OSN MARCH 24, 2021

Fortify Security Team
Mar 24, 2021

Title: 5G Network Slicing Vulnerability Leaves Enterprises Exposed to Cyberattacks

Date Published: March 23, 2021


Excerpt: “This flaw in the industry standards has the impact of creating an opportunity for an attacker to access data and launch denial of service attacks across multiple slices if they have access to the 5G Service Based Architecture. For example, a hacker comprising an edge network function connected to the operator’s service based architecture could exploit this flaw in the design of network slicing standards to have access to both the operator’s core network and the network slices for other enterprises.”

Title: CNA Was Hit by a Cyberattack and Its Operations Were Impacted

Date Published: March 24, 2021


Excerpt: “CNA Financial is a leading US-based insurance company, considered to be one of the sixth-largest commercial insurance companies in the USA, according to the Insurance Information Institute, providing a wide range of insurance products, including cyber insurance policies. The website started showing a message that stated they are “currently experiencing a network disruption that is impacting some of our systems. We are working to address these issues to minimize the disruption to you.”

Title: Sierra Wireless Halts Production After Ransomware Attack

Date Published: March 24, 2021


Excerpt: “A leading IoT manufacturer has been forced to halt production of devices after suffering a major ransomware attack. In a statement issued yesterday, Sierra Wireless claimed the attack struck over the weekend, on March 20. “The company’s website and other internal operations have also been disrupted by the attack. The company believes it will restart production at these facilities and resume normal operations soon.”

Title: A Day Before Elections, Hackers Leaked Details of Millions of Israeli Voters


Date Published: March 24, 2021

Excerpt: “The analysis of the source code of the app revealed the presence of a link to an API endpoint that used to authenticate the site’s administrators. The expert pointed out that the API doesn’t require any authentication to be used to query the application are receive the site’s administrators’s data in cleartext, including their passwords.”

Title: 92% of Worldwide Microsoft Exchange IPs Are Now Patched or Mitigated

Date Published: March 24, 2021


Excerpt: “We saw a total universe of nearly 400,000 Exchange servers on March 1. By March 9 there were a bit more than 100,000 servers still vulnerable.” reads the post published by Microsoft. “That number has been dropping steadily, with only about 82,000 left to be updated. We released one additional set of updates on March 11, and with this, we have released updates covering more than 95% of all versions exposed on the Internet.”

Title: Bank Loses Customers’ Social Security Numbers After Ransomware Attack


Date Published: March 24,  2021

Excerpt: “The Clop ransomware gang has been exploiting vulnerabilities in the Accellion FTA platform to steal hosted files from a wide array of organisations in recent months – with corporate victims including oil giant Shell, Qualys, NSW Transport Agency, aerospace firms, law firms, and advertising agencies. However, things became even more serious when it became apparent that the hackers were contacting the bank’s customers, informing them of the breach.”

Title: Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers

Date Published: March 23,  2021


Excerpt: “A total of 90,000 incidents have been spotted through the rest of 2020 and the beginning of 2021. The ongoing campaign makes use of a “novel spreading technique via indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes. First discovered in March 2018, Purple Fox is distributed in the form of malicious “.msi” payloads hosted on nearly 2,000 compromised Windows servers that, in turn, download and execute a component with rootkit capabilities, which enables the threat actors to hide the malware on the machine and make it easy to evade detection.”

Title: Ransomware gang leaks data stolen from Colorado, Miami Universities

Date Published: March 23, 2021


Excerpt: “This week, the Clop ransomware gang started publishing screenshots of files stolen from Accellion FTA servers used by the University of Miami and Colorado. The ransomware gang then contacted the organizations and demanded $10 million in bitcoin or they would publish the stolen data. While the full scope has not yet been determined, early information from the forensic investigation confirms that the vulnerability was exploited and multiple data types may have been accessed.”

Title: Hobby Lobby Exposes Customer Data in Cloud Misconfiguration

Date Published: March 23, 2021


Excerpt: “Boogeyman offered screenshots verifying the exposure of the data, which totaled 138GB and impacted around 300,000 customers. It was housed in an Amazon Web Services (AWS) cloud database that was misconfigured to be publicly accessible. The issue is now resolved, but it’s unclear if any malicious actors tapped the information before the database was secure. He added to mitigate the risk of a breach, organizations need to be sure they secure every aspect of their infrastructure from the individual endpoint all the way up to the cloud service itself.”

Title: Phish Leads to Breach at Calif. State Controller

Date Published: March 23, 2021


Excerpt: “The State Controller is the Chief Fiscal Officer of California, the sixth largest economy in the world: A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours. The intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...