OSN April 16, 2021

Fortify Security Team
Apr 16, 2021

Title: Celsius Email System Suffers Security Breach
Date Published: April 16, 2021

https://heimdalsecurity.com/blog/celsius-email-system-suffers-security-breach/

Excerpt: “An April 15th update says that as an aftermath of the security breach, some Celsius customers have received emails and texts directing them to a malicious website masquerading as the Celsius platform. The posts claim the link would direct them to a new Celsius web wallet, claiming to offer $500 to users who create a wallet using the link.”

Title: Russia-Linked Apt SVR Actively Targets These 5 Flaws
Date Published: April 16, 2021

https://securityaffairs.co/wordpress/116891/cyber-warfare-2/russia-svr-actively-targets-5-flaws.html

Excerpt: “NSA, CISA, and FBI are aware that the United States Government, critical infrastructure (including Defense Industrial Base), and allied networks are consistently scanned, targeted, and exploited by Russian state-sponsored cyber actors. NSA, CISA, and FBI recommend that critical system owners prioritize the following mitigation actions to mitigate the loss of sensitive information that could impact U.S. policies, strategies, plans, ongoing operations, and competitive advantage.” concludes the advisory.”

Title: Morpheus Turns a CPU Into a Rubik’s Cube to Defeat Hackers
Date Published: April 13, 2021

https://spectrum.ieee.org/tech-talk/semiconductors/processors/morpheus-turns-a-cpu-into-a-rubiks-cube-to-defeat-hackers

Excerpt: “A total of 10 vulnerabilities were uncovered among the five processors developed for SSITH, but none of those weak points were found in the University of Michigan processor, called Morpheus. Michigan professor of electrical engineering and computer science Todd Austin explained what makes Morpheus so puzzling for hackers to penetrate.”

Title: Compromising Operating Systems Through Fake Software Updates
Date Published: April 16, 2021

https://david-artykov.medium.com/compromising-operating-systems-through-fake-software-updates-3cc4b40a0936

Excerpt: “As computer users become more virus-aware, malware authors are now attempting to dupe users into downloading their malicious software by masking it as a legitimate software update. Most users are aware that it is important to keep computer applications up to date in order to avoid being a victim of the malware.”

Title: Five Signs Ransomware Is Becoming an Industry
Date Published: April 16, 2021

https://www.kaspersky.com/blog/darkside-ransomware-industry/39377/

Excerpt: “Not content with its innovative victim-pressuring tactics, the DarkSide ransomware gang has forged ahead with DarkSide Leaks, a professional-looking website that could well be that of an online service provider, and is using traditional marketing techniques. What follows are the five most illustrative examples of one gang’s transformation from an underground criminal group to an enterprise.”

Title: Malware and Scammers Are Now Targeting the Popular NFT Marketplace Rarible
Date Published: April 16, 2021

https://heimdalsecurity.com/blog/malware-and-scammers-targeting-nft-marketplace-rarible/

Excerpt: “A non-fungible token (NFT) is a unit of data stored on a digital ledger, called a blockchain, that certifies a digital asset to be unique and therefore not exchangeable. NFTs can be utilized to represent items such as photographs, videos, audio, and other types of digital files. Even if copies of these digital items are accessible for anyone to get, NFTs are tracked on blockchains to provide the owner with evidence of ownership.”

Title: Watchdog Thinks Google Tricked Australians Into Giving Up Data, Sues. Judge Semi-Agrees
Date Published: April 16, 2021

https://www.theregister.com/2021/04/16/watchdog_thinks_google_tricked_australians/

Excerpt: “For Google to not collect a device’s location data, the user needed to let their wishes be known in both the “Location History” and the “Web & App Activity” setting segments. In its case, which it first brought against the web search giant in July 2020, the Australian Competition and Consumer Commission (ACC) had argued that Google did not adequately publicise the secondary setting requirement.”

Title: Lazarus BTC Changer. Back in Action With JS Sniffers Redesigned To Steal Crypto
Date Published: April 16, 2021

https://securityaffairs.co/wordpress/116874/apt/lazarus-btc-changer-js-sniffers.html

Excerpt: “In the last five years, JavaScript sniffers have grown into one of the most dangerous threats for e-commerce businesses. The simple nature of such attacks combined with the use of malicious JavaScript code for intercepting payment data attract more and more cybercriminals, and JS-sniffers became one of the most prominent sources of stolen bank cards on underground markets. However, in one recent campaign we saw a big step forward in attacks on e-commerce websites involving JS-sniffers.”

Title: Gafgyt Botnet Lifts DDoS Tricks from Mirai
Date Published: April 15, 2021

https://threatpost.com/gafgyt-botnet-ddos-mirai/165424/

Excerpt: “Gafgyt (a.k.a. Bashlite) is a botnet that was first uncovered in 2014. It targets vulnerable internet of things (IoT) devices like Huawei routers, Realtek routers and ASUS devices, which it then uses to launch large-scale distributed denial-of-service (DDoS) attacks. It also often uses known vulnerabilities such as CVE-2017-17215 and CVE-2018-10561 to download next-stage payloads to infected devices.”

Title: PhishGun: How Phishing Attacks From Services Like Mailgun Bypass Microsoft 365 Security
Date Published: April 16, 2021

https://www.avanan.com/blog/phishgun-how-phishing-attacks-from-services-like-mailgun-bypass-microsoft-365-security

Excerpt: “In a span of four days, Avanan researchers saw more than 3,000 distinct phishing campaigns coming from IP addresses belonging to Mailgun. What’s unique about Mailgun that makes it a very compelling phishing platform for hackers is that the service allows users to set a different field in the “From” and “Sender” fields of the email headers. This is one way the attack confuses and gets past Microsoft. This is excellent for carrying out impersonation attacks.”

Recent Posts

January 14, 2022

Title: Android users can now disable 2G to block Stingray attacks Date Published: January 13, 2022 https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/ Excerpt: "Google has finally rolled out an option on Android...

November 23, 2021

Title: Over 4000 UK Retailers Compromised by Magecart Attacks Date Published: November 23, 2021 https://www.infosecurity-magazine.com/news/4000-uk-retailers-compromised/ Excerpt: “UK government security experts have been forced to notify over 4000 domestic online...

November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...