OSN APRIL 1, 2021

Fortify Security Team
Apr 1, 2021

Title: North Korean Hackers Expand Targeting of Security Community

Date Published: April 1, 2021

https://www.infosecurity-magazine.com:443/news/north-korean-hackers-target/

Excerpt: “The new website claims the company is an offensive security company located in Turkey that offers pen-tests, software security assessments and exploits. Like previous websites we’ve seen set up by this actor, this website has a link to their PGP public key at the bottom of the page,” explained TAG’s Adam Weidemann. Alongside the website, the North Korean group has created some more fake social media profiles related to both security researchers and non-existent recruiters for AV companies. One is misspelled “Trend Macro” rather than the legitimate firm Trend Micro.”

Title: Report: USB Threats to ICS Systems Have Nearly Doubled

Date Published: April 1, 2021

https://www.tripwire.com/state-of-security/ics-security/report-usb-threats-to-ics-systems-have-nearly-doubled/

Excerpt: “Overall, we are witnessing an increase in attacks targeting Operational Technology (OT). But, at the same time, we can see an increased awareness of the consequences of such attacks due to broad news coverage of Industroyer, TRITON, Havex, Ekans, USBCulprit, and more. USB devices continue to play an important role in these types of targeted attacks, since they are the second most prevalent attack vector into industrial control and automation systems behind network-based threats.”

Title: 22-Year-Old Charged With Hacking Water System and Endangering Lives

Date Published: April 1, 2021

https://thehackernews.com/2021/04/22-year-old-charged-with-hacking-water.html

Excerpt: “The indictment doesn’t specify if the attack was successful and how it was detected. If found guilty, Travnichek faces up to 25 years in federal prison and a total fine of $500,000. The development comes months after unidentified actors staged an intrusion at a water treatment facility in the state of Florida and changed a setting that drastically altered the levels of sodium hydroxide (NaOH) in the water.”

Title: US CISA warns of DoS flaws in Citrix Hypervisor

https://securityaffairs.co/wordpress/116190/security/citrix-hypervisor-dos-flaws.html

Date Published: April 1, 2021

Excerpt: “Citrix Hypervisor (XenServer) is a high-performance hypervisor optimized for virtual app and desktop workloads and based on the Xen Project hypervisor. “Citrix has released security updates to address vulnerabilities in Hypervisor (formerly XenServer). An attacker could exploit some of these vulnerabilities to cause a denial-of-service condition.”

Title: Ubiquiti Cyberattack May Be Far Worse Than Originally Disclosed

Date Published: April 1, 2021

https://www.bleepingcomputer.com/news/security/ubiquiti-cyberattack-may-be-far-worse-than-originally-disclosed/

Excerpt: “The data breach report from Ubiquiti in January is allegedly a cover-up of a massive incident that put at risk customer data and devices deployed on corporate and home networks. In the short communication, the company said that an attacker had accessed some of its IT systems hosted by a third party cloud provider and that it found no indication of unauthorized activity impacting user accounts.”

Title: 800gbps DDoS Extortion Attack Hits Gambling Company

Date Published: March 31, 2021

https://www.bleepingcomputer.com/news/security/google-chrome-for-linux-is-getting-dns-over-https-but-theres-a-catch/

Excerpt: “According to Akamai, the perpetrators used a new DDoS attack vector: a networking protocol known as the Datagram Congestion Control Protocol (DCCP) or protocol 33. Leveraging DCCP for DDoS leads to a volumetric attack and can bypass the defenses set up for the TCP and UDP traffic flows that are more commonly seen during these incidents.”

Title: Hackers Using a Windows OS Feature to Evade Firewall and Gain Persistence

https://thehackernews.com/2021/04/hackers-using-windows-os-feature-to.html

Date Published: April 1, 2021

Excerpt: “A novel technique adopted by attackers finds ways to use Microsoft’s Background Intelligent Transfer Service (BITS) so as to deploy malicious payloads on Windows machines stealthily. In 2020, hospitals, retirement communities, and medical centers bore the brunt of an ever-shifting phishing campaign that distributed custom backdoors such as KEGTAP, which ultimately paved the way for RYUK ransomware attacks.”

Title: Booking.com Fined $558,000 for Late Breach Notification

Date Published: April 1, 2021

https://www.infosecurity-magazine.com:443/news/bookingcom-fined-558k-for-late/

Excerpt: “After obtaining their login credentials to a Booking.com system, they were able to access the personal details of over 4100 customers who had booked a hotel room in the UAE via the site. Credit card details on 283 customers were also exposed, and in 97 cases the security (CVV) code was compromised.”

Title: CISA Gives Federal Agencies 5 Days to Find Hacked Exchange Servers

Date Published: March 31, 2021

https://www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-5-days-to-find-hacked-exchange-servers/

Excerpt: “The newly issued emergency directive provides federal civilian executive branch agencies with additional forensic triage and server hardening requirements. “Specifically, this update directs federal departments and agencies to run newly developed tools —Microsoft’s Test-ProxyLogon.ps1 script and Safety Scanner MSERT—to investigate whether their Microsoft Exchange Servers have been compromised,” the CISA said.”

Title: Child Tweets Gibberish from U.S. Nuke Account

Date Published: March 31, 2021

https://threatpost.com/child-tweets-gibberish-nuke-account/165140/

Excerpt: “A nonsense tweet sent out from the official account of U.S. Strategic Command is no reason for alarm, according to the department. The social media manager’s kid found an open laptop, pounded on a few random keys and sent the tweet, which read, “;l;;gmlxzssaw” last Sunday. Adding another layer of confusion to the situation, QAnon conspiracy theorists began sharing the tweet as some sort of sign.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...