OSN April 16, 2021

by | Apr 16, 2021 | Open Source News

Title: Celsius Email System Suffers Security Breach
Date Published: April 16, 2021

https://heimdalsecurity.com/blog/celsius-email-system-suffers-security-breach/

Excerpt: “An April 15th update says that as an aftermath of the security breach, some Celsius customers have received emails and texts directing them to a malicious website masquerading as the Celsius platform. The posts claim the link would direct them to a new Celsius web wallet, claiming to offer $500 to users who create a wallet using the link.”

Title: Russia-Linked Apt SVR Actively Targets These 5 Flaws
Date Published: April 16, 2021

https://securityaffairs.co/wordpress/116891/cyber-warfare-2/russia-svr-actively-targets-5-flaws.html

Excerpt: “NSA, CISA, and FBI are aware that the United States Government, critical infrastructure (including Defense Industrial Base), and allied networks are consistently scanned, targeted, and exploited by Russian state-sponsored cyber actors. NSA, CISA, and FBI recommend that critical system owners prioritize the following mitigation actions to mitigate the loss of sensitive information that could impact U.S. policies, strategies, plans, ongoing operations, and competitive advantage.” concludes the advisory.”

Title: Morpheus Turns a CPU Into a Rubik’s Cube to Defeat Hackers
Date Published: April 13, 2021

https://spectrum.ieee.org/tech-talk/semiconductors/processors/morpheus-turns-a-cpu-into-a-rubiks-cube-to-defeat-hackers

Excerpt: “A total of 10 vulnerabilities were uncovered among the five processors developed for SSITH, but none of those weak points were found in the University of Michigan processor, called Morpheus. Michigan professor of electrical engineering and computer science Todd Austin explained what makes Morpheus so puzzling for hackers to penetrate.”

Title: Compromising Operating Systems Through Fake Software Updates
Date Published: April 16, 2021

https://david-artykov.medium.com/compromising-operating-systems-through-fake-software-updates-3cc4b40a0936

Excerpt: “As computer users become more virus-aware, malware authors are now attempting to dupe users into downloading their malicious software by masking it as a legitimate software update. Most users are aware that it is important to keep computer applications up to date in order to avoid being a victim of the malware.”

Title: Five Signs Ransomware Is Becoming an Industry
Date Published: April 16, 2021

https://www.kaspersky.com/blog/darkside-ransomware-industry/39377/

Excerpt: “Not content with its innovative victim-pressuring tactics, the DarkSide ransomware gang has forged ahead with DarkSide Leaks, a professional-looking website that could well be that of an online service provider, and is using traditional marketing techniques. What follows are the five most illustrative examples of one gang’s transformation from an underground criminal group to an enterprise.”

Title: Malware and Scammers Are Now Targeting the Popular NFT Marketplace Rarible
Date Published: April 16, 2021

https://heimdalsecurity.com/blog/malware-and-scammers-targeting-nft-marketplace-rarible/

Excerpt: “A non-fungible token (NFT) is a unit of data stored on a digital ledger, called a blockchain, that certifies a digital asset to be unique and therefore not exchangeable. NFTs can be utilized to represent items such as photographs, videos, audio, and other types of digital files. Even if copies of these digital items are accessible for anyone to get, NFTs are tracked on blockchains to provide the owner with evidence of ownership.”

Title: Watchdog Thinks Google Tricked Australians Into Giving Up Data, Sues. Judge Semi-Agrees
Date Published: April 16, 2021

https://www.theregister.com/2021/04/16/watchdog_thinks_google_tricked_australians/

Excerpt: “For Google to not collect a device’s location data, the user needed to let their wishes be known in both the “Location History” and the “Web & App Activity” setting segments. In its case, which it first brought against the web search giant in July 2020, the Australian Competition and Consumer Commission (ACC) had argued that Google did not adequately publicise the secondary setting requirement.”

Title: Lazarus BTC Changer. Back in Action With JS Sniffers Redesigned To Steal Crypto
Date Published: April 16, 2021

https://securityaffairs.co/wordpress/116874/apt/lazarus-btc-changer-js-sniffers.html

Excerpt: “In the last five years, JavaScript sniffers have grown into one of the most dangerous threats for e-commerce businesses. The simple nature of such attacks combined with the use of malicious JavaScript code for intercepting payment data attract more and more cybercriminals, and JS-sniffers became one of the most prominent sources of stolen bank cards on underground markets. However, in one recent campaign we saw a big step forward in attacks on e-commerce websites involving JS-sniffers.”

Title: Gafgyt Botnet Lifts DDoS Tricks from Mirai
Date Published: April 15, 2021

https://threatpost.com/gafgyt-botnet-ddos-mirai/165424/

Excerpt: “Gafgyt (a.k.a. Bashlite) is a botnet that was first uncovered in 2014. It targets vulnerable internet of things (IoT) devices like Huawei routers, Realtek routers and ASUS devices, which it then uses to launch large-scale distributed denial-of-service (DDoS) attacks. It also often uses known vulnerabilities such as CVE-2017-17215 and CVE-2018-10561 to download next-stage payloads to infected devices.”

Title: PhishGun: How Phishing Attacks From Services Like Mailgun Bypass Microsoft 365 Security
Date Published: April 16, 2021

https://www.avanan.com/blog/phishgun-how-phishing-attacks-from-services-like-mailgun-bypass-microsoft-365-security

Excerpt: “In a span of four days, Avanan researchers saw more than 3,000 distinct phishing campaigns coming from IP addresses belonging to Mailgun. What’s unique about Mailgun that makes it a very compelling phishing platform for hackers is that the service allows users to set a different field in the “From” and “Sender” fields of the email headers. This is one way the attack confuses and gets past Microsoft. This is excellent for carrying out impersonation attacks.”