OSN MARCH 22, 2021

Fortify Security Team
Mar 22, 2021

Title: What Does the Florida Water Supply Incident Mean for ICS Cybersecurity?
Date Published: March 22, 2021


Excerpt: “Unsophisticated attacks, like what appears to have taken place in Oldsmar [Florida], are easily prevented by following industry standards and best practices such as ISA/IEC 62443 or NIST 800–82,” Cusimano said via email, when asked for additional comments. “We always recommend starting with a vulnerability and risk assessment to understand the vulnerabilities that present the highest operational risk to the organization, and then follow that by preparing a mitigation plan that is prioritized by risk.”

Title: Microsoft Exchange Servers Now Targeted by Blackkingdom Ransomware
Date Published: March 22, 2021


Excerpt: “Another ransomware operation known as ‘BlackKingdom’ is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers. Over the weekend, security researcher Marcus Hutchins, aka MalwareTechBlog, tweeted that a threat actor was compromising Microsoft Exchange servers via the ProxyLogon vulnerabilities to deploy ransomware. Based on the logs from his honeypots, Hutchins states that the threat actor used the vulnerability to execute a PowerShell script that downloads the ransomware executable from ‘yuuuuu44[.]com’ and then pushes it out to other computers on the network.”

Title: Russian Hacker Pleads Guilty to Planting Malware in Tesla Gigafactory
Date Published: March 21, 2021


Excerpt: “The employee, whose name was not revealed reported the incident to the company as a result of which Kriuchkov was arrested by the FBI. It is worth noting that the employee who happened to be a non-US citizen worker at Tesla Gigafactory in Nevada, United States was offered $1 million in Bitcoin if they facilitated the attack. On the other hand, Kriuchkov also planned to carry out Distributed Denial of Service (DDoS) attack which would have diverted the company’s attention, paving way for the hacker to extract critical corporate data from the company and hold it for ransom.”

Title: The Texas Power Grid Failure is A Preview of A Much Bigger Problem
Date Published: March 22, 2021


Excerpt: “Cyber attacks on critical infrastructure by foreign powers as a means of control have happened in real life. On December 23rd, 2015 Russian state-sponsored hackers managed to compromise the security of three large energy distribution companies in Ukraine which led to blackouts for over 230,000 residents. This attack was a strategic move that took place as Russia continued its occupation of the Crimean peninsula in Ukraine. They gained access to the grid through a variety of methods including spear-phishing of employees that worked for the utility companies, the removal of files from servers and workstations at the power plant, and network access to SCADA systems that control the equipment responsible for generating and supplying energy to the grid.”

Title: DDoS Booters Now Abuse Dtls Servers to Amplify Attacks
Date Published: March 21, 2021


Excerpt: “According to reports that surfaced in December, a DDOS attack used DTLS to amplify traffic from vulnerable Citrix ADC devices that used DTLS configurations without a ‘HelloClientVerify’ anti-spoofing mechanism designed to block such abuse. DDoS attacks using DTLS can reach an amplification factor of 35 according to German DDoS protection vendor Link11 or an amplification ratio of 37.34:1 based on info from DDoS mitigation firm Netscout. Citrix released a fix to remove the amplification vector on affected NetScaler ADC devices in January, adding a ‘HelloVerifyRequest’ setting to remove the attack vector.”

Title: Hacking Group Used 11 Zero-Days to Attack Windows, IOS, Android Users
Date Published: March 20,  2021


Excerpt: “Project Zero, Google’s zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year. The Project Zero team revealed that the hacking group behind these attacks ran two separate campaigns, in February and October 2020. Just as before, the attackers used a couple of dozen websites hosting two exploit servers, each of them targeting iOS and Windows or Android users.”

Title: Revil Ransomware Gang Hacked Acer and Is Demanding a $50 Million Ransom
Date Published: March 20,  2021


Excerpt: “A REvil ransomware sample on malware analysis site Hatching Triage was discovered by TechTarget sister publication LeMagIT Friday, which contained a link to a REvil ransomware demand for $50 million in Monero (213,151 XMR as of publishing). Researchers at LegMagIT while investigating the security breach discovered a REvil ransomware sample employed in the attacks on Acer, it includes a link to a REvil ransomware demand for $50 million worth of Monero.”

Title: Firms Urged to Patch as Attackers Exploit Critical F5 Bugs
Date Published: March 22, 2021


Excerpt: “Security experts are urging F5 customers to patch a critical vulnerability in the vendor’s BIG-IP and BIG-IQ networking products after warning of mass exploitation attempts in the wild. CVE-2021-22986 is a flaw in the products’ REST-based iControl management interface which could allow for authentication bypass and remote code execution. With a CVSS rating of 9.8, it was patched on March 10 along with several other bugs that could be chained in attacks. These are: CVE-2021-22987, CVE-2021-22988, CVE-2021-22989 and CVE-2021-22990.”

Title: RCE Flaw in Apache Ofbiz Could Allow to Take Over the ERP System
Date Published: March 22, 2021


Excerpt: “The Apache Software Foundation addressed last week a high severity vulnerability in Apache OFBiz, tracked as CVE-2021-26295, that could have allowed a remote, unauthenticated attacker to take over the ERP system. Unsafe deserialization occurs when malformed data or unexpected data could be used to abuse application logic, deny service, or execute arbitrary code when deserialized. This category of issue could compromise the availability, authorization process, and bypass access control.”

Title: Popular Remote Lesson Monitoring Program Could Be Exploited to Attack Student PCs
Date Published: March 22, 2021


Excerpt: “According to McAfee’s Advanced Threat Research (ATR) team, Netop Vision Pro contained vulnerabilities that “could be exploited by a hacker to gain full control over students’ computers.” After setting up a virtual ‘classroom’ made up of four devices on a local network, the researchers realized that all network traffic was unencrypted and there was no option to enable encryption during configuration. In addition, students that began connecting to the classroom “would unknowingly begin sending screenshots to the teacher.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...