OSN MARCH 2, 2021

Fortify Security Team
Mar 2, 2021

Title: Multi-Payload Gootloader Platform Stealthily Delivers Malware and Ransomware
Date Published: March 2, 2021


Excerpt: “The delivery method for the six-year-old Gootkit financial malware has been developed into a complex and stealthy delivery system for a wide range of malware, including ransomware. Sophos researchers have named the platform Gootloader. It is actively delivering malicious payloads through tightly targeted operations in the US, Germany and South Korea. Previous campaigns also targeted internet users in France.”

Title: Alleged China-Linked apt41 Group Targets Indian Critical Infrastructures
Date Published: March 1, 2021


Excerpt: “The alleged China-linked APT group also targeted a high-voltage transmission substation and a coal-fired thermal power plant. Researchers identified 21 IP addresses associated with 10 distinct Indian organizations in the power generation and the transmission sector that were targeted as part of this campaign. Experts determined that two additional critical infrastructures targeted by the group were in the maritime industry. “The targeting of these critical power assets offer limited economic espionage opportunities, but pose significant concerns over potential pre-positioning of network access to support other Chinese strategic objectives,” conclude the expert”.”

Title: Passwords, Private Posts Exposed in Hack of Gab Social Network
Date Published: March 1,  2021


Excerpt: “The Gab release is just the latest leak from DDoSecrets, which appears to be ramping up its operations. DDoS secrets has also recently released data exfiltrated from around 120,000 Myanmar corporations in the wake of the military coup against the country’s government, and published a massive leak of law enforcement data, dubbed BlueLeaks, in June. DDoSecrets is poised to pick up right where WikiLeaks left off, according to a Wired report on the group from last summer. In 2018, they published emails between Russian leaders and oligarchs, and in 2019, they released hacked emails from a London financial firm known for money laundering.”

Title: Obliquerat Trojan Now Lurks in Images on Compromised Websites
Date Published: March 2, 2021


Excerpt: “When first discovered, the malware was described as a “simple” RAT with the typical, core functionality of a Trojan focused on data theft — such as the ability to exfiltrate files, connect to a command-and-control (C2) server, and the ability to terminate existing processes. The malware is also able to check for any clues indicating its target is sandboxed, a common practice for cybersecurity engineers to implement in reverse-engineering malware samples.”

Title: Malicious NPM Packages Target Amazon, Slack With New Dependency Attacks
Date Published: March 2, 2021


Excerpt: “This flaw works by attackers creating packages utilizing the same names as a company’s internal repositories or components. When hosted on public repositories, including npm, PyPI, and RubyGems, dependency managers would use the packages on the public repo rather than the company’s internal packages when building the application. This “dependency confusion” would allow an attacker to inject their own malicious code into an internal application in a supply-chain attack.”

Title: Universal Health Services Estimates $67 Million in Ransomware Losses
Date Published: March 2,  2021


Excerpt: “A ransomware attack on Universal Health Services (UHS) last autumn cost the company an estimated $67 million in downtime and related expenses, it has revealed. The Fortune 500 healthcare organization has tens of thousands of employees in the US and UK and annual revenues exceeding $10 billion. However, it fell victim to a Ryuk attack at the end of September 2020 which forced the firm to pull the plug on key systems in the US.”

Title: DoJ Steps Up Investigation into NSO Group – Report
Date Published: March 2,  2021


Excerpt: “The US government appears to be stepping up its investigation into a controversial spyware developer currently locked in a legal battle with WhatsApp. Lawyers with the Department of Justice (DoJ) recently requested more technical information from the Facebook messaging business regarding its court case, a person with knowledge of the matter told The Guardian. WhatsApp took Israeli firm NSO Group to court in the US in 2019, alleging the latter was directly responsible for cyber-espionage attacks deploying Pegasus spyware on 1400 of its users.”

Title: Distributor of Asian Food Jfc International Hit by Ransomware
Date Published: March 2, 2021


Excerpt: “JFC International (Europe) was recently subject to a ransomware attack that briefly disrupted its IT systems. A full forensic investigation by inhouse specialists together with external cyber experts was immediately started and is underway. Normal conduct of business in Europe will be up and running after a brief interruption for security reasons.” reads a press release published by the company. At the time of this writing, it is not clear which is the family of ransomware involved in the attack and whether any information was stolen by the attackers.”

Title: European E-Ticketing Platform Ticketcounter Extorted in Data Breach
Date Published: March 2, 2021


Excerpt: “Ticketcounter is a Dutch e-Ticketing platform that allows clients, such as zoos, parks, museums, and events, to provide online tickets to their venue. It was believed at first to be removed out of concern for the watchful eyes of the Netherlands Police. However, the threat actor told BleepingComputer that they have no fear of law enforcement, and they removed it as the database was sold privately. From the samples of the database seen by BleepingComputer, the data exposed can include full names, email addresses, phone numbers, IP addresses, and hashed passwords.”

Title: Firewall Vendor Patches Critical Auth Bypass Flaw
Date Published: March 1, 2021


Excerpt: “Affected by the critical flaws is the GenuGate High Resistance Firewall, which Genua touts as a two-tier firewall that includes an application-level gateway and a packet filter for blocking malicious data. “An unauthenticated attacker is able to successfully login as arbitrary user in the admin web interface, the side channel interface and user web interface, even as root with highest privileges, by manipulating certain HTTP POST parameters during login,” according to security and application consultation company SEC Consult on Monday.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...