-related rumors and denied that it has suffered a data breach. The company then went offline mysteriously for a short period of time a week ago and insisted that there was some issue with Bitcoin wallet spam which affected only a few accounts. Gab’s CEO Andrew Torba claimed that they were contacted by reporters who talked about an alleged data breach that may have leaked an archive of posts, DMs, profiles, and hashed passwords.”

Title: Recent Google Voice Outage Caused by Expired Certificates
Date Published: February 28, 2021


Excerpt: “Due to an issue with updating certificate configurations, the active certificate in Google Voice frontend systems inadvertently expired at 2021-02-15 23:51:00, triggering the issue,” Google explained. “During the impact period, any clients attempting to establish or reestablish an SIP connection were unable to do so.” After the expired certificates triggered the outage, users could not access the Google Voice service to make or receive VoIP calls. However, client devices that already had an active SIP connection before the incident were unaffected during the outage (as long as the connection was not interrupted).”

Title: Beware: AOL Phishing Email States Your Account Will Be Closed
Date Published: February 28,  2021


Excerpt: “Scared that the email accounts they used for close to 25 years would be closed, they forwarded me the email and asked for advice. The email stated that they need to login and verify their account within 72 hours, or AOL will deactivate their account. “We don’t want to say goodbye!” “We noticed you haven’t updated your account information recently, and since your security is our top priority, we plan to close this account as soon as possible. It’s going to take 3 days unless you act soon. Unless you verify this account, it will be closed in 72 hrs,” warns the AOL phishing email.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...