OSN MARCH 24, 2021

Fortify Security Team
Mar 24, 2021

Title: 5G Network Slicing Vulnerability Leaves Enterprises Exposed to Cyberattacks

Date Published: March 23, 2021


Excerpt: “This flaw in the industry standards has the impact of creating an opportunity for an attacker to access data and launch denial of service attacks across multiple slices if they have access to the 5G Service Based Architecture. For example, a hacker comprising an edge network function connected to the operator’s service based architecture could exploit this flaw in the design of network slicing standards to have access to both the operator’s core network and the network slices for other enterprises.”

Title: CNA Was Hit by a Cyberattack and Its Operations Were Impacted

Date Published: March 24, 2021


Excerpt: “CNA Financial is a leading US-based insurance company, considered to be one of the sixth-largest commercial insurance companies in the USA, according to the Insurance Information Institute, providing a wide range of insurance products, including cyber insurance policies. The website started showing a message that stated they are “currently experiencing a network disruption that is impacting some of our systems. We are working to address these issues to minimize the disruption to you.”

Title: Sierra Wireless Halts Production After Ransomware Attack

Date Published: March 24, 2021


Excerpt: “A leading IoT manufacturer has been forced to halt production of devices after suffering a major ransomware attack. In a statement issued yesterday, Sierra Wireless claimed the attack struck over the weekend, on March 20. “The company’s website and other internal operations have also been disrupted by the attack. The company believes it will restart production at these facilities and resume normal operations soon.”

Title: A Day Before Elections, Hackers Leaked Details of Millions of Israeli Voters


Date Published: March 24, 2021

Excerpt: “The analysis of the source code of the app revealed the presence of a link to an API endpoint that used to authenticate the site’s administrators. The expert pointed out that the API doesn’t require any authentication to be used to query the application are receive the site’s administrators’s data in cleartext, including their passwords.”

Title: 92% of Worldwide Microsoft Exchange IPs Are Now Patched or Mitigated

Date Published: March 24, 2021


Excerpt: “We saw a total universe of nearly 400,000 Exchange servers on March 1. By March 9 there were a bit more than 100,000 servers still vulnerable.” reads the post published by Microsoft. “That number has been dropping steadily, with only about 82,000 left to be updated. We released one additional set of updates on March 11, and with this, we have released updates covering more than 95% of all versions exposed on the Internet.”

Title: Bank Loses Customers’ Social Security Numbers After Ransomware Attack


Date Published: March 24,  2021

Excerpt: “The Clop ransomware gang has been exploiting vulnerabilities in the Accellion FTA platform to steal hosted files from a wide array of organisations in recent months – with corporate victims including oil giant Shell, Qualys, NSW Transport Agency, aerospace firms, law firms, and advertising agencies. However, things became even more serious when it became apparent that the hackers were contacting the bank’s customers, informing them of the breach.”

Title: Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers

Date Published: March 23,  2021


Excerpt: “A total of 90,000 incidents have been spotted through the rest of 2020 and the beginning of 2021. The ongoing campaign makes use of a “novel spreading technique via indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes. First discovered in March 2018, Purple Fox is distributed in the form of malicious “.msi” payloads hosted on nearly 2,000 compromised Windows servers that, in turn, download and execute a component with rootkit capabilities, which enables the threat actors to hide the malware on the machine and make it easy to evade detection.”

Title: Ransomware gang leaks data stolen from Colorado, Miami Universities

Date Published: March 23, 2021


Excerpt: “This week, the Clop ransomware gang started publishing screenshots of files stolen from Accellion FTA servers used by the University of Miami and Colorado. The ransomware gang then contacted the organizations and demanded $10 million in bitcoin or they would publish the stolen data. While the full scope has not yet been determined, early information from the forensic investigation confirms that the vulnerability was exploited and multiple data types may have been accessed.”

Title: Hobby Lobby Exposes Customer Data in Cloud Misconfiguration

Date Published: March 23, 2021


Excerpt: “Boogeyman offered screenshots verifying the exposure of the data, which totaled 138GB and impacted around 300,000 customers. It was housed in an Amazon Web Services (AWS) cloud database that was misconfigured to be publicly accessible. The issue is now resolved, but it’s unclear if any malicious actors tapped the information before the database was secure. He added to mitigate the risk of a breach, organizations need to be sure they secure every aspect of their infrastructure from the individual endpoint all the way up to the cloud service itself.”

Title: Phish Leads to Breach at Calif. State Controller

Date Published: March 23, 2021


Excerpt: “The State Controller is the Chief Fiscal Officer of California, the sixth largest economy in the world: A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours. The intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...