OSN MARCH 31, 2021

Fortify Security Team
Mar 31, 2021

Title: Hacker Exploits Bugs In Original ‘Doom’ Code to Run ‘Snake’ Inside the Game
Date Published: March 31, 2021

https://www.bleepingcomputer.com/news/security/docker-hub-images-downloaded-20m-times-come-with-cryptominers/

Excerpt: “Kgsws published this inventive project on GitHub, meaning anyone can download and run it, provided they have a computer with the old operating system DOS or a DOS emulator. What’s more, the programmer also published techniques on how to exploit two other bugs that allow hackers and programmers to customize and modify Doom in several different ways.”

Title: Reflected XSS Vulnerability In “Ivory Search” WP Plugin Impact Over 60K sites
Date Published: March 30, 2021

https://securityaffairs.co/wordpress/116140/hacking/reflected-xss-ivory-search-wp-plugin.html

Excerpt: “On March 28, 2021, Astra Security Threat Intelligence Team responsibly disclosed a vulnerability in Ivory Search, a WordPress Search Plugin installed on over 60,000 sites. This security vulnerability could be exploited by an attacker to perform malicious actions on a victim’s website. Ivory Search – WordPress Search Plugin allows its users to create new custom search forms for their WordPress site/s.”

Title: Malware Attack Hits Multinational Conglomerate Honeywell
Date Published: March 30, 2021

https://heimdalsecurity.com/blog/malware-attack-hits-honeywell/

Excerpt: “Last Tuesday, aerospace and energy equipment manufacturer Honeywell, a Fortune 100 firm, declared they noticed a malware intrusion that disrupted a limited number of its information technology systems. The ongoing investigation into the Honeywell cyberattack shows there is no evidence that the hacker accomplished to withdraw data from systems that store customer information.”

Title: London-Based Academies Harris Federation Hit by Ransomware Attack
Date Published: March 29, 2021

https://securityaffairs.co/wordpress/116101/malware/harris-federation-hit-ransomware.html

Excerpt: “Harris Federation is investigating the incident with the support of the National Crime Agency, the National Cyber Security Centre, and experts from a cybersecurity firm. The nonprofit organization declared that at least another three multi-academy trust to have been targeted in March. All Harris Federation’s schools will finish the current term on Wednesday 31st March except for ten academies that will finish on April 1st.”

Title: Hades Ransomware Gang Exhibits Connections to Hafnium
Date Published: March 29, 2021

https://threatpost.com/hades-ransomware-connections-hafnium/165069/

Excerpt: “The Hades ransomware gang has several unique characteristics that set it apart from the rest of the pack, according to researchers – including potentially having more than extortion on the to-do list. The group appears to use multiple nation-state tools and techniques..”

Title: Google Chrome for Linux Is Getting DNS-Over-HTTPS, but There’s a Catch
Date Published: March 29, 2021

https://www.bleepingcomputer.com/news/security/google-chrome-for-linux-is-getting-dns-over-https-but-theres-a-catch/

Excerpt: “Chrome has never supported DoH on Linux because that would require Chrome’s built-in DNS client, which itself is currently disabled on Linux,” reads the design document for this upcoming feature. Chrome has always delegated host resolution on Linux to the operating system’s DNS resolver, except with non-standard policy settings. Furthermore, the web browser’s built-in DNS client had been left disabled on Linux implementation for years because Chrome did not honor advanced Linux DNS configuration via the Linux Name Configuration Switch file (nsswitch.conf), explains Chromium developer Eric Orth in the document.”

Title: Pair of Apex Legends Players Banned for DDoS Server Attacks
Date Published: March 30,  2021

https://threatpost.com/apex-legends-players-banned-ddos-server-attacks/165085/

Excerpt: “Two high-ranked Apex Legends players have been banned from the platform for cheating by launching distributed denial-of-service (DDoS) attacks on an Xbox server. The players, who had achieved the rank of “Apex Predators” in the console version of the game haven’t been named, but the whole thing went down publicly on Reddit’s r/apexlegends forum over the weekend.”

Title: Younger Ransomware Victims More Likely to Pay Up
Date Published: March 30,  2021

https://www.infosecurity-magazine.com:443/news/younger-ransomware-victims-more/

Excerpt: “New research has found that the age of a ransomware victim may affect their willingness to pay for the recovery of their data. A study by cybersecurity company Kaspersky found that while 65% of victims aged between 35 and 44 paid their attackers for a decryption key, only 11% of victims aged 55 and over, and 52% of victims aged 16 to 24, gave in to ransom demands.”

Title: Weakness in EDR Tools Lets Attackers Push Malware Past Them
Date Published: March 31, 2021

https://www.darkreading.com/vulnerabilities—threats/weakness-in-edr-tools-lets-attackers-push-malware-past-them/d/d-id/1340555

Excerpt: “A technique called hooking used by most endpoint detection and response products to monitor running processes can be abused, new research shows. A fundamental weakness in the way almost all endpoint detection and response (EDR) systems work gives attackers an opening to sneak malware past them.”

Title: Hackers Are Implanting Multiple Backdoors at Industrial Targets in Japan
Date Published: March 31, 2021

https://thehackernews.com/2021/03/hackers-are-implanting-multiple.html

Excerpt: “Center to the campaign is a malware called Ecipekac (“Cake piece” in reverse, but with a typo) that traverses a four-layer “complicated loading schema” by making use of four files to “load and decrypt four fileless loader modules one after the other to eventually load the final payload in memory.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...