OSN March 3, 2021

Fortify Security Team
Mar 3, 2021

Title: Microsoft Accuses China Over Email Cyber-Attacks
Date Published: March 3, 2021


Excerpt: “Microsoft’s Threat Intelligence Centre attributed the attacks with “high confidence” to Hafnium, a group assessed to be state-sponsored and operating out of China. It based its conclusion on “observed victimology, tactics and procedures”. Microsoft said Hafnium targets infectious disease researchers, law firms, higher education institutions and defence contractors.”

Title: URSnif Trojan Has Targeted Over 100 Italian Banks
Date Published: March 3, 2021


Excerpt: “The cybersecurity firm said on Tuesday that at least 100 banks have been targeted, based on information gathered by the researchers. In one case alone, an unnamed payment processor had over 1,700 sets of credentials stolen. Avast found usernames, passwords, credit card, banking, and payment information that appears to have been harvested by the malware.”

Title: Hackers Now Hiding Obliquerat Payload in Images to Evade Detection
Date Published: March 3,  2021


Excerpt: “New research released by Cisco Talos reveals a new malware campaign targeting organizations in South Asia that utilize malicious Microsoft Office documents forged with macros to spread a RAT that goes by the name of ObliqueRAT. First documented in February 2020, the malware has been linked to a threat actor tracked as Transparent Tribe (aka Operation C-Major, Mythic Leopard, or APT36), a highly prolific group allegedly of Pakistani origin known for its attacks against human rights activists in the country as well as military and government personnel in India.”

Title: Telemarketing Biz Exposes 114,000 in Cloud Config Error
Date Published: March 3, 2021


Excerpt: “According to its website, the firm counts lending marketplace Lendingtree, Liberty Mutual Insurance and smart security vendor Vivint among its customers. Rotem found 114,000 files left publicly accessible in the leaky bucket. Most of these were audio recordings of phone conversations between CallX clients and their customers, which were being tracked by the firm’s marketing software. An additional 2000 transcripts of text chats were also viewable.”

Title: Google Patches Actively Exploited Chrome Browser Zero-Day Vulnerability
Date Published: March 3, 2021


Excerpt: “The vulnerability, tracked as CVE-2021-21166, was reported by Alison Huffman from the Microsoft Browser Vulnerability Research team on February 11 and is described as an “object lifecycle issue in audio.” Google has labeled the vulnerability as a “high” severity security flaw and has fixed the issue in the latest Chrome release. Alongside CVE-2021-21166, Huffman also recently reported another high-severity bug, CVE-2021-21165, another object lifestyle issue in audio problem, and CVE-2021-21163, an insufficient data validation issue in Reader Mode.”

Title: Data Breach: Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak
Date Published: March 3,  2021


Excerpt: “WizCase security team has found a major breach in phone-tracking service Ringostat ’s database. This leak left vulnerable phone numbers, call recordings, call logs, and more to potential attack. The leaked data numbers in the millions and was accessible to anyone who possessed the link. There was no need for a password or login credentials to access the information, and the data was not encrypted. The leak has since been secured.”

Title: Update Immediately: Microsoft Rushes Out Patches for Exchange Server Zero-Day Attacks
Date Published: March 3,  2021


Excerpt: “The attackers used the bugs in on-premise Exchange servers to access email accounts of users. The four bugs are being tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Washington DC-based security firm Volexity said in its analysis that the vulnerability CVE-2021-26855 was being used to steal the full contents of several user mailboxes. The bug didn’t require authentication and could be exploited remotely.”

Title: Ryuk Ransomware Develops Worm-Like Capabilities, France Warns
Date Published: March 3, 2021


Excerpt: “With such worm-like self-replicating capabilities, Ryuk, one of the most prolific strains of ransomware in the world, can spread from machine to machine without any human interaction. The development presents only another challenge for security-minded researchers and law enforcement authorities already trying to grapple with the scourge of ransomware attacks pummeling international networks.”

Title: Cyber Analysts Find Links Between SunCrypt and QNAPCrypt Ransomware
Date Published: March 3, 2021


Excerpt: “First identified in July 2019, the QNAPCrypt has since been tracked by a Russian cybercriminal group called FullOfDeep. Meanwhile, in October 2019, SunCrypt appeared as the first Windows-based ransomware tool before being ported to the C / C ++ version in mid-2020. Besides stealing victims’ data and threatening disclosure before encrypting files, this group also launches distributed denial of service (DDoS) attacks, which force the victim to pay the ransom.”

Title: Now-Fixed Linux Kernel Vulnerabilities Enabled Local Privilege Escalation (Cve-2021-26708)
Date Published: March 3, 2021


Excerpt: “These vulnerabilities result from race conditions that were implicitly added with virtual socket multi-transport support. They appeared in Linux kernel version 5.5 in November 2019. The vulnerable kernel drivers (CONFIG_VSOCKETS and CONFIG_VIRTIO_VSOCKETS) are shipped as kernel modules in all major GNU/Linux distributions. The vulnerable modules are automatically loaded when an AF_VSOCK socket is created. This ability is available to unprivileged users.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...