OSN March 29, 2021

Fortify Security Team
Mar 29, 2021

Title: U.S. Charges Close To 500 Individuals For COVID-19 Fraud, Criminal Activity
Date Published: March 29, 2021


Excerpt: “Law enforcement worldwide has tried to clamp down on such activities and organizations including the World Health Organization (WHO) are constantly releasing advice on the latest scams.In an update published last week, the DoJ said that 474 defendants to date have been publicly charged “with criminal offenses based on fraud schemes connected to the COVID-19 pandemic.” The US agency says that these alleged criminals are responsible for trying to fraudulently obtain at least $569 million from consumers and the US government itself across 56 federal districts.”

Title: Billions of Records Have Been Hacked Already. Make Cybersecurity a Priority of Risk Disaster, Warns Analyst
Date Published: March 29, 2021


Excerpt: “More data records have been compromised in 2020 alone than in the past 15 years combined, in what is described as a mounting “data breach crisis” in the latest study from analysis firm Canalys. Over the past 12 months, 31 billion data records have been compromised, found Canalys. This is up 171% from the previous year, and constitutes well over half of the 55 billion data records that have been compromised in total since 2005.”

Title: Official PHP Git Server Targeted in Attempt to Bury Malware in Code Base
Date Published: March 29, 2021


Excerpt: “On Sunday, PHP programming language developer and maintainer Nikita Popov said that two malicious commits were added to the php-src repository in both his name and that of PHP creator Rasmus Lerdorf.  The malicious commits, which appeared to be signed off under the names of Popov and Lerdorf (1,2), were masked as simple typographical errors that needed to be resolved. However, instead of escaping detection by appearing so benign, contributors that took a closer look at the “Fix typo” commits noted malicious code that triggered arbitrary code within the user agent HTTP header if a string began with content related to Zerodium.”

Title: Hades Ransomware Linked to Hafnium and Exchange Attacks
Date Published: March 29, 2021


Excerpt: “The ransomware crew was responsible for attacks on trucking giant Forward Air and a handful of others. It has been linked to infamous Russian cybercrime operation Evil Corp (Indrik Spider), as a new variant of its WasterdLocker ransomware, designed to help the group escape sanctions that would discourage victims to pay up.”

Title: Call Center Provider Experiences Major Data Leak
Date Published: March 29, 2021


Excerpt: “The dataset was exposed for almost 24 hours and the database kept growing in real-time with thousands of calls per hour being added to the records. From the time when it was exposed till when it was secured again, the database logged 1.48 million robocalls altogether and the majority of the calls were outgoing but some call-backs were also logged. The database belonged to 200 Networks, LLC, a company based in Reno, Nevada. The security researchers informed the company of their findings and 200 Networks restricted public access shortly after.”

Title: New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems
Date Published: March 29,  2021


Excerpt: “Discovered by Piotr Krysiuk of Symantec’s Threat Hunter team, the flaws — tracked as CVE-2020-27170 and CVE-2020-27171 (CVSS scores: 5.5) — impact all Linux kernels prior to 5.11.8. Patches for the security issues were released on March 20, with Ubuntu, Debian, and Red Hat deploying fixes for the vulnerabilities in their respective Linux distributions.”

Title: Doxing in the Corporate Sector
Date Published: March 29,  2021


Excerpt: “The first and simplest step that can be taken by cybercriminals is to gather data from publicly accessible sources. The Internet can provide doxers with all kinds of helpful information, such as the names and positions of employees, including those who occupy key positions in the company. Such key positions include the CEO, HR department director, and chief accountant.”

Title: German MPs Hit by Russian-Backed Phishing Attacks
Date Published: March 29, 2021


Excerpt: “The phishing emails were spoofed to appear as if urgent messages sent by providers GMX and T-Online. The politicians belong to governing parties the CDU/CSU and SPD. Political activists in Hamburg and Bremen were also attacked, according to Der Spiegel. It’s unclear whether any sensitive information was leaked as a result of the attacks. The report claimed that the campaign has been attributed to a GRU-linked group known as “Ghostwriter”. Ghostwriter operations in the past have been mainly focused on creating and disseminating online propaganda designed to turn people, especially in eastern Europe and the Baltic, against the US and NATO.”

Title: Ziggy Ransomware Admin Announced It Will Refund Victims Who Paid the Ransom
Date Published: March 29, 2021


Excerpt: “Ziggy ransomware admin leaked a SQL file containing 922 decryption keys along with a decryptor. The ransomware admin also shared the source code for a different decryptor with BleepingComputer that includes offline decryption keys that could be used when the infected system is not connected to the Internet. In order to decrypt the files, the victims have to provide three decryption keys that are included in the SQL file. The ransomware gang released an offline decryption tool to decrypt infected files while not being connected to the Internet or the command and control server was unreachable.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...