OSN MARCH 2, 2021

Fortify Security Team
Mar 2, 2021

Title: Multi-Payload Gootloader Platform Stealthily Delivers Malware and Ransomware
Date Published: March 2, 2021


Excerpt: “The delivery method for the six-year-old Gootkit financial malware has been developed into a complex and stealthy delivery system for a wide range of malware, including ransomware. Sophos researchers have named the platform Gootloader. It is actively delivering malicious payloads through tightly targeted operations in the US, Germany and South Korea. Previous campaigns also targeted internet users in France.”

Title: Alleged China-Linked apt41 Group Targets Indian Critical Infrastructures
Date Published: March 1, 2021


Excerpt: “The alleged China-linked APT group also targeted a high-voltage transmission substation and a coal-fired thermal power plant. Researchers identified 21 IP addresses associated with 10 distinct Indian organizations in the power generation and the transmission sector that were targeted as part of this campaign. Experts determined that two additional critical infrastructures targeted by the group were in the maritime industry. “The targeting of these critical power assets offer limited economic espionage opportunities, but pose significant concerns over potential pre-positioning of network access to support other Chinese strategic objectives,” conclude the expert”.”

Title: Passwords, Private Posts Exposed in Hack of Gab Social Network
Date Published: March 1,  2021


Excerpt: “The Gab release is just the latest leak from DDoSecrets, which appears to be ramping up its operations. DDoS secrets has also recently released data exfiltrated from around 120,000 Myanmar corporations in the wake of the military coup against the country’s government, and published a massive leak of law enforcement data, dubbed BlueLeaks, in June. DDoSecrets is poised to pick up right where WikiLeaks left off, according to a Wired report on the group from last summer. In 2018, they published emails between Russian leaders and oligarchs, and in 2019, they released hacked emails from a London financial firm known for money laundering.”

Title: Obliquerat Trojan Now Lurks in Images on Compromised Websites
Date Published: March 2, 2021


Excerpt: “When first discovered, the malware was described as a “simple” RAT with the typical, core functionality of a Trojan focused on data theft — such as the ability to exfiltrate files, connect to a command-and-control (C2) server, and the ability to terminate existing processes. The malware is also able to check for any clues indicating its target is sandboxed, a common practice for cybersecurity engineers to implement in reverse-engineering malware samples.”

Title: Malicious NPM Packages Target Amazon, Slack With New Dependency Attacks
Date Published: March 2, 2021


Excerpt: “This flaw works by attackers creating packages utilizing the same names as a company’s internal repositories or components. When hosted on public repositories, including npm, PyPI, and RubyGems, dependency managers would use the packages on the public repo rather than the company’s internal packages when building the application. This “dependency confusion” would allow an attacker to inject their own malicious code into an internal application in a supply-chain attack.”

Title: Universal Health Services Estimates $67 Million in Ransomware Losses
Date Published: March 2,  2021


Excerpt: “A ransomware attack on Universal Health Services (UHS) last autumn cost the company an estimated $67 million in downtime and related expenses, it has revealed. The Fortune 500 healthcare organization has tens of thousands of employees in the US and UK and annual revenues exceeding $10 billion. However, it fell victim to a Ryuk attack at the end of September 2020 which forced the firm to pull the plug on key systems in the US.”

Title: DoJ Steps Up Investigation into NSO Group – Report
Date Published: March 2,  2021


Excerpt: “The US government appears to be stepping up its investigation into a controversial spyware developer currently locked in a legal battle with WhatsApp. Lawyers with the Department of Justice (DoJ) recently requested more technical information from the Facebook messaging business regarding its court case, a person with knowledge of the matter told The Guardian. WhatsApp took Israeli firm NSO Group to court in the US in 2019, alleging the latter was directly responsible for cyber-espionage attacks deploying Pegasus spyware on 1400 of its users.”

Title: Distributor of Asian Food Jfc International Hit by Ransomware
Date Published: March 2, 2021


Excerpt: “JFC International (Europe) was recently subject to a ransomware attack that briefly disrupted its IT systems. A full forensic investigation by inhouse specialists together with external cyber experts was immediately started and is underway. Normal conduct of business in Europe will be up and running after a brief interruption for security reasons.” reads a press release published by the company. At the time of this writing, it is not clear which is the family of ransomware involved in the attack and whether any information was stolen by the attackers.”

Title: European E-Ticketing Platform Ticketcounter Extorted in Data Breach
Date Published: March 2, 2021


Excerpt: “Ticketcounter is a Dutch e-Ticketing platform that allows clients, such as zoos, parks, museums, and events, to provide online tickets to their venue. It was believed at first to be removed out of concern for the watchful eyes of the Netherlands Police. However, the threat actor told BleepingComputer that they have no fear of law enforcement, and they removed it as the database was sold privately. From the samples of the database seen by BleepingComputer, the data exposed can include full names, email addresses, phone numbers, IP addresses, and hashed passwords.”

Title: Firewall Vendor Patches Critical Auth Bypass Flaw
Date Published: March 1, 2021


Excerpt: “Affected by the critical flaws is the GenuGate High Resistance Firewall, which Genua touts as a two-tier firewall that includes an application-level gateway and a packet filter for blocking malicious data. “An unauthenticated attacker is able to successfully login as arbitrary user in the admin web interface, the side channel interface and user web interface, even as root with highest privileges, by manipulating certain HTTP POST parameters during login,” according to security and application consultation company SEC Consult on Monday.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...