OSN MARCH 1, 2021

Fortify Security Team
Mar 1, 2021

Title: NSA, Microsoft Promote a Zero Trust Approach to Cybersecurity
Date Published: February 27, 2021

https://www.bleepingcomputer.com/news/security/nsa-microsoft-promote-a-zero-trust-approach-to-cybersecurity/

Excerpt: “Combining user and device data with security-relevant information such as location, time, logged behavior, can be used by the system to allow or deny access to specific assets, and the decision is logged for use in future suspicious activity analytics. This process applies to every individual access request to a sensitive resource. Building a mature zero-trust environment, though, is not a task done overnight but a gradual transition that often requires additional capabilities as it does not address new adversary tools, tactics, or techniques.”

Title: Critical Flaw in Rockwell PLCs Allows Attackers To Fiddle With Them (CVE-2021-22681)
Date Published: March 1, 2021

https://www.helpnetsecurity.com/2021/02/26/expanding-attack-surfaces/

Excerpt: “Rockwell Automation’s PLCs are used around the world to control industrial equipment. The flaw may allow an attacker to discover the cryptographic key used to verify communication between Rockwell Logix controllers and their engineering stations. A critical, easy to exploit vulnerability (CVE-2021-22681) may allow attackers to remotely connect to a number of Rockwell Automation’s programmable logic controllers (PLCs) and to install new (malicious) firmware, alter the device’s configuration, and so on. Due to these factors the vulnerability has received the maximum CVSS v3 severity score – 10.0.”

Title: Intern Caused ‘solarwinds123’ Password Leak, Former SolarWinds CEO Says
Date Published: March 1,  2021

https://securityaffairs.co/wordpress/115134/security/solarwinds-intern-solarwinds123-password-leak.html

Excerpt: “Top executives of the SolarWinds firm believe that the root cause of the recently disclosed supply chain attack is an intern that has used a weak password for several years. Initial investigation suggested that the password “solarwinds123” was publicly accessible via a misconfigured GitHub repository since June 17, 2018. The issue was addressed on November 22, 2019. In December, Security researcher Vinoth Kumar revealed he notified the company of a publicly accessible GitHub repository that was leaking the FTP credentials of the company’s download website in the clear text. An attacker could have used these credentials to upload tainted updates to the company download site.”

Title: Ryuk Ransomware Updated With ‘Worm-Like Capabilities’
Date Published: March 1, 2021

https://www.bankinfosecurity.com/ryuk-ransomware-updated-worm-like-capabilities-a-16080

Excerpt: “Updating Ryuk with this capability is notable because it’s a type of human-operated ransomware, meaning that after attackers gain remote access to a system, they manually conduct reconnaissance of the system, drop malicious executables and later trigger them. Imbuing the ransomware with worm-like capabilities, however, means that attackers appear to be trying to better automate their ability to rapidly disperse malware from an initial, infected system across an entire network, thus reducing the “intrusion to infection” time.”

Title: Gootkit RAT Using SEO To Distribute Malware Through Compromised Sites
Date Published: March 1, 2021

https://thehackernews.com/2021/03/gootkit-rat-using-seo-to-distribute.html

Excerpt: “The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft,” Sophos researchers Gabor Szappanos and Andrew Brandt said in a write-up published today. “In recent years, almost as much effort has gone into improvement of its delivery method as has gone into the NodeJS-based malware itself.” Dubbed “Gootloader,” the expanded malware delivery system comes amid a surge in the number of infections targeting users in France, Germany, South Korea, and the U.S.”

Title: Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions
Date Published: March 1,  2021

https://thehackernews.com/2021/03/chinese-hackers-targeted-indias-power.html

Excerpt: “The attacks, which coincided with the standoff between the two nations in May 2020, targeted a total of 12 organizations, 10 of which are in the power generation and transmission sector. “10 distinct Indian power sector organizations, including four of the five Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India’s critical infrastructure,” Recorded Future said in a report published yesterday. “Other targets identified included 2 Indian seaports”.”

Title: Businessman Charged With Intent To Steal General Electric’s Secret Silicon Technology
Date Published: March 1,  2021

https://www.zdnet.com/article/businessman-charged-with-intent-to-steal-general-electrics-secret-silicon-technology/#ftag=RSSbaffb68

Excerpt: “According to the DoJ indictment, between roughly March 2017 and January 2018, Ng teamed up with a co-conspirator, a former GE engineer, to hash out a plan to steal the company’s proprietary data.  General Electric’s silicon carbide metal-oxide semiconductor field-effect transistors (MOSFETs) are semiconductor designs that the company has been working on for more than a decade. GE’s chips are used in a variety of products and have landed the firm contracts in both the automotive and military space.”

Title: Gab Hacked – DDoSecrets Leak Profiles, Posts, DMs, Passwords Online
Date Published: March 1,  2021

https://thehackernews.com/2021/02/cisco-releases-security-patches-for.html

Excerpt: “On February 26th,2020, Gab.com published a blog post in which the company addressed hacking-related rumors and denied that it has suffered a data breach. The company then went offline mysteriously for a short period of time a week ago and insisted that there was some issue with Bitcoin wallet spam which affected only a few accounts. Gab’s CEO Andrew Torba claimed that they were contacted by reporters who talked about an alleged data breach that may have leaked an archive of posts, DMs, profiles, and hashed passwords.”

Title: Recent Google Voice Outage Caused by Expired Certificates
Date Published: February 28, 2021

https://www.bleepingcomputer.com/news/google/recent-google-voice-outage-caused-by-expired-certificates/

Excerpt: “Due to an issue with updating certificate configurations, the active certificate in Google Voice frontend systems inadvertently expired at 2021-02-15 23:51:00, triggering the issue,” Google explained. “During the impact period, any clients attempting to establish or reestablish an SIP connection were unable to do so.” After the expired certificates triggered the outage, users could not access the Google Voice service to make or receive VoIP calls. However, client devices that already had an active SIP connection before the incident were unaffected during the outage (as long as the connection was not interrupted).”

Title: Beware: AOL Phishing Email States Your Account Will Be Closed
Date Published: February 28,  2021

https://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/

Excerpt: “Scared that the email accounts they used for close to 25 years would be closed, they forwarded me the email and asked for advice. The email stated that they need to login and verify their account within 72 hours, or AOL will deactivate their account. “We don’t want to say goodbye!” “We noticed you haven’t updated your account information recently, and since your security is our top priority, we plan to close this account as soon as possible. It’s going to take 3 days unless you act soon. Unless you verify this account, it will be closed in 72 hrs,” warns the AOL phishing email.”

Recent Posts

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...

April 26, 2022

Title: CISA Adds 7 Vulnerabilities to List of Bugs Exploited in Attacks Date Published: April 25, 2022 https://www.bleepingcomputer.com/news/security/cisa-adds-7-vulnerabilities-to-list-of-bugs-exploited-in-attacks/ Excerpt: “The U.S. Cybersecurity and Infrastructure...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...

April 26, 2022

Title: CISA Adds 7 Vulnerabilities to List of Bugs Exploited in Attacks Date Published: April 25, 2022 https://www.bleepingcomputer.com/news/security/cisa-adds-7-vulnerabilities-to-list-of-bugs-exploited-in-attacks/ Excerpt: “The U.S. Cybersecurity and Infrastructure...