OSN MARCH 2, 2021

Fortify Security Team
Mar 2, 2021

Title: Multi-Payload Gootloader Platform Stealthily Delivers Malware and Ransomware
Date Published: March 2, 2021


Excerpt: “The delivery method for the six-year-old Gootkit financial malware has been developed into a complex and stealthy delivery system for a wide range of malware, including ransomware. Sophos researchers have named the platform Gootloader. It is actively delivering malicious payloads through tightly targeted operations in the US, Germany and South Korea. Previous campaigns also targeted internet users in France.”

Title: Alleged China-Linked apt41 Group Targets Indian Critical Infrastructures
Date Published: March 1, 2021


Excerpt: “The alleged China-linked APT group also targeted a high-voltage transmission substation and a coal-fired thermal power plant. Researchers identified 21 IP addresses associated with 10 distinct Indian organizations in the power generation and the transmission sector that were targeted as part of this campaign. Experts determined that two additional critical infrastructures targeted by the group were in the maritime industry. “The targeting of these critical power assets offer limited economic espionage opportunities, but pose significant concerns over potential pre-positioning of network access to support other Chinese strategic objectives,” conclude the expert”.”

Title: Passwords, Private Posts Exposed in Hack of Gab Social Network
Date Published: March 1,  2021


Excerpt: “The Gab release is just the latest leak from DDoSecrets, which appears to be ramping up its operations. DDoS secrets has also recently released data exfiltrated from around 120,000 Myanmar corporations in the wake of the military coup against the country’s government, and published a massive leak of law enforcement data, dubbed BlueLeaks, in June. DDoSecrets is poised to pick up right where WikiLeaks left off, according to a Wired report on the group from last summer. In 2018, they published emails between Russian leaders and oligarchs, and in 2019, they released hacked emails from a London financial firm known for money laundering.”

Title: Obliquerat Trojan Now Lurks in Images on Compromised Websites
Date Published: March 2, 2021


Excerpt: “When first discovered, the malware was described as a “simple” RAT with the typical, core functionality of a Trojan focused on data theft — such as the ability to exfiltrate files, connect to a command-and-control (C2) server, and the ability to terminate existing processes. The malware is also able to check for any clues indicating its target is sandboxed, a common practice for cybersecurity engineers to implement in reverse-engineering malware samples.”

Title: Malicious NPM Packages Target Amazon, Slack With New Dependency Attacks
Date Published: March 2, 2021


Excerpt: “This flaw works by attackers creating packages utilizing the same names as a company’s internal repositories or components. When hosted on public repositories, including npm, PyPI, and RubyGems, dependency managers would use the packages on the public repo rather than the company’s internal packages when building the application. This “dependency confusion” would allow an attacker to inject their own malicious code into an internal application in a supply-chain attack.”

Title: Universal Health Services Estimates $67 Million in Ransomware Losses
Date Published: March 2,  2021


Excerpt: “A ransomware attack on Universal Health Services (UHS) last autumn cost the company an estimated $67 million in downtime and related expenses, it has revealed. The Fortune 500 healthcare organization has tens of thousands of employees in the US and UK and annual revenues exceeding $10 billion. However, it fell victim to a Ryuk attack at the end of September 2020 which forced the firm to pull the plug on key systems in the US.”

Title: DoJ Steps Up Investigation into NSO Group – Report
Date Published: March 2,  2021


Excerpt: “The US government appears to be stepping up its investigation into a controversial spyware developer currently locked in a legal battle with WhatsApp. Lawyers with the Department of Justice (DoJ) recently requested more technical information from the Facebook messaging business regarding its court case, a person with knowledge of the matter told The Guardian. WhatsApp took Israeli firm NSO Group to court in the US in 2019, alleging the latter was directly responsible for cyber-espionage attacks deploying Pegasus spyware on 1400 of its users.”

Title: Distributor of Asian Food Jfc International Hit by Ransomware
Date Published: March 2, 2021


Excerpt: “JFC International (Europe) was recently subject to a ransomware attack that briefly disrupted its IT systems. A full forensic investigation by inhouse specialists together with external cyber experts was immediately started and is underway. Normal conduct of business in Europe will be up and running after a brief interruption for security reasons.” reads a press release published by the company. At the time of this writing, it is not clear which is the family of ransomware involved in the attack and whether any information was stolen by the attackers.”

Title: European E-Ticketing Platform Ticketcounter Extorted in Data Breach
Date Published: March 2, 2021


Excerpt: “Ticketcounter is a Dutch e-Ticketing platform that allows clients, such as zoos, parks, museums, and events, to provide online tickets to their venue. It was believed at first to be removed out of concern for the watchful eyes of the Netherlands Police. However, the threat actor told BleepingComputer that they have no fear of law enforcement, and they removed it as the database was sold privately. From the samples of the database seen by BleepingComputer, the data exposed can include full names, email addresses, phone numbers, IP addresses, and hashed passwords.”

Title: Firewall Vendor Patches Critical Auth Bypass Flaw
Date Published: March 1, 2021


Excerpt: “Affected by the critical flaws is the GenuGate High Resistance Firewall, which Genua touts as a two-tier firewall that includes an application-level gateway and a packet filter for blocking malicious data. “An unauthenticated attacker is able to successfully login as arbitrary user in the admin web interface, the side channel interface and user web interface, even as root with highest privileges, by manipulating certain HTTP POST parameters during login,” according to security and application consultation company SEC Consult on Monday.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...