OSN MARCH 22, 2021

Fortify Security Team
Mar 22, 2021

Title: What Does the Florida Water Supply Incident Mean for ICS Cybersecurity?
Date Published: March 22, 2021


Excerpt: “Unsophisticated attacks, like what appears to have taken place in Oldsmar [Florida], are easily prevented by following industry standards and best practices such as ISA/IEC 62443 or NIST 800–82,” Cusimano said via email, when asked for additional comments. “We always recommend starting with a vulnerability and risk assessment to understand the vulnerabilities that present the highest operational risk to the organization, and then follow that by preparing a mitigation plan that is prioritized by risk.”

Title: Microsoft Exchange Servers Now Targeted by Blackkingdom Ransomware
Date Published: March 22, 2021


Excerpt: “Another ransomware operation known as ‘BlackKingdom’ is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers. Over the weekend, security researcher Marcus Hutchins, aka MalwareTechBlog, tweeted that a threat actor was compromising Microsoft Exchange servers via the ProxyLogon vulnerabilities to deploy ransomware. Based on the logs from his honeypots, Hutchins states that the threat actor used the vulnerability to execute a PowerShell script that downloads the ransomware executable from ‘yuuuuu44[.]com’ and then pushes it out to other computers on the network.”

Title: Russian Hacker Pleads Guilty to Planting Malware in Tesla Gigafactory
Date Published: March 21, 2021


Excerpt: “The employee, whose name was not revealed reported the incident to the company as a result of which Kriuchkov was arrested by the FBI. It is worth noting that the employee who happened to be a non-US citizen worker at Tesla Gigafactory in Nevada, United States was offered $1 million in Bitcoin if they facilitated the attack. On the other hand, Kriuchkov also planned to carry out Distributed Denial of Service (DDoS) attack which would have diverted the company’s attention, paving way for the hacker to extract critical corporate data from the company and hold it for ransom.”

Title: The Texas Power Grid Failure is A Preview of A Much Bigger Problem
Date Published: March 22, 2021


Excerpt: “Cyber attacks on critical infrastructure by foreign powers as a means of control have happened in real life. On December 23rd, 2015 Russian state-sponsored hackers managed to compromise the security of three large energy distribution companies in Ukraine which led to blackouts for over 230,000 residents. This attack was a strategic move that took place as Russia continued its occupation of the Crimean peninsula in Ukraine. They gained access to the grid through a variety of methods including spear-phishing of employees that worked for the utility companies, the removal of files from servers and workstations at the power plant, and network access to SCADA systems that control the equipment responsible for generating and supplying energy to the grid.”

Title: DDoS Booters Now Abuse Dtls Servers to Amplify Attacks
Date Published: March 21, 2021


Excerpt: “According to reports that surfaced in December, a DDOS attack used DTLS to amplify traffic from vulnerable Citrix ADC devices that used DTLS configurations without a ‘HelloClientVerify’ anti-spoofing mechanism designed to block such abuse. DDoS attacks using DTLS can reach an amplification factor of 35 according to German DDoS protection vendor Link11 or an amplification ratio of 37.34:1 based on info from DDoS mitigation firm Netscout. Citrix released a fix to remove the amplification vector on affected NetScaler ADC devices in January, adding a ‘HelloVerifyRequest’ setting to remove the attack vector.”

Title: Hacking Group Used 11 Zero-Days to Attack Windows, IOS, Android Users
Date Published: March 20,  2021


Excerpt: “Project Zero, Google’s zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year. The Project Zero team revealed that the hacking group behind these attacks ran two separate campaigns, in February and October 2020. Just as before, the attackers used a couple of dozen websites hosting two exploit servers, each of them targeting iOS and Windows or Android users.”

Title: Revil Ransomware Gang Hacked Acer and Is Demanding a $50 Million Ransom
Date Published: March 20,  2021


Excerpt: “A REvil ransomware sample on malware analysis site Hatching Triage was discovered by TechTarget sister publication LeMagIT Friday, which contained a link to a REvil ransomware demand for $50 million in Monero (213,151 XMR as of publishing). Researchers at LegMagIT while investigating the security breach discovered a REvil ransomware sample employed in the attacks on Acer, it includes a link to a REvil ransomware demand for $50 million worth of Monero.”

Title: Firms Urged to Patch as Attackers Exploit Critical F5 Bugs
Date Published: March 22, 2021


Excerpt: “Security experts are urging F5 customers to patch a critical vulnerability in the vendor’s BIG-IP and BIG-IQ networking products after warning of mass exploitation attempts in the wild. CVE-2021-22986 is a flaw in the products’ REST-based iControl management interface which could allow for authentication bypass and remote code execution. With a CVSS rating of 9.8, it was patched on March 10 along with several other bugs that could be chained in attacks. These are: CVE-2021-22987, CVE-2021-22988, CVE-2021-22989 and CVE-2021-22990.”

Title: RCE Flaw in Apache Ofbiz Could Allow to Take Over the ERP System
Date Published: March 22, 2021


Excerpt: “The Apache Software Foundation addressed last week a high severity vulnerability in Apache OFBiz, tracked as CVE-2021-26295, that could have allowed a remote, unauthenticated attacker to take over the ERP system. Unsafe deserialization occurs when malformed data or unexpected data could be used to abuse application logic, deny service, or execute arbitrary code when deserialized. This category of issue could compromise the availability, authorization process, and bypass access control.”

Title: Popular Remote Lesson Monitoring Program Could Be Exploited to Attack Student PCs
Date Published: March 22, 2021


Excerpt: “According to McAfee’s Advanced Threat Research (ATR) team, Netop Vision Pro contained vulnerabilities that “could be exploited by a hacker to gain full control over students’ computers.” After setting up a virtual ‘classroom’ made up of four devices on a local network, the researchers realized that all network traffic was unencrypted and there was no option to enable encryption during configuration. In addition, students that began connecting to the classroom “would unknowingly begin sending screenshots to the teacher.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...