OSN MARCH 19, 2021

Fortify Security Team
Mar 19, 2021

Title: Russian Pleads Guilty to Tesla Hacking and Extortion Attempt
Date Published: March 19, 2021

https://www.bleepingcomputer.com/news/security/russian-pleads-guilty-to-tesla-hacking-and-extortion-attempt/

Excerpt: “Russian national Egor Igorevich Kriuchkov has pleaded guilty to recruiting a Tesla employee to plant malware designed to steal data within the network of Tesla’s Nevada Gigafactory. His end goal was to extort the company using the sensitive information stolen from Tesla’s servers as leverage to convince the company to pay a ransom to avoid having the data leaked. To convince the company’s employee to act as an insider for his criminal gang, Kriuchkov told him that he would be paid $1,000,000 worth of bitcoins after the malware got deployed on the company’s network, according to court documents.”

Title: New Windows 10 Emergency Updates Fix Remaining Printing Issues
Date Published: March 19, 2021

https://www.bleepingcomputer.com/news/microsoft/new-windows-10-emergency-updates-fix-remaining-printing-issues/

Excerpt: “Microsoft has released the Windows 10 KB5001649 emergency update to fix printing issues plaguing users since the March 2021 Patch Tuesday updates. On March 9th, Microsoft released their March 2021 Patch Tuesday security updates and cumulative updates for Windows. Windows 10 would crash when printing with an “APC_INDEX_MISMATCH for win32kfull.sys” error or printed pages would have missing graphics, black bars, or blank pages.”

Title: CISA and FBI Warn of Ongoing Trickbot Attacks
Date Published: March 19, 2021

https://securityaffairs.co/wordpress/115743/malware/cisa-fbi-trickbot-attacks.html

Excerpt: “CISA and FBI are aware of recent attacks that use phishing emails, claiming to contain proof of a traffic violation, to steal sensitive information. The phishing emails contain links that redirect to a website hosted on a compromised server that prompts the victim to click on photo proof of their traffic violation.” continues the report. “In clicking the photo, the victim unknowingly downloads a malicious JavaScript file that, when opened, automatically communicates with the malicious actor’s command and control (C2) server to download TrickBot to the victim’s system”.”

Title: ESET Exposes Malware Disguised as Clubhouse App
Date Published: March 19, 2021

https://www.infosecurity-magazine.com/news/eset-malware-disguised-clubhouse/

Excerpt: “Revealing its findings in a blog post, the cybersecurity firm said the Trojan malware aims to steal users’ login information for a variety of online services. Disguised as an Android version of the audio chat app (which does not current exist), it is capable of taking credentials for over 450 apps and is also able to bypass SMS-based two factor authentication (2FA).”

Title: Playstation 5 Contest Scam
Date Published: March 19, 2021

https://www.kaspersky.com/blog/scam-with-playstation-5-giveaway/39089/

Excerpt: “The page ramps up the phishing pressure, saying you’re one of ten lucky visitors who can win the coveted console this week, but you have to act in the next minute and 18 seconds — just enough time to complete the short survey and enter the drawing. This, of course, is another example of a pretty effective phishing tactic: Ramp up the pressure with an artificial time constraint and people will panic and rush instead of slowing down to apply critical thinking.”

Title: Microsoft Defender Adds Automatic Exchange Proxylogon Mitigation
Date Published: March 19,  2021

https://www.bleepingcomputer.com/news/security/microsoft-defender-adds-automatic-exchange-proxylogon-mitigation/

Excerpt: “The Microsoft Defender automatic protection from active attacks targeting unpatched Exchange servers works by breaking the attack chain. It automatically mitigates CVE-2021-26855 via a URL Rewrite configuration and scans the servers for changes made by previous attacks, automatically reversing them. “With the latest security intelligence update, Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed,” Microsoft added.”

Title: Revil Ransomware Has a New ‘Windows Safe Mode’ Encryption Mode
Date Published: March 19,  2021

https://www.bleepingcomputer.com/news/security/revil-ransomware-has-a-new-windows-safe-mode-encryption-mode/

Excerpt: “The REvil ransomware operation has added a new ability to encrypt files in Windows Safe Mode, likely to evade detection by security software and for greater success when encrypting files. Windows Safe Mode is a special startup mode that allows users to run administrative and diagnostic tasks on the operating system. This mode only loads the bare minimum of software and drivers required for the operating system to work. Furthermore, any programs installed in Windows that are configured to start automatically will not start in Safe Mode unless their autorun is configured a certain way.”

Title: New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
Date Published: March 18, 2021

https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/

Excerpt: “This year has brought two disturbing new trends into prominence: the targeting of developers and the use of supply chain attacks to infect broad swaths of customers. Targeting software developers is the first step in a successful supply chain attack. One way to do so is to abuse the very development tools necessary to carry out this work. In Jan 2021, Google TAG announced their discovery of a North Korean campaign targeting security researchers and exploit developers. One of the methods of infection entailed the sharing of a Visual Studio project designed to load a malicious DLL. In this post, we discuss a similar attack targeting Apple developers through malicious Xcode projects.”

Title: Mysterious Bug Is Deleting Microsoft Teams, SharePoint Files
Date Published: March 18, 2021

https://www.bleepingcomputer.com/news/microsoft/mysterious-bug-is-deleting-microsoft-teams-sharepoint-files/

Excerpt: “Microsoft later confirmed that the outage was caused by a configuration issue in their Azure Active Directory service. Since Tuesday, BleepingComputer has spoken to numerous Microsoft SharePoint administrators bombarded with client calls about missing files in their SharePoint folders. When the admins look into the issue, they find the SharePoint folder structure to be intact, but all of the files are missing. Eventually, they find that the files have been deleted and are now located in SharePoint’s cloud recycle bin, or in some cases, a local PC’s Recycle Bin.”

Title: FBI: Business Email Compromise Cost $1.8B in 2020
Date Published: March 18, 2021

https://www.darkreading.com/attacks-breaches/fbi-business-email-compromise-cost-$18b-in-2020/d/d-id/1340452

Excerpt: “Officials report BEC scams have evolved since 2013, when these attacks typically spoofed email accounts of chief executive officers or chief financial officers and requested wire payments. The scams have since evolved to compromise personal emails and vendor emails. In 2020, the IC3 saw more BEC complaints detail identity theft and funds being converted into cryptocurrency. In the latest BEC attacks, a victim is targeted with a different type of scam: extortion, tech support, or romance scams, among others. The victim provides an attacker with a form of identification, which is then used to create a bank account and receive stolen BEC funds that are later transferred into a cryptocurrency account.”

Recent Posts

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...