OSN March 29, 2021

Fortify Security Team
Mar 29, 2021

Title: U.S. Charges Close To 500 Individuals For COVID-19 Fraud, Criminal Activity
Date Published: March 29, 2021


Excerpt: “Law enforcement worldwide has tried to clamp down on such activities and organizations including the World Health Organization (WHO) are constantly releasing advice on the latest scams.In an update published last week, the DoJ said that 474 defendants to date have been publicly charged “with criminal offenses based on fraud schemes connected to the COVID-19 pandemic.” The US agency says that these alleged criminals are responsible for trying to fraudulently obtain at least $569 million from consumers and the US government itself across 56 federal districts.”

Title: Billions of Records Have Been Hacked Already. Make Cybersecurity a Priority of Risk Disaster, Warns Analyst
Date Published: March 29, 2021


Excerpt: “More data records have been compromised in 2020 alone than in the past 15 years combined, in what is described as a mounting “data breach crisis” in the latest study from analysis firm Canalys. Over the past 12 months, 31 billion data records have been compromised, found Canalys. This is up 171% from the previous year, and constitutes well over half of the 55 billion data records that have been compromised in total since 2005.”

Title: Official PHP Git Server Targeted in Attempt to Bury Malware in Code Base
Date Published: March 29, 2021


Excerpt: “On Sunday, PHP programming language developer and maintainer Nikita Popov said that two malicious commits were added to the php-src repository in both his name and that of PHP creator Rasmus Lerdorf.  The malicious commits, which appeared to be signed off under the names of Popov and Lerdorf (1,2), were masked as simple typographical errors that needed to be resolved. However, instead of escaping detection by appearing so benign, contributors that took a closer look at the “Fix typo” commits noted malicious code that triggered arbitrary code within the user agent HTTP header if a string began with content related to Zerodium.”

Title: Hades Ransomware Linked to Hafnium and Exchange Attacks
Date Published: March 29, 2021


Excerpt: “The ransomware crew was responsible for attacks on trucking giant Forward Air and a handful of others. It has been linked to infamous Russian cybercrime operation Evil Corp (Indrik Spider), as a new variant of its WasterdLocker ransomware, designed to help the group escape sanctions that would discourage victims to pay up.”

Title: Call Center Provider Experiences Major Data Leak
Date Published: March 29, 2021


Excerpt: “The dataset was exposed for almost 24 hours and the database kept growing in real-time with thousands of calls per hour being added to the records. From the time when it was exposed till when it was secured again, the database logged 1.48 million robocalls altogether and the majority of the calls were outgoing but some call-backs were also logged. The database belonged to 200 Networks, LLC, a company based in Reno, Nevada. The security researchers informed the company of their findings and 200 Networks restricted public access shortly after.”

Title: New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems
Date Published: March 29,  2021


Excerpt: “Discovered by Piotr Krysiuk of Symantec’s Threat Hunter team, the flaws — tracked as CVE-2020-27170 and CVE-2020-27171 (CVSS scores: 5.5) — impact all Linux kernels prior to 5.11.8. Patches for the security issues were released on March 20, with Ubuntu, Debian, and Red Hat deploying fixes for the vulnerabilities in their respective Linux distributions.”

Title: Doxing in the Corporate Sector
Date Published: March 29,  2021


Excerpt: “The first and simplest step that can be taken by cybercriminals is to gather data from publicly accessible sources. The Internet can provide doxers with all kinds of helpful information, such as the names and positions of employees, including those who occupy key positions in the company. Such key positions include the CEO, HR department director, and chief accountant.”

Title: German MPs Hit by Russian-Backed Phishing Attacks
Date Published: March 29, 2021


Excerpt: “The phishing emails were spoofed to appear as if urgent messages sent by providers GMX and T-Online. The politicians belong to governing parties the CDU/CSU and SPD. Political activists in Hamburg and Bremen were also attacked, according to Der Spiegel. It’s unclear whether any sensitive information was leaked as a result of the attacks. The report claimed that the campaign has been attributed to a GRU-linked group known as “Ghostwriter”. Ghostwriter operations in the past have been mainly focused on creating and disseminating online propaganda designed to turn people, especially in eastern Europe and the Baltic, against the US and NATO.”

Title: Ziggy Ransomware Admin Announced It Will Refund Victims Who Paid the Ransom
Date Published: March 29, 2021


Excerpt: “Ziggy ransomware admin leaked a SQL file containing 922 decryption keys along with a decryptor. The ransomware admin also shared the source code for a different decryptor with BleepingComputer that includes offline decryption keys that could be used when the infected system is not connected to the Internet. In order to decrypt the files, the victims have to provide three decryption keys that are included in the SQL file. The ransomware gang released an offline decryption tool to decrypt infected files while not being connected to the Internet or the command and control server was unreachable.”

Recent Posts

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...

November 30, 2022

Title: China-Linked UNC4191 APT Relies on USB Devices in Attacks Against Entities in the Philippines Date Published: November 30, 2022 https://securityaffairs.co/wordpress/139097/apt/unc4191-used-usb-devices.html Excerpt: “An alleged China-linked cyberespionage group,...