OSN March 3, 2021

Fortify Security Team
Mar 3, 2021

Title: Microsoft Accuses China Over Email Cyber-Attacks
Date Published: March 3, 2021

https://www.bbc.com/news/business-56261516

Excerpt: “Microsoft’s Threat Intelligence Centre attributed the attacks with “high confidence” to Hafnium, a group assessed to be state-sponsored and operating out of China. It based its conclusion on “observed victimology, tactics and procedures”. Microsoft said Hafnium targets infectious disease researchers, law firms, higher education institutions and defence contractors.”

Title: URSnif Trojan Has Targeted Over 100 Italian Banks
Date Published: March 3, 2021

https://www.zdnet.com/article/ursnif-trojan-has-targeted-over-100-italian-banks/#ftag=RSSbaffb68

Excerpt: “The cybersecurity firm said on Tuesday that at least 100 banks have been targeted, based on information gathered by the researchers. In one case alone, an unnamed payment processor had over 1,700 sets of credentials stolen. Avast found usernames, passwords, credit card, banking, and payment information that appears to have been harvested by the malware.”

Title: Hackers Now Hiding Obliquerat Payload in Images to Evade Detection
Date Published: March 3,  2021

https://thehackernews.com/2021/03/hackers-now-hiding-obliquerat-payload.html

Excerpt: “New research released by Cisco Talos reveals a new malware campaign targeting organizations in South Asia that utilize malicious Microsoft Office documents forged with macros to spread a RAT that goes by the name of ObliqueRAT. First documented in February 2020, the malware has been linked to a threat actor tracked as Transparent Tribe (aka Operation C-Major, Mythic Leopard, or APT36), a highly prolific group allegedly of Pakistani origin known for its attacks against human rights activists in the country as well as military and government personnel in India.”

Title: Telemarketing Biz Exposes 114,000 in Cloud Config Error
Date Published: March 3, 2021

https://www.zdnet.com/article/obliquerat-trojan-now-hides-in-images-on-compromised-websites/

Excerpt: “According to its website, the firm counts lending marketplace Lendingtree, Liberty Mutual Insurance and smart security vendor Vivint among its customers. Rotem found 114,000 files left publicly accessible in the leaky bucket. Most of these were audio recordings of phone conversations between CallX clients and their customers, which were being tracked by the firm’s marketing software. An additional 2000 transcripts of text chats were also viewable.”

Title: Google Patches Actively Exploited Chrome Browser Zero-Day Vulnerability
Date Published: March 3, 2021

https://www.zdnet.com/article/google-patches-actively-exploited-chrome-browser-zero-day-vulnerability

Excerpt: “The vulnerability, tracked as CVE-2021-21166, was reported by Alison Huffman from the Microsoft Browser Vulnerability Research team on February 11 and is described as an “object lifecycle issue in audio.” Google has labeled the vulnerability as a “high” severity security flaw and has fixed the issue in the latest Chrome release. Alongside CVE-2021-21166, Huffman also recently reported another high-severity bug, CVE-2021-21165, another object lifestyle issue in audio problem, and CVE-2021-21163, an insufficient data validation issue in Reader Mode.”

Title: Data Breach: Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak
Date Published: March 3,  2021

https://securityaffairs.co/wordpress/115224/data-breach/ringostat-data-breach-phone-numbers.htm

Excerpt: “WizCase security team has found a major breach in phone-tracking service Ringostat ’s database. This leak left vulnerable phone numbers, call recordings, call logs, and more to potential attack. The leaked data numbers in the millions and was accessible to anyone who possessed the link. There was no need for a password or login credentials to access the information, and the data was not encrypted. The leak has since been secured.”

Title: Update Immediately: Microsoft Rushes Out Patches for Exchange Server Zero-Day Attacks
Date Published: March 3,  2021

https://www.zdnet.com/article/update-immediately-microsoft-rushes-out-patches-for-exchange-server-zero-day-attacks/#ftag=RSSbaffb68

Excerpt: “The attackers used the bugs in on-premise Exchange servers to access email accounts of users. The four bugs are being tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Washington DC-based security firm Volexity said in its analysis that the vulnerability CVE-2021-26855 was being used to steal the full contents of several user mailboxes. The bug didn’t require authentication and could be exploited remotely.”

Title: Ryuk Ransomware Develops Worm-Like Capabilities, France Warns
Date Published: March 3, 2021

https://www.cyberscoop.com/ryuk-ransomware-develops-worm-like-capabilities-anssi-france/

Excerpt: “With such worm-like self-replicating capabilities, Ryuk, one of the most prolific strains of ransomware in the world, can spread from machine to machine without any human interaction. The development presents only another challenge for security-minded researchers and law enforcement authorities already trying to grapple with the scourge of ransomware attacks pummeling international networks.”

Title: Cyber Analysts Find Links Between SunCrypt and QNAPCrypt Ransomware
Date Published: March 3, 2021

https://heimdalsecurity.com/blog/links-between-suncrypt-and-qnapcrypt-ransomware-found/

Excerpt: “First identified in July 2019, the QNAPCrypt has since been tracked by a Russian cybercriminal group called FullOfDeep. Meanwhile, in October 2019, SunCrypt appeared as the first Windows-based ransomware tool before being ported to the C / C ++ version in mid-2020. Besides stealing victims’ data and threatening disclosure before encrypting files, this group also launches distributed denial of service (DDoS) attacks, which force the victim to pay the ransom.”

Title: Now-Fixed Linux Kernel Vulnerabilities Enabled Local Privilege Escalation (Cve-2021-26708)
Date Published: March 3, 2021

https://www.helpnetsecurity.com/2021/03/03/cve-2021-26708/

Excerpt: “These vulnerabilities result from race conditions that were implicitly added with virtual socket multi-transport support. They appeared in Linux kernel version 5.5 in November 2019. The vulnerable kernel drivers (CONFIG_VSOCKETS and CONFIG_VIRTIO_VSOCKETS) are shipped as kernel modules in all major GNU/Linux distributions. The vulnerable modules are automatically loaded when an AF_VSOCK socket is created. This ability is available to unprivileged users.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...