OSN MARCH 24, 2021

Fortify Security Team
Mar 24, 2021

Title: 5G Network Slicing Vulnerability Leaves Enterprises Exposed to Cyberattacks

Date Published: March 23, 2021


Excerpt: “This flaw in the industry standards has the impact of creating an opportunity for an attacker to access data and launch denial of service attacks across multiple slices if they have access to the 5G Service Based Architecture. For example, a hacker comprising an edge network function connected to the operator’s service based architecture could exploit this flaw in the design of network slicing standards to have access to both the operator’s core network and the network slices for other enterprises.”

Title: CNA Was Hit by a Cyberattack and Its Operations Were Impacted

Date Published: March 24, 2021


Excerpt: “CNA Financial is a leading US-based insurance company, considered to be one of the sixth-largest commercial insurance companies in the USA, according to the Insurance Information Institute, providing a wide range of insurance products, including cyber insurance policies. The website started showing a message that stated they are “currently experiencing a network disruption that is impacting some of our systems. We are working to address these issues to minimize the disruption to you.”

Title: Sierra Wireless Halts Production After Ransomware Attack

Date Published: March 24, 2021


Excerpt: “A leading IoT manufacturer has been forced to halt production of devices after suffering a major ransomware attack. In a statement issued yesterday, Sierra Wireless claimed the attack struck over the weekend, on March 20. “The company’s website and other internal operations have also been disrupted by the attack. The company believes it will restart production at these facilities and resume normal operations soon.”

Title: A Day Before Elections, Hackers Leaked Details of Millions of Israeli Voters


Date Published: March 24, 2021

Excerpt: “The analysis of the source code of the app revealed the presence of a link to an API endpoint that used to authenticate the site’s administrators. The expert pointed out that the API doesn’t require any authentication to be used to query the application are receive the site’s administrators’s data in cleartext, including their passwords.”

Title: 92% of Worldwide Microsoft Exchange IPs Are Now Patched or Mitigated

Date Published: March 24, 2021


Excerpt: “We saw a total universe of nearly 400,000 Exchange servers on March 1. By March 9 there were a bit more than 100,000 servers still vulnerable.” reads the post published by Microsoft. “That number has been dropping steadily, with only about 82,000 left to be updated. We released one additional set of updates on March 11, and with this, we have released updates covering more than 95% of all versions exposed on the Internet.”

Title: Bank Loses Customers’ Social Security Numbers After Ransomware Attack


Date Published: March 24,  2021

Excerpt: “The Clop ransomware gang has been exploiting vulnerabilities in the Accellion FTA platform to steal hosted files from a wide array of organisations in recent months – with corporate victims including oil giant Shell, Qualys, NSW Transport Agency, aerospace firms, law firms, and advertising agencies. However, things became even more serious when it became apparent that the hackers were contacting the bank’s customers, informing them of the breach.”

Title: Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers

Date Published: March 23,  2021


Excerpt: “A total of 90,000 incidents have been spotted through the rest of 2020 and the beginning of 2021. The ongoing campaign makes use of a “novel spreading technique via indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes. First discovered in March 2018, Purple Fox is distributed in the form of malicious “.msi” payloads hosted on nearly 2,000 compromised Windows servers that, in turn, download and execute a component with rootkit capabilities, which enables the threat actors to hide the malware on the machine and make it easy to evade detection.”

Title: Ransomware gang leaks data stolen from Colorado, Miami Universities

Date Published: March 23, 2021


Excerpt: “This week, the Clop ransomware gang started publishing screenshots of files stolen from Accellion FTA servers used by the University of Miami and Colorado. The ransomware gang then contacted the organizations and demanded $10 million in bitcoin or they would publish the stolen data. While the full scope has not yet been determined, early information from the forensic investigation confirms that the vulnerability was exploited and multiple data types may have been accessed.”

Title: Hobby Lobby Exposes Customer Data in Cloud Misconfiguration

Date Published: March 23, 2021


Excerpt: “Boogeyman offered screenshots verifying the exposure of the data, which totaled 138GB and impacted around 300,000 customers. It was housed in an Amazon Web Services (AWS) cloud database that was misconfigured to be publicly accessible. The issue is now resolved, but it’s unclear if any malicious actors tapped the information before the database was secure. He added to mitigate the risk of a breach, organizations need to be sure they secure every aspect of their infrastructure from the individual endpoint all the way up to the cloud service itself.”

Title: Phish Leads to Breach at Calif. State Controller

Date Published: March 23, 2021


Excerpt: “The State Controller is the Chief Fiscal Officer of California, the sixth largest economy in the world: A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours. The intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...