OSN MARCH 2, 2021

by | Mar 2, 2021 | Open Source News

Title: Multi-Payload Gootloader Platform Stealthily Delivers Malware and Ransomware
Date Published: March 2, 2021

https://www.helpnetsecurity.com/2021/03/02/gootloader-malware-ransomware/

Excerpt: “The delivery method for the six-year-old Gootkit financial malware has been developed into a complex and stealthy delivery system for a wide range of malware, including ransomware. Sophos researchers have named the platform Gootloader. It is actively delivering malicious payloads through tightly targeted operations in the US, Germany and South Korea. Previous campaigns also targeted internet users in France.”

Title: Alleged China-Linked apt41 Group Targets Indian Critical Infrastructures
Date Published: March 1, 2021

https://threatpost.com/hacktivists-gab-posts-passwords/164360/

Excerpt: “The alleged China-linked APT group also targeted a high-voltage transmission substation and a coal-fired thermal power plant. Researchers identified 21 IP addresses associated with 10 distinct Indian organizations in the power generation and the transmission sector that were targeted as part of this campaign. Experts determined that two additional critical infrastructures targeted by the group were in the maritime industry. “The targeting of these critical power assets offer limited economic espionage opportunities, but pose significant concerns over potential pre-positioning of network access to support other Chinese strategic objectives,” conclude the expert”.”

Title: Passwords, Private Posts Exposed in Hack of Gab Social Network
Date Published: March 1,  2021

https://threatpost.com/hacktivists-gab-posts-passwords/164360/

Excerpt: “The Gab release is just the latest leak from DDoSecrets, which appears to be ramping up its operations. DDoS secrets has also recently released data exfiltrated from around 120,000 Myanmar corporations in the wake of the military coup against the country’s government, and published a massive leak of law enforcement data, dubbed BlueLeaks, in June. DDoSecrets is poised to pick up right where WikiLeaks left off, according to a Wired report on the group from last summer. In 2018, they published emails between Russian leaders and oligarchs, and in 2019, they released hacked emails from a London financial firm known for money laundering.”

Title: Obliquerat Trojan Now Lurks in Images on Compromised Websites
Date Published: March 2, 2021

https://www.zdnet.com/article/obliquerat-trojan-now-hides-in-images-on-compromised-websites/

Excerpt: “When first discovered, the malware was described as a “simple” RAT with the typical, core functionality of a Trojan focused on data theft — such as the ability to exfiltrate files, connect to a command-and-control (C2) server, and the ability to terminate existing processes. The malware is also able to check for any clues indicating its target is sandboxed, a common practice for cybersecurity engineers to implement in reverse-engineering malware samples.”

Title: Malicious NPM Packages Target Amazon, Slack With New Dependency Attacks
Date Published: March 2, 2021

https://www.bleepingcomputer.com/news/security/malicious-npm-packages-target-amazon-slack-with-new-dependency-attacks/

Excerpt: “This flaw works by attackers creating packages utilizing the same names as a company’s internal repositories or components. When hosted on public repositories, including npm, PyPI, and RubyGems, dependency managers would use the packages on the public repo rather than the company’s internal packages when building the application. This “dependency confusion” would allow an attacker to inject their own malicious code into an internal application in a supply-chain attack.”

Title: Universal Health Services Estimates $67 Million in Ransomware Losses
Date Published: March 2,  2021

https://www.infosecurity-magazine.com/news/universal-health-services-67-m/

Excerpt: “A ransomware attack on Universal Health Services (UHS) last autumn cost the company an estimated $67 million in downtime and related expenses, it has revealed. The Fortune 500 healthcare organization has tens of thousands of employees in the US and UK and annual revenues exceeding $10 billion. However, it fell victim to a Ryuk attack at the end of September 2020 which forced the firm to pull the plug on key systems in the US.”

Title: DoJ Steps Up Investigation into NSO Group – Report
Date Published: March 2,  2021

https://www.infosecurity-magazine.com/news/doj-steps-up-investigation-into/

Excerpt: “The US government appears to be stepping up its investigation into a controversial spyware developer currently locked in a legal battle with WhatsApp. Lawyers with the Department of Justice (DoJ) recently requested more technical information from the Facebook messaging business regarding its court case, a person with knowledge of the matter told The Guardian. WhatsApp took Israeli firm NSO Group to court in the US in 2019, alleging the latter was directly responsible for cyber-espionage attacks deploying Pegasus spyware on 1400 of its users.”

Title: Distributor of Asian Food Jfc International Hit by Ransomware
Date Published: March 2, 2021

https://securityaffairs.co/wordpress/115150/malware/jfc-international-ransomware-attack.htm

Excerpt: “JFC International (Europe) was recently subject to a ransomware attack that briefly disrupted its IT systems. A full forensic investigation by inhouse specialists together with external cyber experts was immediately started and is underway. Normal conduct of business in Europe will be up and running after a brief interruption for security reasons.” reads a press release published by the company. At the time of this writing, it is not clear which is the family of ransomware involved in the attack and whether any information was stolen by the attackers.”

Title: European E-Ticketing Platform Ticketcounter Extorted in Data Breach
Date Published: March 2, 2021

https://www.bleepingcomputer.com/news/security/european-e-ticketing-platform-ticketcounter-extorted-in-data-breach/

Excerpt: “Ticketcounter is a Dutch e-Ticketing platform that allows clients, such as zoos, parks, museums, and events, to provide online tickets to their venue. It was believed at first to be removed out of concern for the watchful eyes of the Netherlands Police. However, the threat actor told BleepingComputer that they have no fear of law enforcement, and they removed it as the database was sold privately. From the samples of the database seen by BleepingComputer, the data exposed can include full names, email addresses, phone numbers, IP addresses, and hashed passwords.”

Title: Firewall Vendor Patches Critical Auth Bypass Flaw
Date Published: March 1, 2021

https://threatpost.com/firewall-critical-security-flaw/164347/

Excerpt: “Affected by the critical flaws is the GenuGate High Resistance Firewall, which Genua touts as a two-tier firewall that includes an application-level gateway and a packet filter for blocking malicious data. “An unauthenticated attacker is able to successfully login as arbitrary user in the admin web interface, the side channel interface and user web interface, even as root with highest privileges, by manipulating certain HTTP POST parameters during login,” according to security and application consultation company SEC Consult on Monday.”